services/api/test/unit/owner_test.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 require 'test_helper'
   6
   7 # Test referential integrity: ensure we cannot leave any object
   8 # without owners by deleting a user or group.
   9 #
  10 # "o" is an owner.
  11 # "i" is an item.
  12
  13 class OwnerTest < ActiveSupport::TestCase
  14   fixtures :users, :groups, :specimens
  15
  16   setup do
  17     set_user_from_auth :admin_trustedclient
  18   end
  19
  20   User.all
  21   Group.all
  22   [User, Group].each do |o_class|
  23     test "create object with legit #{o_class} owner" do
  24       o = o_class.create!
  25       i = Specimen.create(owner_uuid: o.uuid)
  26       assert i.valid?, "new item should pass validation"
  27       assert i.uuid, "new item should have an ID"
  28       assert Specimen.where(uuid: i.uuid).any?, "new item should really be in DB"
  29     end
  30
  31     test "create object with non-existent #{o_class} owner" do
  32       assert_raises(ActiveRecord::RecordInvalid,
  33                     "create should fail with random owner_uuid") do
  34         Specimen.create!(owner_uuid: o_class.generate_uuid)
  35       end
  36
  37       i = Specimen.create(owner_uuid: o_class.generate_uuid)
  38       assert !i.valid?, "object with random owner_uuid should not be valid?"
  39
  40       i = Specimen.new(owner_uuid: o_class.generate_uuid)
  41       assert !i.valid?, "new item should not pass validation"
  42       assert !i.uuid, "new item should not have an ID"
  43     end
  44
  45     [User, Group].each do |new_o_class|
  46       test "change owner from legit #{o_class} to legit #{new_o_class} owner" do
  47         o = o_class.create!
  48         i = Specimen.create!(owner_uuid: o.uuid)
  49         new_o = new_o_class.create!
  50         assert(Specimen.where(uuid: i.uuid).any?,
  51                "new item should really be in DB")
  52         assert(i.update_attributes(owner_uuid: new_o.uuid),
  53                "should change owner_uuid from #{o.uuid} to #{new_o.uuid}")
  54       end
  55     end
  56
  57     test "delete #{o_class} that owns nothing" do
  58       o = o_class.create!
  59       assert(o_class.where(uuid: o.uuid).any?,
  60              "new #{o_class} should really be in DB")
  61       assert(o.destroy, "should delete #{o_class} that owns nothing")
  62       assert_equal(false, o_class.where(uuid: o.uuid).any?,
  63                    "#{o.uuid} should not be in DB after deleting")
  64     end
  65
  66     test "change uuid of #{o_class} that owns nothing" do
  67       # (we're relying on our admin credentials here)
  68       o = o_class.create!
  69       assert(o_class.where(uuid: o.uuid).any?,
  70              "new #{o_class} should really be in DB")
  71       old_uuid = o.uuid
  72       new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
  73       if o.respond_to? :update_uuid
  74         o.update_uuid(new_uuid: new_uuid)
  75       else
  76         assert(o.update_attributes(uuid: new_uuid),
  77                "should change #{o_class} uuid from #{old_uuid} to #{new_uuid}")
  78       end
  79       assert_equal(false, o_class.where(uuid: old_uuid).any?,
  80                    "#{old_uuid} should disappear when renamed to #{new_uuid}")
  81     end
  82   end
  83
  84   ['users(:active)', 'groups(:aproject)'].each do |ofixt|
  85     test "delete #{ofixt} that owns other objects" do
  86       o = eval ofixt
  87       assert_equal(true, Specimen.where(owner_uuid: o.uuid).any?,
  88                    "need something to be owned by #{o.uuid} for this test")
  89
  90       skip_check_permissions_against_full_refresh do
  91         assert_raises(ActiveRecord::DeleteRestrictionError,
  92                       "should not delete #{ofixt} that owns objects") do
  93           o.destroy
  94         end
  95       end
  96     end
  97
  98     test "change uuid of #{ofixt} that owns other objects" do
  99       o = eval ofixt
 100       assert_equal(true, Specimen.where(owner_uuid: o.uuid).any?,
 101                    "need something to be owned by #{o.uuid} for this test")
 102       new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
 103       assert(!o.update_attributes(uuid: new_uuid),
 104              "should not change uuid of #{ofixt} that owns objects")
 105     end
 106   end
 107
 108   test "delete User that owns self" do
 109     o = User.create!
 110     assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
 111     assert_equal(true, o.update_attributes(owner_uuid: o.uuid),
 112                  "setting owner to self should work")
 113
 114     skip_check_permissions_against_full_refresh do
 115       assert(o.destroy, "should delete User that owns self")
 116     end
 117
 118     assert_equal(false, User.where(uuid: o.uuid).any?,
 119                  "#{o.uuid} should not be in DB after deleting")
 120     check_permissions_against_full_refresh
 121   end
 122
 123   test "change uuid of User that owns self" do
 124     o = User.create!
 125     assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
 126     assert_equal(true, o.update_attributes(owner_uuid: o.uuid),
 127                  "setting owner to self should work")
 128     old_uuid = o.uuid
 129     new_uuid = o.uuid.sub(/..........$/, rand(2**256).to_s(36)[0..9])
 130     o.update_uuid(new_uuid: new_uuid)
 131     o = User.find_by_uuid(new_uuid)
 132     assert_equal(false, User.where(uuid: old_uuid).any?,
 133                  "#{old_uuid} should not be in DB after deleting")
 134     assert_equal(true, User.where(uuid: new_uuid).any?,
 135                  "#{new_uuid} should be in DB after renaming")
 136     assert_equal(new_uuid, User.where(uuid: new_uuid).first.owner_uuid,
 137                  "#{new_uuid} should be its own owner in DB after renaming")
 138   end
 139
 140 end