projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
9333: Attribute validation on "select" to avoid invalid SQL statements
[arvados.git] / services / api / test / integration / collections_api_test.rb
diff --git a/services/api/test/integration/collections_api_test.rb b/services/api/test/integration/collections_api_test.rb
index 6fba5f76945896b76b84960f11b56fbdd7471473..e67f1b1a9b6e5669336a279beb1bc66478d16c1f 100644 (file)
--- a/services/api/test/integration/collections_api_test.rb
+++ b/services/api/test/integration/collections_api_test.rb
@@ -57,6 +57,34 @@ class CollectionsApiTest < ActionDispatch::IntegrationTest
     assert_equal "arvados#collectionList", json_response['kind']
   end
 
+  test "get index with select= (valid attribute)" do
+    get "/arvados/v1/collections", {
+          :format => :json,
+          :select => ['portable_data_hash'].to_json
+        }, auth(:active)
+    assert_response :success
+    assert json_response['items'][0].keys.include?('portable_data_hash')
+    assert not(json_response['items'][0].keys.include?('uuid'))
+  end
+
+  test "get index with select= (invalid attribute) responds 422" do
+    get "/arvados/v1/collections", {
+          :format => :json,
+          :select => ['bogus'].to_json
+        }, auth(:active)
+    assert_response 422
+    assert_match /Invalid attribute.*bogus/, json_response['errors'].join(' ')
+  end
+
+  test "get index with select= (invalid attribute type) responds 422" do
+    get "/arvados/v1/collections", {
+          :format => :json,
+          :select => [['bogus']].to_json
+        }, auth(:active)
+    assert_response 422
+    assert_match /Attribute.*should be a string/, json_response['errors'].join(' ')
+  end
+
   test "controller 404 response is json" do
     get "/arvados/v1/thingsthatdonotexist", {:format => :xml}, auth(:active)
     assert_response 404
@@ -279,18 +307,19 @@ class CollectionsApiTest < ActionDispatch::IntegrationTest
     signed_manifest = Collection.sign_manifest(". bad42fa702ae3ea7d888fef11b46f450+44 0:44:my_test_file.txt\n", api_token(:active))
     post "/arvados/v1/collections", {
       format: :json,
-      collection: {manifest_text: signed_manifest,
-                   properties: {'property_1' => 'value_1'}}.to_json,
+      collection: {manifest_text: signed_manifest}.to_json,
     }, auth(:active)
     assert_response 200
     assert_not_nil json_response['uuid']
-    assert_equal 'value_1', json_response['properties']['property_1']
+    assert_not_nil json_response['properties']
+    assert_empty json_response['properties']
 
-    # get it
-    get "/arvados/v1/collections/#{json_response['uuid']}", {
+    # update collection's description
+    put "/arvados/v1/collections/#{json_response['uuid']}", {
       format: :json,
+      collection: { properties: {'property_1' => 'value_1'} }
     }, auth(:active)
-    assert_response 200
+    assert_response :success
     assert_equal 'value_1', json_response['properties']['property_1']
   end
 end