assert users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
- l1.update_attributes!(name: 'can_read')
+ l1.update!(name: 'can_read')
assert !users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = false
manager = create :active_user, first_name: "Manage", last_name: "Er"
minion = create :active_user, first_name: "Min", last_name: "Ion"
- minions_specimen = act_as_user minion do
+ minions_collection = act_as_user minion do
g = Group.create! name: "minon project", group_class: "project"
Collection.create! owner_uuid: g.uuid
end
end
assert_empty(Collection
.readable_by(manager)
- .where(uuid: minions_specimen.uuid),
+ .where(uuid: minions_collection.uuid),
"manager saw the minion's private stuff")
assert_raises(ArvadosModel::PermissionDeniedError,
"manager could update minion's private stuff") do
- minions_specimen.update_attributes(properties: {'x' => 'y'})
+ minions_collection.update(properties: {'x' => 'y'})
end
end
# Now, manager can read and write Minion's stuff.
assert_not_empty(Collection
.readable_by(manager)
- .where(uuid: minions_specimen.uuid),
- "manager could not find minion's specimen by uuid")
+ .where(uuid: minions_collection.uuid),
+ "manager could not find minion's collection by uuid")
assert_equal(true,
- minions_specimen.update_attributes(properties: {'x' => 'y'}),
- "manager could not update minion's specimen object")
+ minions_collection.update(properties: {'x' => 'y'}),
+ "manager could not update minion's collection object")
end
end
assert_not_empty(User.readable_by(a).where(uuid: b.uuid),
"#{a.first_name} should be able to see 'b' in the user list")
- a_specimen = act_as_user a do
+ a_collection = act_as_user a do
Collection.create!
end
- assert_not_empty(Collection.readable_by(a).where(uuid: a_specimen.uuid),
+ assert_not_empty(Collection.readable_by(a).where(uuid: a_collection.uuid),
"A cannot read own Collection, following test probably useless.")
- assert_empty(Collection.readable_by(b).where(uuid: a_specimen.uuid),
+ assert_empty(Collection.readable_by(b).where(uuid: a_collection.uuid),
"B can read A's Collection")
[a,b].each do |u|
assert_empty(User.readable_by(u).where(uuid: other.uuid),
"OTHER can see #{u.first_name} in the user list")
act_as_user u do
assert_raises ArvadosModel::PermissionDeniedError, "wrote without perm" do
- other.update_attributes!(prefs: {'pwned' => true})
+ other.update!(prefs: {'pwned' => true})
end
- assert_equal(true, u.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, u.update!(prefs: {'thisisme' => true}),
"#{u.first_name} can't update its own prefs")
end
act_as_user other do
assert_raises(ArvadosModel::PermissionDeniedError,
"OTHER wrote #{u.first_name} without perm") do
- u.update_attributes!(prefs: {'pwned' => true})
+ u.update!(prefs: {'pwned' => true})
end
- assert_equal(true, other.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, other.update!(prefs: {'thisisme' => true}),
"OTHER can't update its own prefs")
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable user" do
- ob.update_attributes!(owner_uuid: users(:active).uuid)
+ ob.update!(owner_uuid: users(:active).uuid)
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable group" do
- ob.update_attributes!(owner_uuid: groups(:aproject).uuid)
+ ob.update!(owner_uuid: groups(:aproject).uuid)
end
end
assert users(:active).can?(write: col.uuid)
assert users(:active).can?(manage: col.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l1 and upgraded to
+ # the max permission of {l1, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Collection.readable_by(users(:active)).where(uuid: col.uuid).first
assert users(:active).can?(read: col.uuid)
assert users(:active).can?(write: prj.uuid)
assert users(:active).can?(manage: prj.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l0 and upgraded to
+ # the max permission of {l0, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Group.readable_by(users(:active)).where(uuid: prj.uuid).first
assert users(:active).can?(read: prj.uuid)
projects / arvados.git / blobdiff