Merge branch '6663-git-server' refs #6663

[arvados.git] / apps / workbench / test / integration / anonymous_access_test.rb

require 'integration_helper'

class AnonymousAccessTest < ActionDispatch::IntegrationTest
  # These tests don't do state-changing API calls. Save some time by
  # skipping the database reset.
  reset_api_fixtures :after_each_test, false
  reset_api_fixtures :after_suite, true

  setup do
    need_javascript
    Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
  end

  PUBLIC_PROJECT = "/projects/#{api_fixture('groups')['anonymously_accessible_project']['uuid']}"

  def verify_site_navigation_anonymous_enabled user, is_active
    if user
      if user['is_active']
        assert_text 'Unrestricted public data'
        assert_selector 'a', text: 'Projects'
        page.find("#projects-menu").click
        assert_selector 'a', text: 'Add a new project'
        assert_selector 'a', text: 'Browse public projects'
        assert page.has_text?('Projects shared with me'), 'Not found text - Project shared with me'
      else
        assert_text 'indicate that you have read and accepted the user agreement'
      end
      within('.navbar-fixed-top') do
        assert_selector 'a', text: Rails.configuration.site_name.downcase
        assert(page.has_link?("notifications-menu"), 'no user menu')
        page.find("#notifications-menu").click
        within('.dropdown-menu') do
          assert_selector 'a', text: 'Log out'
        end
      end
    else  # anonymous
      assert_text 'Unrestricted public data'
      within('.navbar-fixed-top') do
        assert_text Rails.configuration.site_name.downcase
        assert_no_selector 'a', text: Rails.configuration.site_name.downcase
        assert_selector 'a', text: 'Log in'
        assert_selector 'a', text: 'Browse public projects'
      end
    end
  end

  [
    [nil, nil, false, false],
    ['inactive', api_fixture('users')['inactive'], false, false],
    ['active', api_fixture('users')['active'], true, true],
  ].each do |token, user, is_active|
    test "visit public project as user #{token.inspect} when anonymous browsing is enabled" do
      if !token
        visit PUBLIC_PROJECT
      else
        visit page_with_token(token, PUBLIC_PROJECT)
      end

      verify_site_navigation_anonymous_enabled user, is_active
    end
  end

  test "selection actions when anonymous user accesses shared project" do
    visit PUBLIC_PROJECT

    assert_selector 'a', text: 'Description'
    assert_selector 'a', text: 'Data collections'
    assert_selector 'a', text: 'Jobs and pipelines'
    assert_selector 'a', text: 'Pipeline templates'
    assert_selector 'a', text: 'Subprojects'
    assert_selector 'a', text: 'Advanced'
    assert_no_selector 'a', text: 'Other objects'
    assert_no_selector 'button', text: 'Add data'

    click_link 'Data collections'
    click_button 'Selection'
    within('.selection-action-container') do
      assert_selector 'li', text: 'Compare selected'
      assert_no_selector 'li', text: 'Create new collection with selected collections'
      assert_no_selector 'li', text: 'Copy selected'
      assert_no_selector 'li', text: 'Move selected'
      assert_no_selector 'li', text: 'Remove selected'
    end
  end

  test "anonymous user accesses data collections tab in shared project" do
    visit PUBLIC_PROJECT
    click_link 'Data collections'
    collection = api_fixture('collections')['user_agreement_in_anonymously_accessible_project']
    assert_text 'GNU General Public License'

    assert_selector 'a', text: 'Data collections'

    # click on show collection
    within "tr[data-object-uuid=\"#{collection['uuid']}\"]" do
      click_link 'Show'
    end

    # in collection page
    assert_no_selector 'input', text: 'Create sharing link'
    assert_no_text 'Sharing and permissions'
    assert_no_selector 'a', text: 'Upload'
    assert_no_selector 'button', 'Selection'

    within '#collection_files tr,li', text: 'GNU_General_Public_License,_version_3.pdf' do
      assert page.has_no_selector?('[value*="GNU_General_Public_License"]')
      find 'a[title~=View]'
      find 'a[title~=Download]'
    end
  end

  test 'view file' do
    magic = rand(2**512).to_s 36
    CollectionsController.any_instance.stubs(:file_enumerator).returns([magic])
    collection = api_fixture('collections')['public_text_file']
    visit '/collections/' + collection['uuid']
    find('tr,li', text: 'Hello world.txt').
      find('a[title~=View]').click
    assert_text magic
  end

  [
    'running_job',
    'completed_job',
    'pipelineInstance'
  ].each do |type|
    test "anonymous user accesses jobs and pipelines tab in shared project and clicks on #{type}" do
      visit PUBLIC_PROJECT
      click_link 'Data collections'
      assert_text 'GNU General Public License'

      click_link 'Jobs and pipelines'
      assert_text 'Pipeline in publicly accessible project'

      # click on the specified job
      if type.include? 'job'
        verify_job_row type
      else
        verify_pipeline_instance_row
      end
    end
  end

  def verify_job_row look_for
    within first('tr', text: look_for) do
      click_link 'Show'
    end
    assert_text 'Public Projects Unrestricted public data'
    assert_text 'script_version'

    assert_text 'zzzzz-tpzed-xurymjxw79nv3jz' # modified by user
    assert_no_selector 'a', text: 'zzzzz-tpzed-xurymjxw79nv3jz'
    assert_no_selector 'a', text: 'Move job'
    assert_no_selector 'button', text: 'Cancel'
    assert_no_selector 'button', text: 'Re-run job'
  end

  def verify_pipeline_instance_row
    within first('tr[data-kind="arvados#pipelineInstance"]') do
      assert_text 'Pipeline in publicly accessible project'
      click_link 'Show'
    end

    # in pipeline instance page
    assert_text 'Public Projects Unrestricted public data'
    assert_text 'This pipeline is complete'
    assert_no_selector 'a', text: 'Re-run with latest'
    assert_no_selector 'a', text: 'Re-run options'
  end

  test "anonymous user accesses pipeline templates tab in shared project" do
    visit PUBLIC_PROJECT
    click_link 'Data collections'
    assert_text 'GNU General Public License'

    assert_selector 'a', text: 'Pipeline templates'

    click_link 'Pipeline templates'
    assert_text 'Pipeline template in publicly accessible project'

    within first('tr[data-kind="arvados#pipelineTemplate"]') do
      click_link 'Show'
    end

    # in template page
    assert_text 'Public Projects Unrestricted public data'
    assert_text 'script version'
    assert_no_selector 'a', text: 'Run this pipeline'
  end

  test "anonymous user accesses subprojects tab in shared project" do
    visit PUBLIC_PROJECT + '#Subprojects'

    assert_text 'Subproject in anonymous accessible project'

    within first('tr[data-kind="arvados#group"]') do
      click_link 'Show'
    end

    # in subproject
    assert_text 'Description for subproject in anonymous accessible project'
  end

  [
    ['pipeline_in_publicly_accessible_project', true],
    ['pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', false],
    ['pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', false, 'spectator'],
    ['pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', true, 'admin'],

    ['completed_job_in_publicly_accessible_project', true],
    ['job_in_publicly_accessible_project_but_other_objects_elsewhere', false],
  ].each do |fixture, objects_readable, user=nil|
    test "access #{fixture} in public project with objects readable=#{objects_readable} with user #{user}" do
      pipeline_page = true if fixture.include?('pipeline')

      if pipeline_page
        object = api_fixture('pipeline_instances')[fixture]
        page = "/pipeline_instances/#{object['uuid']}"
        expect_log_text = "Log for foo"
      else      # job
        object = api_fixture('jobs')[fixture]
        page = "/jobs/#{object['uuid']}"
        expect_log_text = "stderr crunchstat"
      end

      if user
        visit page_with_token user, page
      else
        visit page
      end

      # click job link, if in pipeline page
      click_link 'foo' if pipeline_page

      if objects_readable
        assert_selector 'a[href="#Log"]', text: 'Log'
        assert_no_selector 'a[data-toggle="disabled"]', text: 'Log'
        assert_no_text 'Output data not available'
        if pipeline_page
          assert_text 'This pipeline was created from'
          assert_selector 'a', text: object['components']['foo']['job']['uuid']
          # We'd like to test the Log tab on job pages too, but we can't right
          # now because Poltergeist 1.x doesn't support JavaScript's
          # Function.prototype.bind, which is used by job_log_graph.js.
          click_link "Log"
          assert_text expect_log_text
        end
      else
        assert_selector 'a[data-toggle="disabled"]', text: 'Log'
        assert_text 'Output data not available'
        assert_text object['job']
        if pipeline_page
          assert_no_text 'This pipeline was created from'  # template is not readable
          assert_no_selector 'a', text: object['components']['foo']['job']['uuid']
        end
        click_link "Log"
        assert_text 'Output data not available'
        assert_no_text expect_log_text
      end
    end
  end

  [
    ['new_pipeline_in_publicly_accessible_project', true],
    ['new_pipeline_in_publicly_accessible_project', true, 'spectator'],
    ['new_pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', false],
    ['new_pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', false, 'spectator'],
    ['new_pipeline_in_publicly_accessible_project_but_other_objects_elsewhere', true, 'admin'],
    ['new_pipeline_in_publicly_accessible_project_with_dataclass_file_and_other_objects_elsewhere', false],
    ['new_pipeline_in_publicly_accessible_project_with_dataclass_file_and_other_objects_elsewhere', false, 'spectator'],
    ['new_pipeline_in_publicly_accessible_project_with_dataclass_file_and_other_objects_elsewhere', true, 'admin'],
  ].each do |fixture, objects_readable, user=nil|
    test "access #{fixture} in public project with objects readable=#{objects_readable} with user #{user}" do
      object = api_fixture('pipeline_instances')[fixture]
      page = "/pipeline_instances/#{object['uuid']}"
      if user
        visit page_with_token user, page
      else
        visit page
      end

      # click Components tab
      click_link 'Components'

      if objects_readable
        assert_text 'This pipeline was created from'
        if user == 'admin'
          assert_text 'input'
          assert_selector 'a', text: 'Choose'
          assert_selector 'a', text: 'Run'
          assert_no_selector 'a.disabled', text: 'Run'
        else
          assert_selector 'a', text: object['components']['foo']['script_parameters']['input']['value']
          user ? (assert_selector 'a', text: 'Run') : (assert_no_selector 'a', text: 'Run')
        end
      else
        assert_no_text 'This pipeline was created from'  # template is not readable
        input = object['components']['foo']['script_parameters']['input']['value']
        assert_no_selector 'a', text: input
        if user
          input = input.gsub('/', '\\/')
          assert_text "One or more inputs provided are not readable"
          assert_selector "input[type=text][value=#{input}]"
          assert_selector 'a.disabled', text: 'Run'
        else
          assert_no_text "One or more inputs provided are not readable"
          assert_text input
          assert_no_selector 'a', text: 'Run'
        end
      end
    end
  end
end