14262: Fix permissions so runtime_token can set container progress/output

[arvados.git] / services / api / test / unit / group_test.rb

diff --git a/services/api/test/unit/group_test.rb b/services/api/test/unit/group_test.rb
index 4672acd0979972be13cbbe639177b81517d40fb6..8b3052e78595da57ff0b6cd487fb513fd8972166 100644 (file)
--- a/services/api/test/unit/group_test.rb
+++ b/services/api/test/unit/group_test.rb
@@ -60,7 +60,7 @@ class GroupTest < ActiveSupport::TestCase
     assert g_foo.errors.messages[:owner_uuid].join(" ").match(/ownership cycle/)
   end
 
-  test "delete group hides contents" do
+  test "trash group hides contents" do
     set_user_from_auth :active_trustedclient
 
     g_foo = Group.create!(name: "foo")
@@ -74,7 +74,7 @@ class GroupTest < ActiveSupport::TestCase
     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
   end
 
-  test "delete group" do
+  test "trash group" do
     set_user_from_auth :active_trustedclient
 
     g_foo = Group.create!(name: "foo")
@@ -95,7 +95,7 @@ class GroupTest < ActiveSupport::TestCase
   end
 
 
-  test "delete subgroup" do
+  test "trash subgroup" do
     set_user_from_auth :active_trustedclient
 
     g_foo = Group.create!(name: "foo")
@@ -115,7 +115,7 @@ class GroupTest < ActiveSupport::TestCase
     assert Group.readable_by(users(:active), {:include_trash => true}).where(uuid: g_baz.uuid).any?
   end
 
-  test "delete subsubgroup" do
+  test "trash subsubgroup" do
     set_user_from_auth :active_trustedclient
 
     g_foo = Group.create!(name: "foo")
@@ -133,7 +133,7 @@ class GroupTest < ActiveSupport::TestCase
   end
 
 
-  test "delete group propagates to subgroups" do
+  test "trash group propagates to subgroups" do
     set_user_from_auth :active_trustedclient
 
     g_foo = groups(:trashed_project)
@@ -158,11 +158,78 @@ class GroupTest < ActiveSupport::TestCase
     assert Group.readable_by(users(:active)).where(uuid: g_bar.uuid).any?
     assert Collection.readable_by(users(:active)).where(uuid: col.uuid).any?
 
-    # this one should still be deleted.
+    # this one should still be trashed.
     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).empty?
 
     g_baz.update! is_trashed: false
     assert Group.readable_by(users(:active)).where(uuid: g_baz.uuid).any?
   end
 
+  test "trashed does not propagate across permission links" do
+    set_user_from_auth :admin
+
+    g_foo = Group.create!(name: "foo")
+    u_bar = User.create!(first_name: "bar")
+
+    assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).any?
+    assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
+    g_foo.update! is_trashed: true
+
+    assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
+    assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
+
+    g_foo.update! is_trashed: false
+    ln = Link.create!(tail_uuid: g_foo.uuid,
+                      head_uuid: u_bar.uuid,
+                      link_class: "permission",
+                      name: "can_read")
+    g_foo.update! is_trashed: true
+
+    assert Group.readable_by(users(:admin)).where(uuid: g_foo.uuid).empty?
+    assert User.readable_by(users(:admin)).where(uuid:  u_bar.uuid).any?
+  end
+
+  test "move projects to trash in SweepTrashedObjects" do
+    p = groups(:trashed_on_next_sweep)
+    assert_empty Group.where('uuid=? and is_trashed=true', p.uuid)
+    SweepTrashedObjects.sweep_now
+    assert_not_empty Group.where('uuid=? and is_trashed=true', p.uuid)
+  end
+
+  test "delete projects and their contents in SweepTrashedObjects" do
+    g_foo = groups(:trashed_project)
+    g_bar = groups(:trashed_subproject)
+    g_baz = groups(:trashed_subproject3)
+    col = collections(:collection_in_trashed_subproject)
+    job = jobs(:job_in_trashed_project)
+    cr = container_requests(:cr_in_trashed_project)
+    # Save how many objects were before the sweep
+    user_nr_was = User.all.length
+    coll_nr_was = Collection.all.length
+    group_nr_was = Group.where('group_class<>?', 'project').length
+    project_nr_was = Group.where(group_class: 'project').length
+    cr_nr_was = ContainerRequest.all.length
+    job_nr_was = Job.all.length
+    assert_not_empty Group.where(uuid: g_foo.uuid)
+    assert_not_empty Group.where(uuid: g_bar.uuid)
+    assert_not_empty Group.where(uuid: g_baz.uuid)
+    assert_not_empty Collection.where(uuid: col.uuid)
+    assert_not_empty Job.where(uuid: job.uuid)
+    assert_not_empty ContainerRequest.where(uuid: cr.uuid)
+    SweepTrashedObjects.sweep_now
+    assert_empty Group.where(uuid: g_foo.uuid)
+    assert_empty Group.where(uuid: g_bar.uuid)
+    assert_empty Group.where(uuid: g_baz.uuid)
+    assert_empty Collection.where(uuid: col.uuid)
+    assert_empty Job.where(uuid: job.uuid)
+    assert_empty ContainerRequest.where(uuid: cr.uuid)
+    # No unwanted deletions should have happened
+    assert_equal user_nr_was, User.all.length
+    assert_equal coll_nr_was-2,        # collection_in_trashed_subproject
+                 Collection.all.length # & deleted_on_next_sweep collections
+    assert_equal group_nr_was, Group.where('group_class<>?', 'project').length
+    assert_equal project_nr_was-3, Group.where(group_class: 'project').length
+    assert_equal cr_nr_was-1, ContainerRequest.all.length
+    assert_equal job_nr_was-1, Job.all.length
+  end
 end