assert_not_allowed { User.new.save }
end
- test "setup new user" do
- set_user_from_auth :admin
+ [true, false].each do |visible|
+ test "setup new user with ActivatedUsersAreVisibleToOthers=#{visible}" do
+ Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = visible
+ set_user_from_auth :admin
- email = 'foo@example.com'
+ email = 'foo@example.com'
- user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
+ user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
- vm = VirtualMachine.create
+ vm = VirtualMachine.create
- response = user.setup(repo_name: 'foo/testrepo',
- vm_uuid: vm.uuid)
+ response = user.setup(repo_name: 'foo/testrepo',
+ vm_uuid: vm.uuid)
- resp_user = find_obj_in_resp response, 'User'
- verify_user resp_user, email
+ resp_user = find_obj_in_resp response, 'User'
+ verify_user resp_user, email
- group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
- repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
- verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
+ group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user'
+ if visible
+ verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil
+ else
+ assert_nil group_perm2
+ end
- vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
- verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
- assert_equal("foo", vm_perm.properties["username"])
+ repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+ verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
+
+ vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
+ verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
+ assert_equal("foo", vm_perm.properties["username"])
+ end
end
test "setup new user with junk in database" do
group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user'
+ verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil
+
# invoke setup again with repo_name
response = user.setup(repo_name: 'foo/testrepo')
resp_user = find_obj_in_resp response, 'User', nil
break
end
else # looking for a link
- if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
+ if ArvadosModel::resource_class_for_uuid(x['head_uuid']).andand.kind == head_kind
return_obj = x
break
end
end
end
- [
- [:active, 'zzzzz-borkd-abcde12345abcde'],
- [:active, 'zzzzz-j7d0g-abcde12345abcde'],
- [:active, 'zzzzz-tpzed-borkd'],
- [:system_user, 'zzzzz-tpzed-abcde12345abcde'],
- [:anonymous, 'zzzzz-tpzed-abcde12345abcde'],
- ].each do |fixture, new_uuid|
- test "disallow update_uuid #{fixture} -> #{new_uuid}" do
- u = users(fixture)
- orig_uuid = u.uuid
- act_as_system_user do
- assert_raises do
- u.update_uuid(new_uuid: new_uuid)
- end
- end
- # "Successfully aborted orig->new" outcome looks the same as
- # "successfully updated new->orig".
- assert_update_success(old_uuid: new_uuid,
- new_uuid: orig_uuid,
- expect_owned_objects: fixture == :active)
- end
- end
-
- [:active, :spectator, :admin].each do |target|
- test "update_uuid on #{target} as non-admin user" do
- act_as_user users(:active) do
- assert_raises(ArvadosModel::PermissionDeniedError) do
- users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde')
- end
- end
- end
- end
-
- test "update_uuid to existing uuid" do
- u = users(:active)
- orig_uuid = u.uuid
- new_uuid = users(:admin).uuid
- act_as_system_user do
- assert_raises do
- u.update_uuid(new_uuid: new_uuid)
- end
- end
- u.reload
- assert_equal u.uuid, orig_uuid
- assert_not_empty Collection.where(owner_uuid: orig_uuid)
- assert_not_empty Group.where(owner_uuid: orig_uuid)
- end
-
- [
- [:active, 'zbbbb-tpzed-abcde12345abcde'],
- [:active, 'zzzzz-tpzed-abcde12345abcde'],
- [:admin, 'zbbbb-tpzed-abcde12345abcde'],
- [:admin, 'zzzzz-tpzed-abcde12345abcde'],
- ].each do |fixture, new_uuid|
- test "update_uuid #{fixture} to unused uuid #{new_uuid}" do
- u = users(fixture)
- orig_uuid = u.uuid
- act_as_system_user do
- u.update_uuid(new_uuid: new_uuid)
- end
- assert_update_success(old_uuid: orig_uuid,
- new_uuid: new_uuid,
- expect_owned_objects: fixture == :active)
- end
- end
-
def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true)
[[User, :uuid],
[Link, :head_uuid],
projects / arvados.git / blobdiff