end
test "get_all_permissions does not give any access to user without permission" do
+ viewer_uuid = users(:project_viewer).uuid
+ assert_equal(authorized_keys(:project_viewer).authorized_user_uuid,
+ viewer_uuid,
+ "project_viewer must have an authorized_key for this test to work")
authorize_with :admin
get :get_all_permissions
assert_response :success
- assert_equal(authorized_keys(:project_viewer).authorized_user_uuid,
- users(:project_viewer).uuid,
- "project_viewer must have an authorized_key for this test to work")
- json_response['repositories'].each do |repo|
- assert_equal(false,
- repo['user_permissions'].has_key?(users(:project_viewer).uuid),
- "project_viewer user should not have perms for #{repo['uuid']}")
+ readable_repos = json_response["repositories"].select do |repo|
+ repo["user_permissions"].has_key?(viewer_uuid)
end
+ assert_equal(["arvados"], readable_repos.map { |r| r["name"] },
+ "project_viewer should only have permissions on public repos")
end
test "get_all_permissions gives gitolite R to user with read-only access" do
"response public_key does not match fixture #{u}.")
end
end
+
+ test "get_all_permissions lists repos with no authorized keys" do
+ authorize_with :admin
+ AuthorizedKey.destroy_all
+ get :get_all_permissions
+ assert_response :success
+ assert_equal(Repository.count, json_response["repositories"].size)
+ assert(json_response["repositories"].any? do |repo|
+ repo["user_permissions"].empty?
+ end, "test is invalid - all repositories have authorized keys")
+ end
+
+ test "default index includes fetch_url" do
+ authorize_with :active
+ get(:index)
+ assert_response :success
+ assert_includes(json_response["items"].map { |r| r["fetch_url"] },
+ "git@git.zzzzz.arvadosapi.com:active/foo.git")
+ end
+
+ [
+ {cfg: :git_repo_ssh_base, cfgval: "git@example.com:", match: %r"^git@example.com:/"},
+ {cfg: :git_repo_ssh_base, cfgval: true, match: %r"^git@git.zzzzz.arvadosapi.com:/"},
+ {cfg: :git_repo_ssh_base, cfgval: false, refute: /^git@/ },
+ {cfg: :git_repo_https_base, cfgval: "https://example.com/", match: %r"https://example.com/"},
+ {cfg: :git_repo_https_base, cfgval: true, match: %r"^https://git.zzzzz.arvadosapi.com/"},
+ {cfg: :git_repo_https_base, cfgval: false, refute: /^http/ },
+ ].each do |expect|
+ test "set #{expect[:cfg]} to #{expect[:cfgval]}" do
+ Rails.configuration.send expect[:cfg].to_s+"=", expect[:cfgval]
+ authorize_with :active
+ get :index
+ assert_response :success
+ json_response['items'].each do |r|
+ if expect[:refute]
+ r['clone_urls'].each do |u|
+ refute_match expect[:refute], u
+ end
+ else
+ assert r['clone_urls'].any? do |u|
+ expect[:prefix].match u
+ end
+ end
+ end
+ end
+ end
+
+ test "select push_url in index" do
+ authorize_with :active
+ get(:index, {select: ["uuid", "push_url"]})
+ assert_response :success
+ assert_includes(json_response["items"].map { |r| r["push_url"] },
+ "git@git.zzzzz.arvadosapi.com:active/foo.git")
+ end
+
+ test "select clone_urls in index" do
+ authorize_with :active
+ get(:index, {select: ["uuid", "clone_urls"]})
+ assert_response :success
+ assert_includes(json_response["items"].map { |r| r["clone_urls"] }.flatten,
+ "git@git.zzzzz.arvadosapi.com:active/foo.git")
+ end
end
projects / arvados.git / blobdiff