@initial_link_count = Link.count
@vm_uuid = virtual_machines(:testvm).uuid
ActionMailer::Base.deliveries = []
+ Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = false
end
test "activate a user after signing UA" do
get(:index)
check_non_admin_index
check_readable_users_index [:spectator], [:inactive, :active]
+ json_response["items"].each do |u|
+ if u["uuid"] == users(:spectator).uuid
+ assert_equal true, u["can_write"]
+ assert_equal true, u["can_manage"]
+ end
+ end
end
test "non-admin user gets only safe attributes from users#show" do
"user's writable_by should include its owner_uuid")
end
- [
- [:admin, true],
- [:active, false],
- ].each do |auth_user, expect_success|
- test "update_uuid as #{auth_user}" do
- authorize_with auth_user
- orig_uuid = users(:active).uuid
- post :update_uuid, params: {
- id: orig_uuid,
- new_uuid: 'zbbbb-tpzed-abcde12345abcde',
- }
- if expect_success
- assert_response :success
- assert_empty User.where(uuid: orig_uuid)
- else
- assert_response 403
- assert_not_empty User.where(uuid: orig_uuid)
- end
- end
- end
-
test "merge with redirect_to_user_uuid=false" do
authorize_with :project_viewer_trustedclient
tok = api_client_authorizations(:project_viewer).api_token
end
NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
- "last_name", "username"].sort
+ "last_name", "username", "can_write", "can_manage"].sort
def check_non_admin_index
assert_response :success