require 'test_helper'
class UserTest < ActiveSupport::TestCase
+ include CurrentApiClient
# The fixture services/api/test/fixtures/users.yml serves as the input for this test case
setup do
+ # Make sure system_user exists before making "pre-test users" list
+ system_user
+
@all_users = User.find(:all)
@all_users.each do |user|
- if user.is_admin && user.is_active
+ if user.uuid == system_user_uuid
+ @system_user = user
+ elsif user.is_admin && user.is_active
@admin_user = user
elsif user.is_active && !user.is_admin
@active_user = user
- elsif !user.is_active && !user.is_invited
+ elsif !user.is_active && !user.is_invited
@uninvited_user = user
end
end
assert_equal found_user.identity_url, user.identity_url
end
- test "create new user" do
+ test "create new user" do
Thread.current[:user] = @admin_user # set admin user as the current user
user = User.new
user.save
# verify there is one extra user in the db now
- assert (User.find(:all).size == @all_users.size+1)
+ assert_equal @all_users.size+1, User.find(:all).size
user = User.find(user.id) # get the user back
assert_equal(user.first_name, 'first_name_for_newly_created_user')
assert_equal(user.first_name, 'first_name_for_newly_created_user_updated')
end
- test "update existing user" do
+ test "update existing user" do
Thread.current[:user] = @active_user # set active user as current user
@active_user.first_name = "first_name_changed"
@active_user.save
@active_user = User.find(@active_user.id) # get the user back
assert_equal(@active_user.first_name, 'first_name_changed_by_admin_for_active_user')
end
-
- test "delete a user and verify" do
+
+ test "delete a user and verify" do
active_user_uuid = @active_user.uuid
- Thread.current[:user] = @admin_user
+ Thread.current[:user] = @admin_user
@active_user.delete
found_deleted_user = false
- User.find(:all).each do |user|
- if user.uuid == active_user_uuid
+ User.find(:all).each do |user|
+ if user.uuid == active_user_uuid
found_deleted_user = true
break
- end
+ end
end
assert !found_deleted_user, "found deleted user: "+active_user_uuid
-
+
end
test "create new user as non-admin user" do
begin
user = User.new
user.save
- rescue ArvadosModel::PermissionDeniedError
+ rescue ArvadosModel::PermissionDeniedError => e
end
+ assert (e.message.include? 'PermissionDeniedError'),
+ 'Expected PermissionDeniedError'
end
- test "setup new user as non-admin user" do
- Thread.current[:user] = @active_user
+ test "setup new user" do
+ Thread.current[:user] = @admin_user
- begin
- user = User.new
- user.email = 'abc@xyz.com'
-
- User.setup user, 'http://openid/prefix'
- rescue ArvadosModel::PermissionDeniedError
+ email = 'foo@example.com'
+ openid_prefix = 'http://openid/prefix'
+
+ user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
+
+ vm = VirtualMachine.create
+
+ response = User.setup user, openid_prefix, 'test_repo', vm.uuid
+
+ resp_user = find_obj_in_resp response, 'User'
+ verify_user resp_user, email
+
+ oid_login_perm = find_obj_in_resp response, 'Link', 'arvados#user'
+
+ verify_link oid_login_perm, 'permission', 'can_login', resp_user[:email],
+ resp_user[:uuid]
+
+ assert_equal openid_prefix, oid_login_perm[:properties][:identity_url_prefix],
+ 'expected identity_url_prefix not found for oid_login_perm'
+
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+
+ repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+ verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil
+
+ vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
+ verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
+ end
+
+ test "setup new user in multiple steps" do
+ Thread.current[:user] = @admin_user
+
+ email = 'foo@example.com'
+ openid_prefix = 'http://openid/prefix'
+
+ user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
+
+ response = User.setup user, openid_prefix
+
+ resp_user = find_obj_in_resp response, 'User'
+ verify_user resp_user, email
+
+ oid_login_perm = find_obj_in_resp response, 'Link', 'arvados#user'
+ verify_link oid_login_perm, 'permission', 'can_login', resp_user[:email],
+ resp_user[:uuid]
+ assert_equal openid_prefix, oid_login_perm[:properties][:identity_url_prefix],
+ 'expected identity_url_prefix not found for oid_login_perm'
+
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+
+ # invoke setup again with repo_name
+ response = User.setup user, openid_prefix, 'test_repo'
+ resp_user = find_obj_in_resp response, 'User', nil
+ verify_user resp_user, email
+ assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found'
+
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+
+ repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+ verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil
+
+ # invoke setup again with a vm_uuid
+ vm = VirtualMachine.create
+
+ response = User.setup user, openid_prefix, 'test_repo', vm.uuid
+
+ resp_user = find_obj_in_resp response, 'User', nil
+ verify_user resp_user, email
+ assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found'
+
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+
+ repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+ verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil
+
+ vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
+ verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
+ end
+
+ def find_obj_in_resp (response_items, object_type, head_kind=nil)
+ return_obj = nil
+ response_items.each { |x|
+ if !x
+ next
+ end
+
+ if object_type == 'User'
+ if ArvadosModel::resource_class_for_uuid(x['uuid']) == User
+ return_obj = x
+ break
+ end
+ else # looking for a link
+ if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
+ return_obj = x
+ break
+ end
+ end
+ }
+ return return_obj
+ end
+
+ def verify_user (resp_user, email)
+ assert_not_nil resp_user, 'expected user object'
+ assert_not_nil resp_user['uuid'], 'expected user object'
+ assert_equal email, resp_user['email'], 'expected email not found'
+
+ end
+
+ def verify_link (link_object, link_class, link_name, tail_uuid, head_uuid)
+ assert_not_nil link_object, "expected link for #{link_class} #{link_name}"
+ assert_not_nil link_object[:uuid],
+ "expected non-nil uuid for link for #{link_class} #{link_name}"
+ assert_equal link_class, link_object[:link_class],
+ "expected link_class not found for #{link_class} #{link_name}"
+ assert_equal link_name, link_object[:name],
+ "expected link_name not found for #{link_class} #{link_name}"
+ assert_equal tail_uuid, link_object[:tail_uuid],
+ "expected tail_uuid not found for #{link_class} #{link_name}"
+ if head_uuid
+ assert_equal head_uuid, link_object[:head_uuid],
+ "expected head_uuid not found for #{link_class} #{link_name}"
end
end
projects / arvados.git / blobdiff