test "get list of projects" do
authorize_with :active
- get :index, filters: [['group_class', 'in', ['project', 'folder']]], format: :json
+ get :index, filters: [['group_class', '=', 'project']], format: :json
assert_response :success
group_uuids = []
json_response['items'].each do |group|
- assert_includes ['folder', 'project'], group['group_class']
+ assert_equal 'project', group['group_class']
group_uuids << group['uuid']
end
assert_includes group_uuids, groups(:aproject).uuid
test "get list of groups that are not projects" do
authorize_with :active
- get :index, filters: [['group_class', '=', nil]], format: :json
+ get :index, filters: [['group_class', '!=', 'project']], format: :json
assert_response :success
group_uuids = []
json_response['items'].each do |group|
- assert_equal nil, group['group_class']
+ assert_not_equal 'project', group['group_class']
group_uuids << group['uuid']
end
assert_not_includes group_uuids, groups(:aproject).uuid
assert_equal 0, json_response['items_available']
end
+ def check_project_contents_response
+ assert_response :success
+ assert_operator 2, :<=, json_response['items_available']
+ assert_operator 2, :<=, json_response['items'].count
+ kinds = json_response['items'].collect { |i| i['kind'] }.uniq
+ expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
+ assert_equal expect_kinds, (expect_kinds & kinds)
+
+ json_response['items'].each do |i|
+ if i['kind'] == 'arvados#group'
+ assert(i['group_class'] == 'project',
+ "group#contents returned a non-project group")
+ end
+ end
+ end
+
test 'get group-owned objects' do
authorize_with :active
get :contents, {
format: :json,
include_linked: true,
}
+ check_project_contents_response
+ end
+
+ test "user with project read permission can see project objects" do
+ authorize_with :project_viewer
+ get :contents, {
+ id: groups(:aproject).uuid,
+ format: :json,
+ include_linked: true,
+ }
+ check_project_contents_response
+ end
+
+ test "list objects across projects" do
+ authorize_with :project_viewer
+ get :contents, {
+ format: :json,
+ filters: [['uuid', 'is_a', 'arvados#specimen']]
+ }
assert_response :success
- assert_operator 2, :<=, json_response['items_available']
- assert_operator 2, :<=, json_response['items'].count
- kinds = json_response['items'].collect { |i| i['kind'] }.uniq
- expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job'
- assert_equal expect_kinds, (expect_kinds & kinds)
+ found_uuids = json_response['items'].collect { |i| i['uuid'] }
+ [[:in_aproject, true],
+ [:in_asubproject, true],
+ [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
+ if should_find
+ assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
+ else
+ refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
+ end
+ end
+ end
+
+ test "list objects in home project" do
+ authorize_with :active
+ get :contents, {
+ format: :json,
+ id: users(:active).uuid
+ }
+ assert_response :success
+ found_uuids = json_response['items'].collect { |i| i['uuid'] }
+ assert_includes found_uuids, specimens(:owned_by_active_user).uuid, "specimen did not appear in home project"
+ refute_includes found_uuids, specimens(:in_asubproject).uuid, "specimen appeared unexpectedly in home project"
+ end
+
+ test "user with project read permission can see project collections" do
+ authorize_with :project_viewer
+ get :contents, {
+ id: groups(:asubproject).uuid,
+ format: :json,
+ }
+ ids = json_response['items'].map { |item| item["uuid"] }
+ assert_includes ids, collections(:baz_file_in_asubproject).uuid
+ end
+
+ test 'list objects across multiple projects' do
+ authorize_with :project_viewer
+ get :contents, {
+ format: :json,
+ include_linked: false,
+ filters: [['uuid', 'is_a', 'arvados#specimen']]
+ }
+ assert_response :success
+ found_uuids = json_response['items'].collect { |i| i['uuid'] }
+ [[:in_aproject, true],
+ [:in_asubproject, true],
+ [:owned_by_private_group, false]].each do |specimen_fixture, should_find|
+ if should_find
+ assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'"
+ else
+ refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'"
+ end
+ end
+ end
+
+ # Even though the project_viewer tests go through other controllers,
+ # I'm putting them here so they're easy to find alongside the other
+ # project tests.
+ def check_new_project_link_fails(link_attrs)
+ @controller = Arvados::V1::LinksController.new
+ post :create, link: {
+ link_class: "permission",
+ name: "can_read",
+ head_uuid: groups(:aproject).uuid,
+ }.merge(link_attrs)
+ assert_includes(403..422, response.status)
+ end
+
+ test "user with project read permission can't add users to it" do
+ authorize_with :project_viewer
+ check_new_project_link_fails(tail_uuid: users(:spectator).uuid)
+ end
+
+ test "user with project read permission can't add items to it" do
+ authorize_with :project_viewer
+ check_new_project_link_fails(tail_uuid: collections(:baz_file).uuid)
+ end
+
+ test "user with project read permission can't rename items in it" do
+ authorize_with :project_viewer
+ @controller = Arvados::V1::LinksController.new
+ post :update, {
+ id: jobs(:running).uuid,
+ name: "Denied test name",
+ }
+ assert_includes(403..404, response.status)
+ end
+
+ test "user with project read permission can't remove items from it" do
+ @controller = Arvados::V1::PipelineTemplatesController.new
+ authorize_with :project_viewer
+ post :update, {
+ id: pipeline_templates(:two_part).uuid,
+ pipeline_template: {
+ owner_uuid: users(:project_viewer).uuid,
+ }
+ }
+ assert_response 403
+ end
+
+ test "user with project read permission can't delete it" do
+ authorize_with :project_viewer
+ post :destroy, {id: groups(:aproject).uuid}
+ assert_response 403
end
test 'get group-owned objects with limit' do
assert_equal 0, json_response['items_available']
end
- test 'get group-owned objects without include_linked' do
- unexpected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
+ test "get all pages of group-owned objects" do
authorize_with :active
- get :contents, {
- id: groups(:asubproject).uuid,
- format: :json,
- }
- assert_response :success
- uuids = json_response['items'].collect { |i| i['uuid'] }
- assert_equal nil, uuids.index(unexpected_uuid)
- end
-
- test 'get group-owned objects with include_linked' do
- expected_uuid = specimens(:in_aproject_linked_from_asubproject).uuid
- authorize_with :active
- get :contents, {
- id: groups(:asubproject).uuid,
- include_linked: true,
- format: :json,
- }
- assert_response :success
- uuids = json_response['items'].collect { |i| i['uuid'] }
- assert_includes uuids, expected_uuid, "Did not get #{expected_uuid}"
-
- expected_name = links(:specimen_is_in_two_projects).name
- found_specimen_name = false
- assert(json_response['links'].any?,
- "Expected a non-empty array of links in response")
- json_response['links'].each do |link|
- if link['head_uuid'] == expected_uuid
- if link['name'] == expected_name
- found_specimen_name = true
- end
- end
- end
- assert(found_specimen_name,
- "Expected to find name '#{expected_name}' in response")
- end
-
- [false, true].each do |inc_ind|
- test "get all pages of group-owned #{'and -linked ' if inc_ind}objects" do
- authorize_with :active
- limit = 5
- offset = 0
- items_available = nil
- uuid_received = {}
- owner_received = {}
- while true
- # Behaving badly here, using the same controller multiple
- # times within a test.
- @json_response = nil
- get :contents, {
- id: groups(:aproject).uuid,
- include_linked: inc_ind,
- limit: limit,
- offset: offset,
- format: :json,
- }
- assert_response :success
- assert_operator(0, :<, json_response['items'].count,
- "items_available=#{items_available} but received 0 "\
- "items with offset=#{offset}")
- items_available ||= json_response['items_available']
- assert_equal(items_available, json_response['items_available'],
- "items_available changed between page #{offset/limit} "\
- "and page #{1+offset/limit}")
- json_response['items'].each do |item|
- uuid = item['uuid']
- assert_equal(nil, uuid_received[uuid],
- "Received '#{uuid}' again on page #{1+offset/limit}")
- uuid_received[uuid] = true
- owner_received[item['owner_uuid']] = true
- offset += 1
- if not inc_ind
- assert_equal groups(:aproject).uuid, item['owner_uuid']
- end
- end
- break if offset >= items_available
- end
- if inc_ind
- assert_operator 0, :<, (json_response.keys - [users(:active).uuid]).count,
- "Set include_linked=true but did not receive any non-owned items"
+ limit = 5
+ offset = 0
+ items_available = nil
+ uuid_received = {}
+ owner_received = {}
+ while true
+ # Behaving badly here, using the same controller multiple
+ # times within a test.
+ @json_response = nil
+ get :contents, {
+ id: groups(:aproject).uuid,
+ limit: limit,
+ offset: offset,
+ format: :json,
+ }
+ assert_response :success
+ assert_operator(0, :<, json_response['items'].count,
+ "items_available=#{items_available} but received 0 "\
+ "items with offset=#{offset}")
+ items_available ||= json_response['items_available']
+ assert_equal(items_available, json_response['items_available'],
+ "items_available changed between page #{offset/limit} "\
+ "and page #{1+offset/limit}")
+ json_response['items'].each do |item|
+ uuid = item['uuid']
+ assert_equal(nil, uuid_received[uuid],
+ "Received '#{uuid}' again on page #{1+offset/limit}")
+ uuid_received[uuid] = true
+ owner_received[item['owner_uuid']] = true
+ offset += 1
+ assert_equal groups(:aproject).uuid, item['owner_uuid']
end
+ break if offset >= items_available
end
end
format: :json
}
assert_response :success
- assert_nil(json_response['writable_by'],
- "Should not receive uuid list in 'writable_by' field")
+ assert_equal([json_response['owner_uuid']],
+ json_response['writable_by'],
+ "Should only see owner_uuid in 'writable_by' field")
end
test 'get writable_by list by admin user' do
projects / arvados.git / blobdiff