2 require 'helpers/users_test_helper'
4 class Arvados::V1::UsersControllerTest < ActionController::TestCase
5 include CurrentApiClient
6 include UsersTestHelper
9 @all_links_at_start = Link.all
10 @vm_uuid = virtual_machines(:testvm).uuid
13 test "activate a user after signing UA" do
14 authorize_with :inactive_but_signed_user_agreement
15 post :activate, id: users(:inactive_but_signed_user_agreement).uuid
16 assert_response :success
17 assert_not_nil assigns(:object)
18 me = JSON.parse(@response.body)
19 assert_equal true, me['is_active']
22 test "refuse to activate a user before signing UA" do
24 required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
29 Collection.uuid_like_pattern).
32 assert required_uuids.length > 0
34 signed_uuids = Link.where(owner_uuid: system_user_uuid,
35 link_class: 'signature',
37 tail_uuid: users(:inactive).uuid,
38 head_uuid: required_uuids).
41 assert_equal 0, signed_uuids.length
44 authorize_with :inactive
45 assert_equal false, users(:inactive).is_active
47 post :activate, id: users(:inactive).uuid
51 assert resp['errors'].first.include? 'Cannot activate without user agreements'
52 assert_nil resp['is_active']
55 test "activate an already-active user" do
56 authorize_with :active
57 post :activate, id: users(:active).uuid
58 assert_response :success
59 me = JSON.parse(@response.body)
60 assert_equal true, me['is_active']
63 test "respond 401 if given token exists but user record is missing" do
64 authorize_with :valid_token_deleted_user
65 get :current, {format: :json}
69 test "create new user with user as input" do
72 first_name: "test_first_name",
73 last_name: "test_last_name",
74 email: "foo@example.com"
76 assert_response :success
77 created = JSON.parse(@response.body)
78 assert_equal 'test_first_name', created['first_name']
79 assert_not_nil created['uuid'], 'expected uuid for the newly created user'
80 assert_not_nil created['email'], 'expected non-nil email'
81 assert_nil created['identity_url'], 'expected no identity_url'
84 test "create user with user, vm and repo as input" do
86 repo_name = 'usertestrepo'
90 openid_prefix: 'https://www.google.com/accounts/o8/id',
92 uuid: 'zzzzz-tpzed-abcdefghijklmno',
93 first_name: "in_create_test_first_name",
94 last_name: "test_last_name",
95 email: "foo@example.com"
98 assert_response :success
99 response_items = JSON.parse(@response.body)['items']
101 created = find_obj_in_resp response_items, 'User', nil
103 assert_equal 'in_create_test_first_name', created['first_name']
104 assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
105 assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
106 assert_not_nil created['email'], 'expected non-nil email'
107 assert_nil created['identity_url'], 'expected no identity_url'
109 # arvados#user, repo link and link add user to 'All users' group
110 verify_num_links @all_links_at_start, 4
112 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
113 created['uuid'], created['email'], 'arvados#user', false, 'User'
115 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
116 "foo/#{repo_name}", created['uuid'], 'arvados#repository', true, 'Repository'
118 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
119 'All users', created['uuid'], 'arvados#group', true, 'Group'
121 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
122 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
124 verify_system_group_permission_link_for created['uuid']
127 test "setup user with bogus uuid and expect error" do
128 authorize_with :admin
132 repo_name: 'usertestrepo',
135 response_body = JSON.parse(@response.body)
136 response_errors = response_body['errors']
137 assert_not_nil response_errors, 'Expected error in response'
138 assert (response_errors.first.include? 'Path not found'), 'Expected 404'
141 test "setup user with bogus uuid in user and expect error" do
142 authorize_with :admin
145 user: {uuid: 'bogus_uuid'},
146 repo_name: 'usertestrepo',
148 openid_prefix: 'https://www.google.com/accounts/o8/id'
150 response_body = JSON.parse(@response.body)
151 response_errors = response_body['errors']
152 assert_not_nil response_errors, 'Expected error in response'
153 assert (response_errors.first.include? 'ArgumentError: Require user email'),
154 'Expected RuntimeError'
157 test "setup user with no uuid and user, expect error" do
158 authorize_with :admin
161 repo_name: 'usertestrepo',
163 openid_prefix: 'https://www.google.com/accounts/o8/id'
165 response_body = JSON.parse(@response.body)
166 response_errors = response_body['errors']
167 assert_not_nil response_errors, 'Expected error in response'
168 assert (response_errors.first.include? 'Required uuid or user'),
169 'Expected ArgumentError'
172 test "setup user with no uuid and email, expect error" do
173 authorize_with :admin
177 repo_name: 'usertestrepo',
179 openid_prefix: 'https://www.google.com/accounts/o8/id'
181 response_body = JSON.parse(@response.body)
182 response_errors = response_body['errors']
183 assert_not_nil response_errors, 'Expected error in response'
184 assert (response_errors.first.include? '<ArgumentError: Require user email'),
185 'Expected ArgumentError'
188 test "invoke setup with existing uuid, vm and repo and verify links" do
189 authorize_with :admin
190 inactive_user = users(:inactive)
193 uuid: users(:inactive).uuid,
194 repo_name: 'usertestrepo',
198 assert_response :success
200 response_items = JSON.parse(@response.body)['items']
201 resp_obj = find_obj_in_resp response_items, 'User', nil
203 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
204 assert_equal inactive_user['uuid'], resp_obj['uuid']
205 assert_equal inactive_user['email'], resp_obj['email'],
206 'expecting inactive user email'
208 # expect repo and vm links
209 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
210 'inactiveuser/usertestrepo', resp_obj['uuid'], 'arvados#repository', true, 'Repository'
212 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
213 @vm_uuid, resp_obj['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
216 test "invoke setup with existing uuid in user, verify response" do
217 authorize_with :admin
218 inactive_user = users(:inactive)
221 user: {uuid: inactive_user['uuid']},
222 openid_prefix: 'https://www.google.com/accounts/o8/id'
225 assert_response :success
227 response_items = JSON.parse(@response.body)['items']
228 resp_obj = find_obj_in_resp response_items, 'User', nil
230 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
231 assert_equal inactive_user['uuid'], resp_obj['uuid']
232 assert_equal inactive_user['email'], resp_obj['email'],
233 'expecting inactive user email'
236 test "invoke setup with existing uuid but different email, expect original email" do
237 authorize_with :admin
238 inactive_user = users(:inactive)
241 uuid: inactive_user['uuid'],
242 user: {email: 'junk_email'}
245 assert_response :success
247 response_items = JSON.parse(@response.body)['items']
248 resp_obj = find_obj_in_resp response_items, 'User', nil
250 assert_not_nil resp_obj['uuid'], 'expected uuid for the new user'
251 assert_equal inactive_user['uuid'], resp_obj['uuid']
252 assert_equal inactive_user['email'], resp_obj['email'],
253 'expecting inactive user email'
256 test "setup user with valid email and repo as input" do
257 authorize_with :admin
260 repo_name: 'usertestrepo',
261 user: {email: 'foo@example.com'},
262 openid_prefix: 'https://www.google.com/accounts/o8/id'
265 assert_response :success
266 response_items = JSON.parse(@response.body)['items']
267 response_object = find_obj_in_resp response_items, 'User', nil
268 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
269 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
271 # four extra links; system_group, login, group and repo perms
272 verify_num_links @all_links_at_start, 4
275 test "setup user with fake vm and expect error" do
276 authorize_with :admin
279 repo_name: 'usertestrepo',
280 vm_uuid: 'no_such_vm',
281 user: {email: 'foo@example.com'},
282 openid_prefix: 'https://www.google.com/accounts/o8/id'
285 response_body = JSON.parse(@response.body)
286 response_errors = response_body['errors']
287 assert_not_nil response_errors, 'Expected error in response'
288 assert (response_errors.first.include? "No vm found for no_such_vm"),
289 'Expected RuntimeError: No vm found for no_such_vm'
292 test "setup user with valid email, repo and real vm as input" do
293 authorize_with :admin
296 repo_name: 'usertestrepo',
297 openid_prefix: 'https://www.google.com/accounts/o8/id',
299 user: {email: 'foo@example.com'}
302 assert_response :success
303 response_items = JSON.parse(@response.body)['items']
304 response_object = find_obj_in_resp response_items, 'User', nil
305 assert_not_nil response_object['uuid'], 'expected uuid for the new user'
306 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
308 # five extra links; system_group, login, group, vm, repo
309 verify_num_links @all_links_at_start, 5
312 test "setup user with valid email, no vm and no repo as input" do
313 authorize_with :admin
316 user: {email: 'foo@example.com'},
317 openid_prefix: 'https://www.google.com/accounts/o8/id'
320 assert_response :success
321 response_items = JSON.parse(@response.body)['items']
322 response_object = find_obj_in_resp response_items, 'User', nil
323 assert_not_nil response_object['uuid'], 'expected uuid for new user'
324 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
326 # three extra links; system_group, login, and group
327 verify_num_links @all_links_at_start, 3
329 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
330 response_object['uuid'], response_object['email'], 'arvados#user', false, 'User'
332 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
333 'All users', response_object['uuid'], 'arvados#group', true, 'Group'
335 verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
336 'foo/usertestrepo', response_object['uuid'], 'arvados#repository', true, 'Repository'
338 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
339 nil, response_object['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
342 test "setup user with email, first name, repo name and vm uuid" do
343 authorize_with :admin
346 openid_prefix: 'https://www.google.com/accounts/o8/id',
347 repo_name: 'usertestrepo',
350 first_name: 'test_first_name',
351 email: 'foo@example.com'
355 assert_response :success
356 response_items = JSON.parse(@response.body)['items']
357 response_object = find_obj_in_resp response_items, 'User', nil
358 assert_not_nil response_object['uuid'], 'expected uuid for new user'
359 assert_equal response_object['email'], 'foo@example.com', 'expected given email'
360 assert_equal 'test_first_name', response_object['first_name'],
361 'expecting first name'
363 # five extra links; system_group, login, group, repo and vm
364 verify_num_links @all_links_at_start, 5
367 test "setup user with an existing user email and check different object is created" do
368 authorize_with :admin
369 inactive_user = users(:inactive)
372 openid_prefix: 'https://www.google.com/accounts/o8/id',
373 repo_name: 'usertestrepo',
375 email: inactive_user['email']
379 assert_response :success
380 response_items = JSON.parse(@response.body)['items']
381 response_object = find_obj_in_resp response_items, 'User', nil
382 assert_not_nil response_object['uuid'], 'expected uuid for new user'
383 assert_not_equal response_object['uuid'], inactive_user['uuid'],
384 'expected different uuid after create operation'
385 assert_equal inactive_user['email'], response_object['email'], 'expected given email'
386 # system_group, openid, group, and repo. No vm link.
387 verify_num_links @all_links_at_start, 4
390 test "setup user with openid prefix" do
391 authorize_with :admin
394 repo_name: 'usertestrepo',
395 openid_prefix: 'http://www.example.com/account',
397 first_name: "in_create_test_first_name",
398 last_name: "test_last_name",
399 email: "foo@example.com"
403 assert_response :success
405 response_items = JSON.parse(@response.body)['items']
406 created = find_obj_in_resp response_items, 'User', nil
408 assert_equal 'in_create_test_first_name', created['first_name']
409 assert_not_nil created['uuid'], 'expected uuid for new user'
410 assert_not_nil created['email'], 'expected non-nil email'
411 assert_nil created['identity_url'], 'expected no identity_url'
414 # four new links: system_group, arvados#user, repo, and 'All users' group.
415 verify_num_links @all_links_at_start, 4
417 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
418 created['uuid'], created['email'], 'arvados#user', false, 'User'
420 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
421 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
423 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
424 'All users', created['uuid'], 'arvados#group', true, 'Group'
426 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
427 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
430 test "invoke setup with no openid prefix, expect error" do
431 authorize_with :admin
434 repo_name: 'usertestrepo',
436 first_name: "in_create_test_first_name",
437 last_name: "test_last_name",
438 email: "foo@example.com"
442 response_body = JSON.parse(@response.body)
443 response_errors = response_body['errors']
444 assert_not_nil response_errors, 'Expected error in response'
445 assert (response_errors.first.include? 'openid_prefix parameter is missing'),
446 'Expected ArgumentError'
449 test "setup user with user, vm and repo and verify links" do
450 authorize_with :admin
454 first_name: "in_create_test_first_name",
455 last_name: "test_last_name",
456 email: "foo@example.com"
459 repo_name: 'usertestrepo',
460 openid_prefix: 'https://www.google.com/accounts/o8/id'
463 assert_response :success
465 response_items = JSON.parse(@response.body)['items']
466 created = find_obj_in_resp response_items, 'User', nil
468 assert_equal 'in_create_test_first_name', created['first_name']
469 assert_not_nil created['uuid'], 'expected uuid for new user'
470 assert_not_nil created['email'], 'expected non-nil email'
471 assert_nil created['identity_url'], 'expected no identity_url'
473 # five new links: system_group, arvados#user, repo, vm and 'All
475 verify_num_links @all_links_at_start, 5
477 verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
478 created['uuid'], created['email'], 'arvados#user', false, 'User'
480 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
481 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
483 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
484 'All users', created['uuid'], 'arvados#group', true, 'Group'
486 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
487 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
490 test "create user as non admin user and expect error" do
491 authorize_with :active
494 user: {email: 'foo@example.com'}
497 response_body = JSON.parse(@response.body)
498 response_errors = response_body['errors']
499 assert_not_nil response_errors, 'Expected error in response'
500 assert (response_errors.first.include? 'PermissionDenied'),
501 'Expected PermissionDeniedError'
504 test "setup user as non admin user and expect error" do
505 authorize_with :active
508 openid_prefix: 'https://www.google.com/accounts/o8/id',
509 user: {email: 'foo@example.com'}
512 response_body = JSON.parse(@response.body)
513 response_errors = response_body['errors']
514 assert_not_nil response_errors, 'Expected error in response'
515 assert (response_errors.first.include? 'Forbidden'),
516 'Expected Forbidden error'
519 test "setup active user with repo and no vm" do
520 authorize_with :admin
521 active_user = users(:active)
523 # invoke setup with a repository
525 repo_name: 'usertestrepo',
526 uuid: active_user['uuid']
529 assert_response :success
531 response_items = JSON.parse(@response.body)['items']
532 created = find_obj_in_resp response_items, 'User', nil
534 assert_equal active_user[:email], created['email'], 'expected input email'
537 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
538 'All users', created['uuid'], 'arvados#group', true, 'Group'
540 verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
541 'active/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository'
543 verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
544 nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
547 test "setup active user with vm and no repo" do
548 authorize_with :admin
549 active_user = users(:active)
550 repos_query = Repository.where(owner_uuid: active_user.uuid)
551 repo_link_query = Link.where(tail_uuid: active_user.uuid,
552 link_class: "permission", name: "can_manage")
553 repos_count = repos_query.count
554 repo_link_count = repo_link_query.count
556 # invoke setup with a repository
559 uuid: active_user['uuid'],
563 assert_response :success
565 response_items = JSON.parse(@response.body)['items']
566 created = find_obj_in_resp response_items, 'User', nil
568 assert_equal active_user['email'], created['email'], 'expected original email'
571 verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
572 'All users', created['uuid'], 'arvados#group', true, 'Group'
574 assert_equal(repos_count, repos_query.count)
575 assert_equal(repo_link_count, repo_link_query.count)
577 verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
578 @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
581 test "unsetup active user" do
582 active_user = users(:active)
583 assert_not_nil active_user['uuid'], 'expected uuid for the active user'
584 assert active_user['is_active'], 'expected is_active for active user'
586 verify_link_existence active_user['uuid'], active_user['email'],
587 false, true, false, true, true
589 authorize_with :admin
591 # now unsetup this user
592 post :unsetup, id: active_user['uuid']
593 assert_response :success
595 response_user = JSON.parse(@response.body)
596 assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
597 assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
598 assert !response_user['is_active'], 'expected user to be inactive'
599 assert !response_user['is_invited'], 'expected user to be uninvited'
601 verify_link_existence response_user['uuid'], response_user['email'],
602 false, false, false, false, false
604 active_user = User.find_by_uuid(users(:active).uuid)
605 readable_groups = active_user.groups_i_can(:read)
606 all_users_group = Group.all.collect(&:uuid).select { |g| g.match /-f+$/ }
607 refute_includes(readable_groups, all_users_group,
608 "active user can read All Users group after being deactivated")
609 assert_equal(false, active_user.is_invited,
610 "active user is_invited after being deactivated & reloaded")
613 test "setup user with send notification param false and verify no email" do
614 authorize_with :admin
617 openid_prefix: 'http://www.example.com/account',
618 send_notification_email: 'false',
620 email: "foo@example.com"
624 assert_response :success
625 response_items = JSON.parse(@response.body)['items']
626 created = find_obj_in_resp response_items, 'User', nil
627 assert_not_nil created['uuid'], 'expected uuid for the new user'
628 assert_equal created['email'], 'foo@example.com', 'expected given email'
630 setup_email = ActionMailer::Base.deliveries.last
631 assert_nil setup_email, 'expected no setup email'
634 test "setup user with send notification param true and verify email" do
635 authorize_with :admin
638 openid_prefix: 'http://www.example.com/account',
639 send_notification_email: 'true',
641 email: "foo@example.com"
645 assert_response :success
646 response_items = JSON.parse(@response.body)['items']
647 created = find_obj_in_resp response_items, 'User', nil
648 assert_not_nil created['uuid'], 'expected uuid for the new user'
649 assert_equal created['email'], 'foo@example.com', 'expected given email'
651 setup_email = ActionMailer::Base.deliveries.last
652 assert_not_nil setup_email, 'Expected email after setup'
654 assert_equal Rails.configuration.user_notifier_email_from, setup_email.from[0]
655 assert_equal 'foo@example.com', setup_email.to[0]
656 assert_equal 'Welcome to Curoverse', setup_email.subject
657 assert (setup_email.body.to_s.include? 'Your Arvados account has been set up'),
658 'Expected Your Arvados account has been set up in email body'
659 assert (setup_email.body.to_s.include? 'foo@example.com'),
660 'Expected user email in email body'
661 assert (setup_email.body.to_s.include? Rails.configuration.workbench_address),
662 'Expected workbench url in email body'
665 test "non-admin user can get basic information about readable users" do
666 authorize_with :spectator
668 check_non_admin_index
669 check_readable_users_index [:spectator], [:inactive, :active]
672 test "non-admin user gets only safe attributes from users#show" do
673 g = act_as_system_user do
676 users = create_list :active_user, 2, join_groups: [g]
677 token = create :token, user: users[0]
678 authorize_with_token token
679 get :show, id: users[1].uuid
683 [2, 4].each do |limit|
684 test "non-admin user can limit index to #{limit}" do
685 g = act_as_system_user do
688 users = create_list :active_user, 4, join_groups: [g]
689 token = create :token, user: users[0]
691 authorize_with_token token
692 get(:index, limit: limit)
693 check_non_admin_index
694 assert_equal(limit, json_response["items"].size,
695 "non-admin index limit was ineffective")
699 test "admin has full index powers" do
700 authorize_with :admin
701 check_inactive_user_findable
704 test "reader token can grant admin index powers" do
705 authorize_with :spectator
706 check_inactive_user_findable(reader_tokens: [api_token(:admin)])
709 test "admin can filter on user.is_active" do
710 authorize_with :admin
711 get(:index, filters: [["is_active", "=", "true"]])
712 assert_response :success
713 check_readable_users_index [:active, :spectator], [:inactive]
716 test "admin can search where user.is_active" do
717 authorize_with :admin
718 get(:index, where: {is_active: true})
719 assert_response :success
720 check_readable_users_index [:active, :spectator], [:inactive]
723 test "update active_no_prefs user profile and expect notification email" do
724 authorize_with :admin
727 id: users(:active_no_prefs).uuid,
729 prefs: {:profile => {'organization' => 'example.com'}}
732 assert_response :success
735 ActionMailer::Base.deliveries.andand.each do |email|
736 if email.subject == "Profile created by #{users(:active_no_prefs).email}"
741 assert_equal true, found_email, 'Expected email after creating profile'
744 test "update active_no_prefs_profile user profile and expect notification email" do
745 authorize_with :admin
748 user[:prefs] = users(:active_no_prefs_profile_no_getting_started_shown).prefs
749 user[:prefs][:profile] = {:profile => {'organization' => 'example.com'}}
751 id: users(:active_no_prefs_profile_no_getting_started_shown).uuid,
754 assert_response :success
757 ActionMailer::Base.deliveries.andand.each do |email|
758 if email.subject == "Profile created by #{users(:active_no_prefs_profile_no_getting_started_shown).email}"
763 assert_equal true, found_email, 'Expected email after creating profile'
766 test "update active user profile and expect no notification email" do
767 authorize_with :admin
770 id: users(:active).uuid,
772 prefs: {:profile => {'organization' => 'anotherexample.com'}}
775 assert_response :success
778 ActionMailer::Base.deliveries.andand.each do |email|
779 if email.subject == "Profile created by #{users(:active).email}"
784 assert_equal false, found_email, 'Expected no email after updating profile'
787 test "user API response includes writable_by" do
788 authorize_with :active
790 assert_response :success
791 assert_includes(json_response["writable_by"], users(:active).uuid,
792 "user's writable_by should include self")
793 assert_includes(json_response["writable_by"], users(:active).owner_uuid,
794 "user's writable_by should include its owner_uuid")
798 NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
801 def check_non_admin_index
802 assert_response :success
803 response_items = json_response["items"]
804 assert_not_nil response_items
805 response_items.each do |user_data|
806 check_non_admin_item user_data
807 assert(user_data["is_active"], "non-admin index returned inactive user")
811 def check_non_admin_show
812 assert_response :success
813 check_non_admin_item json_response
816 def check_non_admin_item user_data
817 assert_equal(NON_ADMIN_USER_DATA, user_data.keys.sort,
818 "data in response had missing or extra attributes")
819 assert_equal("arvados#user", user_data["kind"])
823 def check_readable_users_index expect_present, expect_missing
824 response_uuids = json_response["items"].map { |u| u["uuid"] }
825 expect_present.each do |user_key|
826 assert_includes(response_uuids, users(user_key).uuid,
827 "#{user_key} missing from index")
829 expect_missing.each do |user_key|
830 refute_includes(response_uuids, users(user_key).uuid,
831 "#{user_key} included in index")
835 def check_inactive_user_findable(params={})
836 inactive_user = users(:inactive)
837 get(:index, params.merge(filters: [["email", "=", inactive_user.email]]))
838 assert_response :success
839 user_list = json_response["items"]
840 assert_equal(1, user_list.andand.count)
841 # This test needs to check a column non-admins have no access to,
842 # to ensure that admins see all user information.
843 assert_equal(inactive_user.identity_url, user_list.first["identity_url"],
844 "admin's filtered index did not return inactive user")
847 def verify_num_links (original_links, expected_additional_links)
849 assert_equal expected_additional_links, Link.all.size-original_links.size,
850 "Expected #{expected_additional_links.inspect} more links"
853 def find_obj_in_resp (response_items, object_type, head_kind=nil)
856 response_items.each { |x|
861 if object_type == 'User'
862 if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
866 else # looking for a link
867 if x['head_uuid'] and ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind