1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class Arvados::V1::GroupsControllerTest < ActionController::TestCase
9 test "attempt to delete group that cannot be seen" do
10 Rails.configuration.Users.RoleGroupsVisibleToAll = false
11 authorize_with :active
12 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
16 test "attempt to delete group without read or write access" do
17 authorize_with :active
18 post :destroy, params: {id: groups(:empty_lonely_group).uuid}
22 test "attempt to delete group without write access" do
23 authorize_with :active
24 post :destroy, params: {id: groups(:all_users).uuid}
28 test "get list of projects" do
29 authorize_with :active
30 get :index, params: {filters: [['group_class', '=', 'project']], format: :json}
31 assert_response :success
33 json_response['items'].each do |group|
34 assert_equal 'project', group['group_class']
35 group_uuids << group['uuid']
37 assert_includes group_uuids, groups(:aproject).uuid
38 assert_includes group_uuids, groups(:asubproject).uuid
39 assert_includes group_uuids, groups(:private).uuid
40 assert_not_includes group_uuids, groups(:system_group).uuid
41 assert_not_includes group_uuids, groups(:private_and_can_read_foofile).uuid
44 test "get list of groups that are not projects" do
45 authorize_with :active
46 get :index, params: {filters: [['group_class', '!=', 'project']], format: :json}
47 assert_response :success
49 json_response['items'].each do |group|
50 assert_not_equal 'project', group['group_class']
51 group_uuids << group['uuid']
53 assert_not_includes group_uuids, groups(:aproject).uuid
54 assert_not_includes group_uuids, groups(:asubproject).uuid
57 test "get list of groups with bogus group_class" do
58 authorize_with :active
60 filters: [['group_class', '=', 'nogrouphasthislittleclass']],
63 assert_response :success
64 assert_equal [], json_response['items']
65 assert_equal 0, json_response['items_available']
68 def check_project_contents_response disabled_kinds=[]
69 assert_response :success
70 assert_operator 2, :<=, json_response['items_available']
71 assert_operator 2, :<=, json_response['items'].count
72 kinds = json_response['items'].collect { |i| i['kind'] }.uniq
73 expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job' - disabled_kinds
74 assert_equal expect_kinds, (expect_kinds & kinds)
76 json_response['items'].each do |i|
77 if i['kind'] == 'arvados#group'
78 assert(i['group_class'] == 'project',
79 "group#contents returned a non-project group")
83 disabled_kinds.each do |d|
84 assert_equal true, !kinds.include?(d)
88 test 'get group-owned objects' do
89 authorize_with :active
90 get :contents, params: {
91 id: groups(:aproject).uuid,
94 check_project_contents_response
97 test "user with project read permission can see project objects" do
98 authorize_with :project_viewer
99 get :contents, params: {
100 id: groups(:aproject).uuid,
103 check_project_contents_response
106 test "list objects across projects" do
107 authorize_with :project_viewer
108 get :contents, params: {
110 filters: [['uuid', 'is_a', 'arvados#specimen']]
112 assert_response :success
113 found_uuids = json_response['items'].collect { |i| i['uuid'] }
114 [[:in_aproject, true],
115 [:in_asubproject, true],
116 [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
118 assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
120 refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
125 test "list trashed collections and projects" do
126 authorize_with :active
127 get(:contents, params: {
131 ['uuid', 'is_a', ['arvados#collection', 'arvados#group']],
132 ['is_trashed', '=', true],
136 assert_response :success
137 found_uuids = json_response['items'].collect { |i| i['uuid'] }
138 assert_includes found_uuids, groups(:trashed_project).uuid
139 refute_includes found_uuids, groups(:aproject).uuid
140 assert_includes found_uuids, collections(:expired_collection).uuid
141 refute_includes found_uuids, collections(:w_a_z_file).uuid
144 test "list objects in home project" do
145 authorize_with :active
146 get :contents, params: {
149 id: users(:active).uuid
151 assert_response :success
152 found_uuids = json_response['items'].collect { |i| i['uuid'] }
153 assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
154 refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
157 test "list collections in home project" do
158 authorize_with :active
159 get(:contents, params: {
162 ['uuid', 'is_a', 'arvados#collection'],
165 id: users(:active).uuid,
167 assert_response :success
168 found_uuids = json_response['items'].collect { |i| i['uuid'] }
169 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
170 refute_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "collection appeared unexpectedly in home project"
173 test "list collections in home project, including old versions" do
174 authorize_with :active
175 get(:contents, params: {
177 include_old_versions: true,
179 ['uuid', 'is_a', 'arvados#collection'],
182 id: users(:active).uuid,
184 assert_response :success
185 found_uuids = json_response['items'].collect { |i| i['uuid'] }
186 assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
187 assert_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "old collection version did not appear in home project"
190 test "user with project read permission can see project collections" do
191 authorize_with :project_viewer
192 get :contents, params: {
193 id: groups(:asubproject).uuid,
196 ids = json_response['items'].map { |item| item["uuid"] }
197 assert_includes ids, collections(:baz_file_in_asubproject).uuid
201 ['collections.name', 'asc', :<=, "name"],
202 ['collections.name', 'desc', :>=, "name"],
203 ['name', 'asc', :<=, "name"],
204 ['name', 'desc', :>=, "name"],
205 ['collections.created_at', 'asc', :<=, "created_at"],
206 ['collections.created_at', 'desc', :>=, "created_at"],
207 ['created_at', 'asc', :<=, "created_at"],
208 ['created_at', 'desc', :>=, "created_at"],
209 ].each do |column, order, operator, field|
210 test "user with project read permission can sort projects on #{column} #{order}" do
211 authorize_with :project_viewer
212 get :contents, params: {
213 id: groups(:asubproject).uuid,
215 filters: [['uuid', 'is_a', "arvados#collection"]],
216 order: "#{column} #{order}"
218 sorted_values = json_response['items'].collect { |item| item[field] }
220 # Here we avoid assuming too much about the database
221 # collation. Both "alice"<"Bob" and "alice">"Bob" can be
222 # correct. Hopefully it _is_ safe to assume that if "a" comes
223 # before "b" in the ascii alphabet, "aX">"bY" is never true for
224 # any strings X and Y.
225 reliably_sortable_names = sorted_values.select do |name|
226 name[0] >= 'a' && name[0] <= 'z'
230 # Preserve order of sorted_values. But do not use &=. If
231 # sorted_values has out-of-order duplicates, we want to preserve
232 # them here, so we can detect them and fail the test below.
233 sorted_values.select! do |name|
234 reliably_sortable_names.include? name
237 assert_sorted(operator, sorted_values)
241 def assert_sorted(operator, sorted_items)
242 actually_checked_anything = false
244 sorted_items.each do |entry|
246 assert_operator(previous, operator, entry,
247 "Entries sorted incorrectly.")
248 actually_checked_anything = true
252 assert actually_checked_anything, "Didn't even find two items to compare."
255 # Even though the project_viewer tests go through other controllers,
256 # I'm putting them here so they're easy to find alongside the other
258 def check_new_project_link_fails(link_attrs)
259 @controller = Arvados::V1::LinksController.new
260 post :create, params: {
262 link_class: "permission",
264 head_uuid: groups(:aproject).uuid,
267 assert_includes(403..422, response.status)
270 test "user with project read permission can't add users to it" do
271 authorize_with :project_viewer
272 check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
275 test "user with project read permission can't add items to it" do
276 authorize_with :project_viewer
277 check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
280 test "user with project read permission can't rename items in it" do
281 authorize_with :project_viewer
282 @controller = Arvados::V1::LinksController.new
283 post :update, params: {
284 id: jobs(:running).uuid,
285 name: "Denied test name",
287 assert_includes(403..404, response.status)
290 test "user with project read permission can't remove items from it" do
291 @controller = Arvados::V1::PipelineTemplatesController.new
292 authorize_with :project_viewer
293 post :update, params: {
294 id: pipeline_templates(:two_part).uuid,
296 owner_uuid: users(:project_viewer).uuid,
302 test "user with project read permission can't delete it" do
303 authorize_with :project_viewer
304 post :destroy, params: {id: groups(:aproject).uuid}
308 test 'get group-owned objects with limit' do
309 authorize_with :active
310 get :contents, params: {
311 id: groups(:aproject).uuid,
315 assert_response :success
316 assert_operator 1, :<, json_response['items_available']
317 assert_equal 1, json_response['items'].count
320 test 'get group-owned objects with limit and offset' do
321 authorize_with :active
322 get :contents, params: {
323 id: groups(:aproject).uuid,
328 assert_response :success
329 assert_operator 1, :<, json_response['items_available']
330 assert_equal 0, json_response['items'].count
333 test 'get group-owned objects with select' do
334 authorize_with :active
335 get :contents, params: {
336 id: groups(:aproject).uuid,
339 select: ["uuid", "storage_classes_desired"]
341 assert_response :success
342 assert_equal 17, json_response['items_available']
343 assert_equal 17, json_response['items'].count
344 json_response['items'].each do |item|
345 # Expect collections to have a storage_classes field, other items should not.
346 if item["kind"] == "arvados#collection"
347 assert !item["storage_classes_desired"].nil?
349 assert item["storage_classes_desired"].nil?
354 test 'get group-owned objects with invalid field in select' do
355 authorize_with :active
356 get :contents, params: {
357 id: groups(:aproject).uuid,
360 select: ["uuid", "storage_classes_desire"]
365 test 'get group-owned objects with additional filter matching nothing' do
366 authorize_with :active
367 get :contents, params: {
368 id: groups(:aproject).uuid,
369 filters: [['uuid', 'in', ['foo_not_a_uuid','bar_not_a_uuid']]],
372 assert_response :success
373 assert_equal [], json_response['items']
374 assert_equal 0, json_response['items_available']
377 %w(offset limit).each do |arg|
378 ['foo', '', '1234five', '0x10', '-8'].each do |val|
379 test "Raise error on bogus #{arg} parameter #{val.inspect}" do
380 authorize_with :active
381 get :contents, params: {
382 :id => groups(:aproject).uuid,
391 test "Collection contents don't include manifest_text or unsigned_manifest_text" do
392 authorize_with :active
393 get :contents, params: {
394 id: groups(:aproject).uuid,
395 filters: [["uuid", "is_a", "arvados#collection"]],
398 assert_response :success
399 refute(json_response["items"].any? { |c| not c["portable_data_hash"] },
400 "response included an item without a portable data hash")
401 refute(json_response["items"].any? { |c| c.include?("manifest_text") },
402 "response included an item with manifest_text")
403 refute(json_response["items"].any? { |c| c.include?("unsigned_manifest_text") },
404 "response included an item with unsigned_manifest_text")
407 test 'get writable_by list for owned group' do
408 authorize_with :active
410 id: groups(:aproject).uuid,
413 assert_response :success
414 assert_not_nil(json_response['writable_by'],
415 "Should receive uuid list in 'writable_by' field")
416 assert_includes(json_response['writable_by'], users(:active).uuid,
417 "owner should be included in writable_by list")
420 test 'no writable_by list for group with read-only access' do
421 authorize_with :rominiadmin
423 id: groups(:testusergroup_admins).uuid,
426 assert_response :success
427 assert_equal([json_response['owner_uuid']],
428 json_response['writable_by'],
429 "Should only see owner_uuid in 'writable_by' field")
432 test 'get writable_by list by admin user' do
433 authorize_with :admin
435 id: groups(:testusergroup_admins).uuid,
438 assert_response :success
439 assert_not_nil(json_response['writable_by'],
440 "Should receive uuid list in 'writable_by' field")
441 assert_includes(json_response['writable_by'],
443 "Current user should be included in 'writable_by' field")
446 test 'creating subproject with duplicate name fails' do
447 authorize_with :active
448 post :create, params: {
451 owner_uuid: users(:active).uuid,
452 group_class: 'project',
456 response_errors = json_response['errors']
457 assert_not_nil response_errors, 'Expected error in response'
458 assert(response_errors.first.include?('duplicate key'),
459 "Expected 'duplicate key' error in #{response_errors.first}")
462 test 'creating duplicate named subproject succeeds with ensure_unique_name' do
463 authorize_with :active
464 post :create, params: {
467 owner_uuid: users(:active).uuid,
468 group_class: 'project',
470 ensure_unique_name: true
472 assert_response :success
473 new_project = json_response
474 assert_not_equal(new_project['uuid'],
475 groups(:aproject).uuid,
476 "create returned same uuid as existing project")
477 assert_match(/^A Project \(\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d\.\d{3}Z\)$/,
482 [['owner_uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 200,
483 'zzzzz-d1hrv-subprojpipeline', 'zzzzz-d1hrv-1xfj6xkicf2muk2'],
484 [["pipeline_instances.state", "not in", ["Complete", "Failed"]], 200,
485 'zzzzz-d1hrv-1xfj6xkicf2muk2', 'zzzzz-d1hrv-i3e77t9z5y8j9cc'],
486 [['container_requests.requesting_container_uuid', '=', nil], 200,
487 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4requestercn2'],
488 [['container_requests.no_such_column', '=', nil], 422],
489 [['container_requests.', '=', nil], 422],
490 [['.requesting_container_uuid', '=', nil], 422],
491 [['no_such_table.uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 422],
492 ].each do |filter, expect_code, expect_uuid, not_expect_uuid|
493 test "get contents with '#{filter}' filter" do
494 authorize_with :active
495 get :contents, params: {filters: [filter], format: :json}
496 assert_response expect_code
497 if expect_code == 200
498 assert_not_empty json_response['items']
499 item_uuids = json_response['items'].collect {|item| item['uuid']}
500 assert_includes(item_uuids, expect_uuid)
501 assert_not_includes(item_uuids, not_expect_uuid)
506 test 'get contents with jobs and pipeline instances disabled' do
507 Rails.configuration.API.DisabledAPIs = ConfigLoader.to_OrderedOptions(
508 {'jobs.index'=>{}, 'pipeline_instances.index'=>{}})
510 authorize_with :active
511 get :contents, params: {
512 id: groups(:aproject).uuid,
515 check_project_contents_response %w'arvados#pipelineInstance arvados#job'
518 test 'get contents with low max_index_database_read' do
519 # Some result will certainly have at least 12 bytes in a
521 Rails.configuration.API.MaxIndexDatabaseRead = 12
522 authorize_with :active
523 get :contents, params: {
524 id: groups(:aproject).uuid,
527 assert_response :success
528 assert_not_empty(json_response['items'])
529 assert_operator(json_response['items'].count,
530 :<, json_response['items_available'])
533 test 'get contents, recursive=true' do
534 authorize_with :active
536 id: groups(:aproject).uuid,
540 get :contents, params: params
541 owners = json_response['items'].map do |item|
544 assert_includes(owners, groups(:aproject).uuid)
545 assert_includes(owners, groups(:asubproject).uuid)
548 [false, nil].each do |recursive|
549 test "get contents, recursive=#{recursive.inspect}" do
550 authorize_with :active
552 id: groups(:aproject).uuid,
555 params[:recursive] = false if recursive == false
556 get :contents, params: params
557 owners = json_response['items'].map do |item|
560 assert_includes(owners, groups(:aproject).uuid)
561 refute_includes(owners, groups(:asubproject).uuid)
565 test 'get home project contents, recursive=true' do
566 authorize_with :active
567 get :contents, params: {
568 id: users(:active).uuid,
572 owners = json_response['items'].map do |item|
575 assert_includes(owners, users(:active).uuid)
576 assert_includes(owners, groups(:aproject).uuid)
577 assert_includes(owners, groups(:asubproject).uuid)
580 [:afiltergroup, :private_role].each do |grp|
581 test "delete non-project group #{grp}" do
582 authorize_with :admin
583 assert_not_nil Group.find_by_uuid(groups(grp).uuid)
584 assert !Group.find_by_uuid(groups(grp).uuid).is_trashed
585 post :destroy, params: {
586 id: groups(grp).uuid,
589 assert_response :success
590 # Should not be trashed
591 assert_nil Group.find_by_uuid(groups(grp).uuid)
596 [false, :inactive, :private_role, false],
597 [false, :spectator, :private_role, false],
598 [false, :admin, :private_role, true],
599 [true, :inactive, :private_role, false],
600 [true, :spectator, :private_role, true],
601 [true, :admin, :private_role, true],
602 # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true
603 [true, :inactive, :private, false],
604 [true, :spectator, :private, false],
605 [true, :admin, :private, true],
606 ].each do |visibleToAll, userFixture, groupFixture, visible|
607 test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do
608 Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll
609 authorize_with userFixture
610 get :show, params: {id: groups(groupFixture).uuid, format: :json}
612 assert_response :success
619 ### trashed project tests ###
624 # trashed_project (zzzzz-j7d0g-trashedproject1)
625 # trashed_subproject (zzzzz-j7d0g-trashedproject2)
626 # trashed_subproject3 (zzzzz-j7d0g-trashedproject3)
627 # zzzzz-xvhdp-cr5trashedcontr
630 :admin].each do |auth|
631 # project: to query, to untrash, is visible, parent contents listing success
633 [:trashed_project, [], false, true],
634 [:trashed_project, [:trashed_project], true, true],
635 [:trashed_subproject, [], false, false],
636 [:trashed_subproject, [:trashed_project], true, true],
637 [:trashed_subproject3, [:trashed_project], false, true],
638 [:trashed_subproject3, [:trashed_subproject3], false, false],
639 [:trashed_subproject3, [:trashed_project, :trashed_subproject3], true, true],
640 ].each do |project, untrash, visible, success|
642 test "contents listing #{project} #{untrash} as #{auth}" do
645 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
647 get :contents, params: {
648 id: groups(project).owner_uuid,
652 assert_response :success
653 item_uuids = json_response['items'].map do |item|
657 assert_includes(item_uuids, groups(project).uuid)
659 assert_not_includes(item_uuids, groups(project).uuid)
666 test "contents of #{project} #{untrash} as #{auth}" do
669 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
671 get :contents, params: {
672 id: groups(project).uuid,
676 assert_response :success
682 test "index #{project} #{untrash} as #{auth}" do
685 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
687 get :index, params: {
690 assert_response :success
691 item_uuids = json_response['items'].map do |item|
695 assert_includes(item_uuids, groups(project).uuid)
697 assert_not_includes(item_uuids, groups(project).uuid)
701 test "show #{project} #{untrash} as #{auth}" do
704 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
707 id: groups(project).uuid,
711 assert_response :success
717 test "show include_trash=false #{project} #{untrash} as #{auth}" do
720 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
723 id: groups(project).uuid,
728 assert_response :success
734 test "show include_trash #{project} #{untrash} as #{auth}" do
737 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
740 id: groups(project).uuid,
744 assert_response :success
747 test "index include_trash #{project} #{untrash} as #{auth}" do
750 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
752 get :index, params: {
756 assert_response :success
757 item_uuids = json_response['items'].map do |item|
760 assert_includes(item_uuids, groups(project).uuid)
764 test "delete project #{auth}" do
766 [:trashed_project].each do |pr|
767 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
769 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
770 post :destroy, params: {
771 id: groups(:trashed_project).uuid,
774 assert_response :success
775 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
778 test "untrash project #{auth}" do
780 assert Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
781 post :untrash, params: {
782 id: groups(:trashed_project).uuid,
785 assert_response :success
786 assert !Group.find_by_uuid(groups(:trashed_project).uuid).is_trashed
789 test "untrash project with name conflict #{auth}" do
791 [:trashed_project].each do |pr|
792 Group.find_by_uuid(groups(pr).uuid).update! is_trashed: false
794 gc = Group.create!({owner_uuid: "zzzzz-j7d0g-trashedproject1",
795 name: "trashed subproject 3",
796 group_class: "project"})
797 post :untrash, params: {
798 id: groups(:trashed_subproject3).uuid,
800 ensure_unique_name: true
802 assert_response :success
803 assert_match /^trashed subproject 3 \(\d{4}-\d\d-\d\d.*?Z\)$/, json_response['name']
806 test "move trashed subproject to new owner #{auth}" do
808 assert_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
809 put :update, params: {
810 id: groups(:trashed_subproject).uuid,
812 owner_uuid: users(:active).uuid
817 assert_response :success
818 assert_not_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first
822 # the group class overrides the destroy method. Make sure that the destroyed
825 {group_class: "project"},
826 {group_class: "role"},
827 {group_class: "filter", properties: {"filters":[]}},
829 test "destroy group #{params} returns object" do
830 authorize_with :active
832 group = Group.create!(params)
834 post :destroy, params: {
838 assert_response :success
839 assert_not_nil json_response
840 assert_equal group.uuid, json_response["uuid"]
844 test 'get shared owned by another user' do
845 authorize_with :user_bar_in_sharing_group
847 act_as_system_user do
849 tail_uuid: users(:user_bar_in_sharing_group).uuid,
850 link_class: 'permission',
852 head_uuid: groups(:project_owned_by_foo).uuid)
855 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
857 assert_equal 1, json_response['items'].length
858 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
860 assert_equal 1, json_response['included'].length
861 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
864 test 'get shared, owned by unreadable project' do
865 authorize_with :user_bar_in_sharing_group
867 act_as_system_user do
868 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
870 tail_uuid: users(:user_bar_in_sharing_group).uuid,
871 link_class: 'permission',
873 head_uuid: groups(:project_owned_by_foo).uuid)
876 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
878 assert_equal 1, json_response['items'].length
879 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
881 assert_equal 0, json_response['included'].length
884 test 'get shared, add permission link' do
885 authorize_with :user_bar_in_sharing_group
887 act_as_system_user do
888 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
889 head_uuid: groups(:project_owned_by_foo).uuid,
890 link_class: 'permission',
894 get :shared, params: {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"}
896 assert_equal 1, json_response['items'].length
897 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
899 assert_equal 1, json_response['included'].length
900 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
903 ### contents with exclude_home_project
905 test 'contents, exclude home owned by another user' do
906 authorize_with :user_bar_in_sharing_group
908 act_as_system_user do
910 tail_uuid: users(:user_bar_in_sharing_group).uuid,
911 link_class: 'permission',
913 head_uuid: groups(:project_owned_by_foo).uuid)
915 tail_uuid: users(:user_bar_in_sharing_group).uuid,
916 link_class: 'permission',
918 head_uuid: collections(:collection_owned_by_foo).uuid)
921 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
923 assert_equal 2, json_response['items'].length
924 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
925 assert_equal json_response['items'][1]["uuid"], collections(:collection_owned_by_foo).uuid
927 assert_equal 1, json_response['included'].length
928 assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid
931 test 'contents, exclude home, owned by unreadable project' do
932 authorize_with :user_bar_in_sharing_group
934 act_as_system_user do
935 Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid)
937 tail_uuid: users(:user_bar_in_sharing_group).uuid,
938 link_class: 'permission',
940 head_uuid: groups(:project_owned_by_foo).uuid)
943 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
945 assert_equal 1, json_response['items'].length
946 assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid
948 assert_equal 0, json_response['included'].length
951 test 'contents, exclude home, add permission link' do
952 authorize_with :user_bar_in_sharing_group
954 act_as_system_user do
955 Link.create!(tail_uuid: groups(:group_for_sharing_tests).uuid,
956 head_uuid: groups(:project_owned_by_foo).uuid,
957 link_class: 'permission',
961 get :contents, params: {:include => "owner_uuid", :exclude_home_project => true}
963 assert_equal 1, json_response['items'].length
964 assert_equal groups(:project_owned_by_foo).uuid, json_response['items'][0]["uuid"]
966 assert_equal 1, json_response['included'].length
967 assert_equal users(:user_foo_in_sharing_group).uuid, json_response['included'][0]["uuid"]
970 test 'contents, exclude home, with parent specified' do
971 authorize_with :active
973 get :contents, params: {id: groups(:aproject).uuid, :include => "owner_uuid", :exclude_home_project => true}
978 test "include_trash does not return trash inside frozen project" do
979 authorize_with :active
980 trashtime = Time.now - 1.second
981 outerproj = Group.create!(group_class: 'project')
982 innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid)
983 innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid)
984 innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime)
985 innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime)
986 outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime)
987 innerproj.update_attributes!(frozen_by_uuid: users(:active).uuid)
988 get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true}
989 assert_response :success
990 uuids = json_response['items'].collect { |item| item['uuid'] }
991 assert_includes uuids, outertrash.uuid
992 assert_includes uuids, innerproj.uuid
993 assert_includes uuids, innercoll.uuid
994 refute_includes uuids, innertrash.uuid
995 refute_includes uuids, innertrashproj.uuid
projects / arvados.git / blob