class Arvados::V1::GroupsControllerTest < ActionController::TestCase
- test "attempt to delete group without read or write access" do
+ test "attempt to delete group that cannot be seen" do
+ Rails.configuration.Users.RoleGroupsVisibleToAll = false
authorize_with :active
post :destroy, params: {id: groups(:empty_lonely_group).uuid}
assert_response 404
end
+ test "attempt to delete group without read or write access" do
+ authorize_with :active
+ post :destroy, params: {id: groups(:empty_lonely_group).uuid}
+ assert_response 403
+ end
+
test "attempt to delete group without write access" do
authorize_with :active
post :destroy, params: {id: groups(:all_users).uuid}
refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
end
+ test "list collections in home project" do
+ authorize_with :active
+ get(:contents, params: {
+ format: :json,
+ filters: [
+ ['uuid', 'is_a', 'arvados#collection'],
+ ],
+ limit: 200,
+ id: users(:active).uuid,
+ })
+ assert_response :success
+ found_uuids = json_response['items'].collect { |i| i['uuid'] }
+ assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
+ refute_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "collection appeared unexpectedly in home project"
+ end
+
+ test "list collections in home project, including old versions" do
+ authorize_with :active
+ get(:contents, params: {
+ format: :json,
+ include_old_versions: true,
+ filters: [
+ ['uuid', 'is_a', 'arvados#collection'],
+ ],
+ limit: 200,
+ id: users(:active).uuid,
+ })
+ assert_response :success
+ found_uuids = json_response['items'].collect { |i| i['uuid'] }
+ assert_includes found_uuids, collections(:collection_owned_by_active).uuid, "collection did not appear in home project"
+ assert_includes found_uuids, collections(:collection_owned_by_active_past_version_1).uuid, "old collection version did not appear in home project"
+ end
+
test "user with project read permission can see project collections" do
authorize_with :project_viewer
get :contents, params: {
end
end
- test "Collection contents don't include manifest_text" do
+ test "Collection contents don't include manifest_text or unsigned_manifest_text" do
authorize_with :active
get :contents, params: {
id: groups(:aproject).uuid,
refute(json_response["items"].any? { |c| not c["portable_data_hash"] },
"response included an item without a portable data hash")
refute(json_response["items"].any? { |c| c.include?("manifest_text") },
- "response included an item with a manifest text")
+ "response included an item with manifest_text")
+ refute(json_response["items"].any? { |c| c.include?("unsigned_manifest_text") },
+ "response included an item with unsigned_manifest_text")
end
test 'get writable_by list for owned group' do
end
test 'get contents with jobs and pipeline instances disabled' do
- Rails.configuration.API.DisabledAPIs = {'jobs.index'=>{}, 'pipeline_instances.index'=>{}}
+ Rails.configuration.API.DisabledAPIs = ConfigLoader.to_OrderedOptions(
+ {'jobs.index'=>{}, 'pipeline_instances.index'=>{}})
authorize_with :active
get :contents, params: {
assert_includes(owners, groups(:asubproject).uuid)
end
+ [:afiltergroup, :private_role].each do |grp|
+ test "delete non-project group #{grp}" do
+ authorize_with :admin
+ assert_not_nil Group.find_by_uuid(groups(grp).uuid)
+ assert !Group.find_by_uuid(groups(grp).uuid).is_trashed
+ post :destroy, params: {
+ id: groups(grp).uuid,
+ format: :json,
+ }
+ assert_response :success
+ # Should not be trashed
+ assert_nil Group.find_by_uuid(groups(grp).uuid)
+ end
+ end
+
+ [
+ [false, :inactive, :private_role, false],
+ [false, :spectator, :private_role, false],
+ [false, :admin, :private_role, true],
+ [true, :inactive, :private_role, false],
+ [true, :spectator, :private_role, true],
+ [true, :admin, :private_role, true],
+ # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true
+ [true, :inactive, :private, false],
+ [true, :spectator, :private, false],
+ [true, :admin, :private, true],
+ ].each do |visibleToAll, userFixture, groupFixture, visible|
+ test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do
+ Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll
+ authorize_with userFixture
+ get :show, params: {id: groups(groupFixture).uuid, format: :json}
+ if visible
+ assert_response :success
+ else
+ assert_response 404
+ end
+ end
+ end
+
### trashed project tests ###
#
end
end
+ # the group class overrides the destroy method. Make sure that the destroyed
+ # object is returned
+ [
+ {group_class: "project"},
+ {group_class: "role"},
+ {group_class: "filter", properties: {"filters":[]}},
+ ].each do |params|
+ test "destroy group #{params} returns object" do
+ authorize_with :active
+
+ group = Group.create!(params)
+
+ post :destroy, params: {
+ id: group.uuid,
+ format: :json,
+ }
+ assert_response :success
+ assert_not_nil json_response
+ assert_equal group.uuid, json_response["uuid"]
+ end
+ end
+
test 'get shared owned by another user' do
authorize_with :user_bar_in_sharing_group
assert_response 422
end
+
+ test "include_trash does not return trash inside frozen project" do
+ authorize_with :active
+ trashtime = Time.now - 1.second
+ outerproj = Group.create!(group_class: 'project')
+ innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid)
+ innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid)
+ innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime)
+ innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime)
+ outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime)
+ innerproj.update_attributes!(frozen_by_uuid: users(:active).uuid)
+ get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true}
+ assert_response :success
+ uuids = json_response['items'].collect { |item| item['uuid'] }
+ assert_includes uuids, outertrash.uuid
+ assert_includes uuids, innerproj.uuid
+ assert_includes uuids, innercoll.uuid
+ refute_includes uuids, innertrash.uuid
+ refute_includes uuids, innertrashproj.uuid
+ end
end
projects / arvados.git / blobdiff