class Arvados::V1::GroupsControllerTest < ActionController::TestCase
- test "attempt to delete group without read or write access" do
+ test "attempt to delete group that cannot be seen" do
+ Rails.configuration.Users.RoleGroupsVisibleToAll = false
authorize_with :active
post :destroy, params: {id: groups(:empty_lonely_group).uuid}
assert_response 404
end
+ test "attempt to delete group without read or write access" do
+ authorize_with :active
+ post :destroy, params: {id: groups(:empty_lonely_group).uuid}
+ assert_response 403
+ end
+
test "attempt to delete group without write access" do
authorize_with :active
post :destroy, params: {id: groups(:all_users).uuid}
assert_equal 0, json_response['items_available']
end
- def check_project_contents_response disabled_kinds=[]
+ def check_project_contents_response
assert_response :success
assert_operator 2, :<=, json_response['items_available']
assert_operator 2, :<=, json_response['items'].count
kinds = json_response['items'].collect { |i| i['kind'] }.uniq
- expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job' - disabled_kinds
+ expect_kinds = %w'arvados#group'
assert_equal expect_kinds, (expect_kinds & kinds)
json_response['items'].each do |i|
"group#contents returned a non-project group")
end
end
-
- disabled_kinds.each do |d|
- assert_equal true, !kinds.include?(d)
- end
end
test 'get group-owned objects' do
authorize_with :project_viewer
get :contents, params: {
format: :json,
- filters: [['uuid', 'is_a', 'arvados#specimen']]
+ filters: [['uuid', 'is_a', 'arvados#collection']]
}
assert_response :success
found_uuids = json_response['items'].collect { |i| i['uuid'] }
- [[:in_aproject, true],
- [:in_asubproject, true],
- [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
+ [[:foo_collection_in_aproject, true],
+ [:baz_collection_name_in_asubproject, true],
+ [:collection_not_readable_by_active, false]].each do |collection_fixture, should_find|
if should_find
- assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
+ assert_includes found_uuids, collections(collection_fixture).uuid, "did not find collection fixture '#{collection_fixture}'"
else
- refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
+ refute_includes found_uuids, collections(collection_fixture).uuid, "found collection fixture '#{collection_fixture}'"
end
end
end
}
assert_response :success
found_uuids = json_response['items'].collect { |i| i['uuid'] }
- assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
- refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
+ assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
+ refute_includes found_uuids, collections(:foo_collection_in_aproject).uuid, "collection appeared unexpectedly in home project"
end
test "list collections in home project" do
test "user with project read permission can't rename items in it" do
authorize_with :project_viewer
- @controller = Arvados::V1::LinksController.new
+ @controller = Arvados::V1::CollectionsController.new
post :update, params: {
- id: jobs(:running).uuid,
+ id: collections(:collection_to_search_for_in_aproject).uuid,
name: "Denied test name",
}
assert_includes(403..404, response.status)
end
test "user with project read permission can't remove items from it" do
- @controller = Arvados::V1::PipelineTemplatesController.new
+ @controller = Arvados::V1::CollectionsController.new
authorize_with :project_viewer
post :update, params: {
- id: pipeline_templates(:two_part).uuid,
- pipeline_template: {
+ id: collections(:collection_to_search_for_in_aproject).uuid,
+ collection: {
owner_uuid: users(:project_viewer).uuid,
}
}
assert_equal 0, json_response['items'].count
end
+ test 'get group-owned objects with select' do
+ authorize_with :active
+ get :contents, params: {
+ id: groups(:aproject).uuid,
+ limit: 100,
+ format: :json,
+ select: ["uuid", "storage_classes_desired"]
+ }
+ assert_response :success
+ assert_equal 6, json_response['items_available']
+ assert_equal 6, json_response['items'].count
+ json_response['items'].each do |item|
+ # Expect collections to have a storage_classes field, other items should not.
+ if item["kind"] == "arvados#collection"
+ assert !item["storage_classes_desired"].nil?
+ else
+ assert item["storage_classes_desired"].nil?
+ end
+ end
+ end
+
+ test 'get group-owned objects with invalid field in select' do
+ authorize_with :active
+ get :contents, params: {
+ id: groups(:aproject).uuid,
+ limit: 100,
+ format: :json,
+ select: ["uuid", "storage_classes_desire"]
+ }
+ assert_response 422
+ end
+
test 'get group-owned objects with additional filter matching nothing' do
authorize_with :active
get :contents, params: {
assert_not_equal(new_project['uuid'],
groups(:aproject).uuid,
"create returned same uuid as existing project")
- assert_match(/^A Project \(\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d\.\d{3}Z\)$/,
+ assert_match(/^A Project \(#{new_project['uuid'][-15..-1]}\)$/,
new_project['name'])
end
[
[['owner_uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 200,
- 'zzzzz-d1hrv-subprojpipeline', 'zzzzz-d1hrv-1xfj6xkicf2muk2'],
- [["pipeline_instances.state", "not in", ["Complete", "Failed"]], 200,
- 'zzzzz-d1hrv-1xfj6xkicf2muk2', 'zzzzz-d1hrv-i3e77t9z5y8j9cc'],
+ 'zzzzz-j7d0g-publicfavorites', 'zzzzz-xvhdp-cr4queuedcontnr'],
+ [["container_requests.state", "not in", ["Final"]], 200,
+ 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4completedctr'],
[['container_requests.requesting_container_uuid', '=', nil], 200,
'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4requestercn2'],
[['container_requests.no_such_column', '=', nil], 422],
end
end
- test 'get contents with jobs and pipeline instances disabled' do
- Rails.configuration.API.DisabledAPIs = ConfigLoader.to_OrderedOptions(
- {'jobs.index'=>{}, 'pipeline_instances.index'=>{}})
-
- authorize_with :active
- get :contents, params: {
- id: groups(:aproject).uuid,
- format: :json,
- }
- check_project_contents_response %w'arvados#pipelineInstance arvados#job'
- end
-
test 'get contents with low max_index_database_read' do
# Some result will certainly have at least 12 bytes in a
- # restricted column
+ # restricted column.
+ #
+ # We cannot use collections.manifest_text to test this, because
+ # GroupsController refuses to select manifest_text, because
+ # controller doesn't sign manifests in a groups#contents response.
Rails.configuration.API.MaxIndexDatabaseRead = 12
authorize_with :active
get :contents, params: {
- id: groups(:aproject).uuid,
+ uuid: users(:active).uuid,
format: :json,
}
assert_response :success
assert_includes(owners, groups(:asubproject).uuid)
end
- test "delete filter & role groups" do
- authorize_with :admin
- [:afiltergroup, :private_role].each do |grp|
+ [:afiltergroup, :private_role].each do |grp|
+ test "delete non-project group #{grp}" do
+ authorize_with :admin
+ assert_not_nil Group.find_by_uuid(groups(grp).uuid)
assert !Group.find_by_uuid(groups(grp).uuid).is_trashed
post :destroy, params: {
id: groups(grp).uuid,
end
end
+ [
+ [false, :inactive, :private_role, false],
+ [false, :spectator, :private_role, false],
+ [false, :admin, :private_role, true],
+ [true, :inactive, :private_role, false],
+ [true, :spectator, :private_role, true],
+ [true, :admin, :private_role, true],
+ # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true
+ [true, :inactive, :private, false],
+ [true, :spectator, :private, false],
+ [true, :admin, :private, true],
+ ].each do |visibleToAll, userFixture, groupFixture, visible|
+ test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do
+ Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll
+ authorize_with userFixture
+ get :show, params: {id: groups(groupFixture).uuid, format: :json}
+ if visible
+ assert_response :success
+ else
+ assert_response 404
+ end
+ end
+ end
+
### trashed project tests ###
#
ensure_unique_name: true
}
assert_response :success
- assert_match /^trashed subproject 3 \(\d{4}-\d\d-\d\d.*?Z\)$/, json_response['name']
+ assert_match /^trashed subproject 3 \(#{json_response['uuid'][-15..-1]}\)$/, json_response['name']
end
test "move trashed subproject to new owner #{auth}" do
end
end
+ # the group class overrides the destroy method. Make sure that the destroyed
+ # object is returned
+ [
+ {group_class: "project"},
+ {group_class: "role"},
+ {group_class: "filter", properties: {"filters":[]}},
+ ].each do |params|
+ test "destroy group #{params} returns object" do
+ authorize_with :active
+
+ group = Group.create!(params)
+
+ post :destroy, params: {
+ id: group.uuid,
+ format: :json,
+ }
+ assert_response :success
+ assert_not_nil json_response
+ assert_equal group.uuid, json_response["uuid"]
+ end
+ end
+
test 'get shared owned by another user' do
authorize_with :user_bar_in_sharing_group
assert_response 422
end
+
+ test "include_trash does not return trash inside frozen project" do
+ authorize_with :active
+ trashtime = Time.now - 1.second
+ outerproj = Group.create!(group_class: 'project')
+ innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid)
+ innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid)
+ innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime)
+ innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime)
+ outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime)
+ innerproj.update!(frozen_by_uuid: users(:active).uuid)
+ get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true}
+ assert_response :success
+ uuids = json_response['items'].collect { |item| item['uuid'] }
+ assert_includes uuids, outertrash.uuid
+ assert_includes uuids, innerproj.uuid
+ assert_includes uuids, innercoll.uuid
+ refute_includes uuids, innertrash.uuid
+ refute_includes uuids, innertrashproj.uuid
+ end
end
projects / arvados.git / blobdiff