+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
require 'test_helper'
class PermissionsTest < ActionDispatch::IntegrationTest
+ include DbCurrentTime
include CurrentApiClient # for empty_collection
fixtures :users, :groups, :api_client_authorizations, :collections
+ teardown do
+ User.invalidate_permissions_cache db_current_time.to_i
+ end
+
test "adding and removing direct can_read links" do
# try to read collection as spectator
get "/arvados/v1/collections/#{collections(:foo_file).uuid}", {:format => :json}, auth(:spectator)
assert_response 404
end
- test "get_permissions returns 404 for unreadable uuid" do
- get "/arvados/v1/permissions/#{groups(:public).uuid}", nil, auth(:active)
- assert_response 404
- end
-
test "get_permissions returns 403 if user can read but not manage" do
post "/arvados/v1/links", {
:link => {
assert_response 403
end
- test "active user can read an object in the anonymous group" do
- # make sure there is no link explicitly granting permission to
- # the anonymous collection or its owner
- get("/arvados/v1/permissions/#{collections(:anonymous).owner_uuid}",
- { :format => :json },
- auth(:admin))
- assert_response :success
- assert_empty json_response['items']
-
- get("/arvados/v1/permissions/#{collections(:anonymous).uuid}",
- { :format => :json },
- auth(:admin))
- assert_response :success
- assert_empty json_response['items']
-
- # the active user should still be able to read the anonymous collection.
- get("/arvados/v1/collections/#{collections(:anonymous).uuid}",
- { :format => :json },
- auth(:active))
- assert_response :success
- assert_equal json_response['manifest_text'], collections(:anonymous).manifest_text
+ test "active user can read the empty collection" do
+ # The active user should be able to read the empty collection.
- # the active user should be able to read the empty collection
get("/arvados/v1/collections/#{empty_collection_uuid}",
{ :format => :json },
auth(:active))
projects / arvados.git / blobdiff