class Arvados::V1::LinksControllerTest < ActionController::TestCase
- test "no symbol keys in serialized hash" do
- link = {
- properties: {username: 'testusername'},
- link_class: 'test',
- name: 'encoding',
- tail_uuid: users(:admin).uuid,
- head_uuid: virtual_machines(:testvm).uuid
- }
- authorize_with :admin
- [link, link.to_json].each do |formatted_link|
- post :create, link: formatted_link
+ ['link', 'link_json'].each do |formatted_link|
+ test "no symbol keys in serialized hash #{formatted_link}" do
+ link = {
+ properties: {username: 'testusername'},
+ link_class: 'test',
+ name: 'encoding',
+ tail_uuid: users(:admin).uuid,
+ head_uuid: virtual_machines(:testvm).uuid
+ }
+ authorize_with :admin
+ if formatted_link == 'link_json'
+ post :create, link: link.to_json
+ else
+ post :create, link: link
+ end
assert_response :success
assert_not_nil assigns(:object)
assert_equal 'testusername', assigns(:object).properties['username']
link_class: 'test',
name: 'stuff',
head_uuid: users(:active).uuid,
- tail_uuid: virtual_machines(:testvm).uuid
+ tail_uuid: virtual_machines(:testvm2).uuid
}
authorize_with :active
post :create, link: link
assert_response 404
end
- test "project owner can index project permissions" do
- skip "Test tickles known bug"
- # readable_by only lets users see permission links that relate to them
- # directly. It does not allow users to see permission links for groups
- # they manage.
- # We'd like to fix this general issue, but we haven't settled on a general
- # way to do it that doesn't involve making readable_by ridiculously hairy.
- # This test demonstrates the desired behavior once we're ready to tackle
- # it. In the meantime, clients should use /permissions to get this
- # information.
+ test "retrieve all permissions using generic links index api" do
+ skip "(not implemented)"
+ # Links.readable_by() does not return the full set of permission
+ # links that are visible to a user (i.e., all permission links
+ # whose head_uuid references an object for which the user has
+ # ownership or can_manage permission). Therefore, neither does
+ # /arvados/v1/links.
+ #
+ # It is possible to retrieve the full set of permissions for a
+ # single object via /arvados/v1/permissions.
authorize_with :active
get :index, filters: [['link_class', '=', 'permission'],
['head_uuid', '=', groups(:aproject).uuid]]
assert_not_nil assigns(:objects)
assert_empty assigns(:objects)
end
+
+ # Granting permissions.
+ test "grant can_read on project to other users in group" do
+ authorize_with :user_foo_in_sharing_group
+
+ refute users(:user_bar_in_sharing_group).can?(read: collections(:collection_owned_by_foo).uuid)
+
+ post :create, {
+ link: {
+ tail_uuid: users(:user_bar_in_sharing_group).uuid,
+ link_class: 'permission',
+ name: 'can_read',
+ head_uuid: collections(:collection_owned_by_foo).uuid,
+ }
+ }
+ assert_response :success
+ assert users(:user_bar_in_sharing_group).can?(read: collections(:collection_owned_by_foo).uuid)
+ end
end
projects / arvados.git / blobdiff