assert_equal("active/foo", repositories(:foo).name)
end
- [[false, 'foo@example.com', true, nil],
- [false, 'bar@example.com', nil, true],
- [true, 'foo@example.com', true, nil],
+ [[false, 'foo@example.com', true, false],
+ [false, 'bar@example.com', false, true],
+ [true, 'foo@example.com', true, false],
[true, 'bar@example.com', true, true],
- [false, '', nil, nil],
- [true, '', true, nil]
+ [false, '', false, false],
+ [true, '', true, false]
].each do |auto_admin_first_user_config, auto_admin_user_config, foo_should_be_admin, bar_should_be_admin|
# In each case, 'foo' is created first, then 'bar', then 'bar2', then 'baz'.
test "auto admin with auto_admin_first=#{auto_admin_first_user_config} auto_admin=#{auto_admin_user_config}" do
if auto_admin_first_user_config
# This test requires no admin users exist (except for the system user)
act_as_system_user do
- users(:admin).update_attributes!(is_admin: false)
+ users(:admin).update!(is_admin: false)
end
@all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true)
assert_equal 0, @all_users.count, "No admin users should exist (except for the system user)"
test "create new user with notifications" do
set_user_from_auth :admin
+ Rails.configuration.Users.AutoSetupNewUsers = false
+
create_user_and_verify_setup_and_notifications true, active_notify_list, inactive_notify_list, nil, nil
create_user_and_verify_setup_and_notifications true, active_notify_list, empty_notify_list, nil, nil
create_user_and_verify_setup_and_notifications true, empty_notify_list, empty_notify_list, nil, nil
- create_user_and_verify_setup_and_notifications false, active_notify_list, inactive_notify_list, nil, nil
+ create_user_and_verify_setup_and_notifications false, empty_notify_list, inactive_notify_list, nil, nil
create_user_and_verify_setup_and_notifications false, empty_notify_list, inactive_notify_list, nil, nil
create_user_and_verify_setup_and_notifications false, empty_notify_list, empty_notify_list, nil, nil
end
[false, empty_notify_list, empty_notify_list, "arvados@example.com", false, false, "arvados2"],
[true, active_notify_list, inactive_notify_list, "arvados@example.com", false, false, "arvados2"],
[true, active_notify_list, inactive_notify_list, "root@example.com", true, false, "root2"],
- [false, active_notify_list, inactive_notify_list, "root@example.com", true, false, "root2"],
+ [false, active_notify_list, empty_notify_list, "root@example.com", true, false, "root2"],
[true, active_notify_list, inactive_notify_list, "roo_t@example.com", false, true, "root2"],
[false, empty_notify_list, empty_notify_list, "^^incorrect_format@example.com", true, true, "incorrectformat"],
[true, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", true, true, "ad9"],
[true, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", false, false, "ad9"],
- [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", true, true, "ad9"],
- [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", false, false, "ad9"],
+ [false, active_notify_list, empty_notify_list, "&4a_d9.@example.com", true, true, "ad9"],
+ [false, active_notify_list, empty_notify_list, "&4a_d9.@example.com", false, false, "ad9"],
].each do |active, new_user_recipients, inactive_recipients, email, auto_setup_vm, auto_setup_repo, expect_username|
test "create new user with auto setup active=#{active} email=#{email} vm=#{auto_setup_vm} repo=#{auto_setup_repo}" do
set_user_from_auth :admin
assert_not_allowed { User.new.save }
end
- test "setup new user" do
- set_user_from_auth :admin
+ [true, false].each do |visible|
+ test "setup new user with ActivatedUsersAreVisibleToOthers=#{visible}" do
+ Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = visible
+ set_user_from_auth :admin
- email = 'foo@example.com'
+ email = 'foo@example.com'
- user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
+ user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
- vm = VirtualMachine.create
+ vm = VirtualMachine.create
- response = user.setup(repo_name: 'foo/testrepo',
- vm_uuid: vm.uuid)
+ response = user.setup(repo_name: 'foo/testrepo',
+ vm_uuid: vm.uuid)
- resp_user = find_obj_in_resp response, 'User'
- verify_user resp_user, email
+ resp_user = find_obj_in_resp response, 'User'
+ verify_user resp_user, email
- group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+ verify_link group_perm, 'permission', 'can_write', resp_user[:uuid], groups(:all_users).uuid
- repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
- verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
+ group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user'
+ if visible
+ verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil
+ else
+ assert_nil group_perm2
+ end
- vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
- verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
- assert_equal("foo", vm_perm.properties["username"])
+ repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+ verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
+
+ vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
+ verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
+ assert_equal("foo", vm_perm.properties["username"])
+ end
end
test "setup new user with junk in database" do
verify_user resp_user, email
group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ verify_link group_perm, 'permission', 'can_write', resp_user[:uuid], groups(:all_users).uuid
repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
verify_user resp_user, email
group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ verify_link group_perm, 'permission', 'can_write', resp_user[:uuid], groups(:all_users).uuid
+
+ group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user'
+ verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil
# invoke setup again with repo_name
response = user.setup(repo_name: 'foo/testrepo')
assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found'
group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ verify_link group_perm, 'permission', 'can_write', resp_user[:uuid], groups(:all_users).uuid
repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found'
group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
- verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+ verify_link group_perm, 'permission', 'can_write', resp_user[:uuid], groups(:all_users).uuid
repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil
break
end
else # looking for a link
- if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind
+ if ArvadosModel::resource_class_for_uuid(x['head_uuid']).andand.kind == head_kind
return_obj = x
break
end
# check user setup
verify_link_exists(Rails.configuration.Users.AutoSetupNewUsers || active,
groups(:all_users).uuid, user.uuid,
- "permission", "can_read")
+ "permission", "can_write")
# Check for repository.
if named_repo = (prior_repo or
end
end
- [
- [:active, 'zzzzz-borkd-abcde12345abcde'],
- [:active, 'zzzzz-j7d0g-abcde12345abcde'],
- [:active, 'zzzzz-tpzed-borkd'],
- [:system_user, 'zzzzz-tpzed-abcde12345abcde'],
- [:anonymous, 'zzzzz-tpzed-abcde12345abcde'],
- ].each do |fixture, new_uuid|
- test "disallow update_uuid #{fixture} -> #{new_uuid}" do
- u = users(fixture)
- orig_uuid = u.uuid
- act_as_system_user do
- assert_raises do
- u.update_uuid(new_uuid: new_uuid)
- end
- end
- # "Successfully aborted orig->new" outcome looks the same as
- # "successfully updated new->orig".
- assert_update_success(old_uuid: new_uuid,
- new_uuid: orig_uuid,
- expect_owned_objects: fixture == :active)
- end
- end
-
- [:active, :spectator, :admin].each do |target|
- test "update_uuid on #{target} as non-admin user" do
- act_as_user users(:active) do
- assert_raises(ArvadosModel::PermissionDeniedError) do
- users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde')
- end
- end
- end
- end
-
- test "update_uuid to existing uuid" do
- u = users(:active)
- orig_uuid = u.uuid
- new_uuid = users(:admin).uuid
- act_as_system_user do
- assert_raises do
- u.update_uuid(new_uuid: new_uuid)
- end
- end
- u.reload
- assert_equal u.uuid, orig_uuid
- assert_not_empty Collection.where(owner_uuid: orig_uuid)
- assert_not_empty Group.where(owner_uuid: orig_uuid)
- end
-
- [
- [:active, 'zbbbb-tpzed-abcde12345abcde'],
- [:active, 'zzzzz-tpzed-abcde12345abcde'],
- [:admin, 'zbbbb-tpzed-abcde12345abcde'],
- [:admin, 'zzzzz-tpzed-abcde12345abcde'],
- ].each do |fixture, new_uuid|
- test "update_uuid #{fixture} to unused uuid #{new_uuid}" do
- u = users(fixture)
- orig_uuid = u.uuid
- act_as_system_user do
- u.update_uuid(new_uuid: new_uuid)
- end
- assert_update_success(old_uuid: orig_uuid,
- new_uuid: new_uuid,
- expect_owned_objects: fixture == :active)
- end
- end
-
def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true)
[[User, :uuid],
[Link, :head_uuid],
assert user.save
end
+ test "empty identity_url saves as null" do
+ set_user_from_auth :admin
+ user = users(:active)
+ assert user.update(identity_url: '')
+ user.reload
+ assert_nil user.identity_url
+ end
+
+ test "id overflows int32" do
+ uuid = users(:active).uuid
+ ActiveRecord::Base.connection.execute "update users set id=333222111000 where uuid='#{uuid}'"
+ u = User.find_by_uuid(uuid)
+ assert_equal 333222111000, u.id
+ end
end
projects / arvados.git / blobdiff