Merge branch '19954-permission-dedup-doc'

[arvados.git] / apps / workbench / test / unit / user_test.rb

diff --git a/apps/workbench/test/unit/user_test.rb b/apps/workbench/test/unit/user_test.rb
index d82765135c4af855c11009bcdec91d88cc262ebb..a73e506d14ae6f7a4983da03be5e4105920cca5e 100644 (file)
--- a/apps/workbench/test/unit/user_test.rb
+++ b/apps/workbench/test/unit/user_test.rb
@@ -1,16 +1,30 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
-  test "get owned_items" do
+  test "can select specific user columns" do
+    use_token :admin
+    User.select(["uuid", "is_active"]).limit(5).each do |user|
+      assert_not_nil user.uuid
+      assert_not_nil user.is_active
+      assert_nil user.first_name
+    end
+  end
+
+  test "User.current doesn't return anonymous user when using invalid token" do
+    # Set up anonymous user token
+    Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+    # First, try with a valid user
     use_token :active
-    oi = User.find(api_fixture('users')['active']['uuid']).owned_items
-    assert_operator(0, :<, oi.count,
-                    "Expected to find some items belonging to :active user")
-    assert_operator(0, :<, oi.items_available,
-                    "Expected owned_items response to have items_available > 0")
-    oi_uuids = oi.collect { |i| i['uuid'] }
-    expect = api_fixture('specimens')['owned_by_active_user']['uuid']
-    assert_includes(oi_uuids, expect,
-                    "Expected active user's owned_items to include #{expect}")
+    u = User.current
+    assert(find_fixture(User, "active").uuid == u.uuid)
+    # Next, simulate an invalid token
+    Thread.current[:arvados_api_token] = 'thistokenwontwork'
+    assert_raises(ArvadosApiClient::NotLoggedInException) do
+      User.current
+    end
   end
 end