class PermissionsTest < ActionDispatch::IntegrationTest
fixtures :users, :groups, :api_client_authorizations, :collections
- def auth auth_fixture
- {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(auth_fixture).api_token}"}
- end
-
test "adding and removing direct can_read links" do
# try to read collection as spectator
get "/arvados/v1/collections/#{collections(:foo_file).uuid}", {:format => :json}, auth(:spectator)
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#user',
tail_uuid: users(:spectator).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#collection',
head_uuid: collections(:foo_file).uuid,
properties: {}
}
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#user',
tail_uuid: users(:spectator).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#collection',
head_uuid: collections(:foo_file).uuid,
properties: {}
}
}, auth(:admin)
- u = jresponse['uuid']
+ u = json_response['uuid']
assert_response :success
# read collection as spectator
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#user',
tail_uuid: users(:spectator).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#group',
head_uuid: groups(:private).uuid,
properties: {}
}
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#group',
tail_uuid: groups(:private).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#collection',
head_uuid: collections(:foo_file).uuid,
properties: {}
}
}, auth(:admin)
- u = jresponse['uuid']
+ u = json_response['uuid']
assert_response :success
# try to read collection as spectator
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#group',
tail_uuid: groups(:private).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#collection',
head_uuid: collections(:foo_file).uuid,
properties: {}
}
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#user',
tail_uuid: users(:spectator).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#group',
head_uuid: groups(:private).uuid,
properties: {}
}
}, auth(:admin)
- u = jresponse['uuid']
+ u = json_response['uuid']
assert_response :success
# try to read collection as spectator
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#user',
tail_uuid: users(:spectator).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#group',
head_uuid: groups(:private).uuid,
properties: {}
}
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#group',
tail_uuid: groups(:private).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#group',
head_uuid: groups(:empty_lonely_group).uuid,
properties: {}
}
post "/arvados/v1/links", {
:format => :json,
:link => {
- tail_kind: 'arvados#group',
tail_uuid: groups(:empty_lonely_group).uuid,
link_class: 'permission',
name: 'can_read',
- head_kind: 'arvados#collection',
head_uuid: collections(:foo_file).uuid,
properties: {}
}
}, auth(:admin)
- u = jresponse['uuid']
+ u = json_response['uuid']
assert_response :success
# try to read collection as spectator
test "read-only group-admin sees correct subset of user list" do
get "/arvados/v1/users", {:format => :json}, auth(:rominiadmin)
assert_response :success
- resp_uuids = jresponse['items'].collect { |i| i['uuid'] }
+ resp_uuids = json_response['items'].collect { |i| i['uuid'] }
[[true, users(:rominiadmin).uuid],
[true, users(:active).uuid],
[false, users(:miniadmin).uuid],
[:miniadmin, true]].each do |which_user, update_should_succeed|
get "/arvados/v1/specimens", {:format => :json}, auth(which_user)
assert_response :success
- resp_uuids = jresponse['items'].collect { |i| i['uuid'] }
+ resp_uuids = json_response['items'].collect { |i| i['uuid'] }
[[true, specimens(:owned_by_active_user).uuid],
[true, specimens(:owned_by_private_group).uuid],
[false, specimens(:owned_by_spectator).uuid],
projects / arvados.git / blobdiff