assert users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
- l1.update_attributes!(name: 'can_read')
+ l1.update!(name: 'can_read')
assert !users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
"manager saw the minion's private stuff")
assert_raises(ArvadosModel::PermissionDeniedError,
"manager could update minion's private stuff") do
- minions_specimen.update_attributes(properties: {'x' => 'y'})
+ minions_specimen.update(properties: {'x' => 'y'})
end
end
.where(uuid: minions_specimen.uuid),
"manager could not find minion's specimen by uuid")
assert_equal(true,
- minions_specimen.update_attributes(properties: {'x' => 'y'}),
+ minions_specimen.update(properties: {'x' => 'y'}),
"manager could not update minion's specimen object")
end
end
"OTHER can see #{u.first_name} in the user list")
act_as_user u do
assert_raises ArvadosModel::PermissionDeniedError, "wrote without perm" do
- other.update_attributes!(prefs: {'pwned' => true})
+ other.update!(prefs: {'pwned' => true})
end
- assert_equal(true, u.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, u.update!(prefs: {'thisisme' => true}),
"#{u.first_name} can't update its own prefs")
end
act_as_user other do
assert_raises(ArvadosModel::PermissionDeniedError,
"OTHER wrote #{u.first_name} without perm") do
- u.update_attributes!(prefs: {'pwned' => true})
+ u.update!(prefs: {'pwned' => true})
end
- assert_equal(true, other.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, other.update!(prefs: {'thisisme' => true}),
"OTHER can't update its own prefs")
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable user" do
- ob.update_attributes!(owner_uuid: users(:active).uuid)
+ ob.update!(owner_uuid: users(:active).uuid)
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable group" do
- ob.update_attributes!(owner_uuid: groups(:aproject).uuid)
+ ob.update!(owner_uuid: groups(:aproject).uuid)
end
end
assert users(:active).can?(write: col.uuid)
assert users(:active).can?(manage: col.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l1 and upgraded to
+ # the max permission of {l1, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Collection.readable_by(users(:active)).where(uuid: col.uuid).first
assert users(:active).can?(read: col.uuid)
assert users(:active).can?(write: prj.uuid)
assert users(:active).can?(manage: prj.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l0 and upgraded to
+ # the max permission of {l0, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Group.readable_by(users(:active)).where(uuid: prj.uuid).first
assert users(:active).can?(read: prj.uuid)
projects / arvados.git / blobdiff