+ get :show, params: encoded_params, session: session_for(:active)
+ end
+
+ test "visit non-public project as anonymous when anonymous browsing is enabled and expect page not found" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+ get(:show, params: {id: api_fixture('groups')['aproject']['uuid']})
+ assert_response 404
+ assert_match(/log ?in/i, @response.body)
+ end
+
+ test "visit home page as anonymous when anonymous browsing is enabled and expect login" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+ get(:index)
+ assert_response :redirect
+ assert_match /\/users\/welcome/, @response.redirect_url
+ end
+
+ [
+ nil,
+ :active,
+ ].each do |user|
+ test "visit public projects page when anon config is enabled, as user #{user}, and expect page" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+
+ if user
+ get :public, params: {}, session: session_for(user)
+ else
+ get :public
+ end
+
+ assert_response :success
+ assert_not_nil assigns(:objects)
+ project_names = assigns(:objects).collect(&:name)
+ assert_includes project_names, 'Unrestricted public data'
+ assert_not_includes project_names, 'A Project'
+ refute_empty css_select('[href="/projects/public"]')
+ end
+ end
+
+ test "visit public projects page when anon config is not enabled as active user and expect 404" do
+ Rails.configuration.Users.AnonymousUserToken = ""
+ Rails.configuration.Workbench.EnablePublicProjectsPage = false
+ get :public, params: {}, session: session_for(:active)
+ assert_response 404
+ end
+
+ test "visit public projects page when anon config is enabled but public projects page is disabled as active user and expect 404" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+ Rails.configuration.Workbench.EnablePublicProjectsPage = false
+ get :public, params: {}, session: session_for(:active)
+ assert_response 404
+ end
+
+ test "visit public projects page when anon config is not enabled as anonymous and expect login page" do
+ Rails.configuration.Users.AnonymousUserToken = ""
+ Rails.configuration.Workbench.EnablePublicProjectsPage = false
+ get :public
+ assert_response :redirect
+ assert_match /\/users\/welcome/, @response.redirect_url
+ assert_empty css_select('[href="/projects/public"]')
+ end
+
+ test "visit public projects page when anon config is enabled and public projects page is disabled and expect login page" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+ Rails.configuration.Workbench.EnablePublicProjectsPage = false
+ get :index
+ assert_response :redirect
+ assert_match /\/users\/welcome/, @response.redirect_url
+ assert_empty css_select('[href="/projects/public"]')
+ end
+
+ test "visit public projects page when anon config is not enabled and public projects page is enabled and expect login page" do
+ Rails.configuration.Workbench.EnablePublicProjectsPage = true
+ get :index
+ assert_response :redirect
+ assert_match /\/users\/welcome/, @response.redirect_url
+ assert_empty css_select('[href="/projects/public"]')
+ end
+
+ test "find a project and edit its description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'test description update'
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, 'test description update'
+ end
+
+ test "find a project and edit description to textile description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = '*test bold description for textile formatting*'
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, '<strong>test bold description for textile formatting</strong>'
+ end
+
+ test "find a project and edit description to html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = '<b>Textile</b> description with link to home page <a href="/">take me home</a>.'
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, '<b>Textile</b> description with link to home page <a href="/">take me home</a>.'
+ end
+
+ test "find a project and edit description to unsafe html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'Textile description with unsafe script tag <script language="javascript">alert("Hello there")</script>.'
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").'
+ end
+
+ # Tests #14519
+ test "textile table on description renders as table html markup" do
+ use_token :active
+ project = api_fixture('groups')['aproject']
+ textile_table = <<EOT
+table(table table-striped table-condensed).
+|_. First Header |_. Second Header |
+|Content Cell |Content Cell |
+|Content Cell |Content Cell |
+EOT
+ found = Group.find(project['uuid'])
+ found.description = textile_table
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, '<th>First Header'
+ assert_includes @response.body, '<td>Content Cell'
+ end
+
+ test "find a project and edit description to textile description with link to object" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+
+ # uses 'Link to object' as a hyperlink for the object
+ found.description = '"Link to object":' + api_fixture('groups')['asubproject']['uuid']
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+
+ # check that input was converted to textile, not staying as inputted
+ refute_includes @response.body,'"Link to object"'
+ refute_empty css_select('[href="/groups/zzzzz-j7d0g-axqo7eu9pwvna1x"]')
+ end
+
+ test "project viewer can't see project sharing tab" do
+ project = api_fixture('groups')['aproject']
+ get(:show, params: {id: project['uuid']}, session: session_for(:project_viewer))
+ refute_includes @response.body, '<div id="Sharing"'
+ assert_includes @response.body, '<div id="Data_collections"'
+ end
+
+ [
+ 'admin',
+ 'active',
+ ].each do |username|
+ test "#{username} can see project sharing tab" do
+ project = api_fixture('groups')['aproject']
+ get(:show, params: {id: project['uuid']}, session: session_for(username))
+ assert_includes @response.body, '<div id="Sharing"'
+ assert_includes @response.body, '<div id="Data_collections"'
+ end
+ end
+
+ [
+ ['admin',true],
+ ['active',true],
+ ['project_viewer',false],
+ ].each do |user, can_move|
+ test "#{user} can move subproject from project #{can_move}" do
+ get(:show, params: {id: api_fixture('groups')['aproject']['uuid']}, session: session_for(user))
+ if can_move
+ assert_includes @response.body, 'Move project...'
+ else
+ refute_includes @response.body, 'Move project...'
+ end
+ end
+ end
+
+ [:admin, :active].each do |user|
+ test "in dashboard other index page links as #{user}" do
+ get :index, params: {}, session: session_for(user)
+
+ [["processes", "/all_processes"],
+ ["collections", "/collections"],
+ ].each do |target, path|
+ assert_includes @response.body, "href=\"#{path}\""
+ assert_includes @response.body, "All #{target}"
+ end
+ end
+ end
+
+ test "dashboard should show the correct status for processes" do
+ get :index, params: {}, session: session_for(:active)
+ assert_select 'div.panel-body.recent-processes' do
+ [
+ {
+ fixture: 'container_requests',
+ state: 'completed',
+ selectors: [['div.progress', false],
+ ['span.label.label-success', true, 'Complete']]
+ },
+ {
+ fixture: 'container_requests',
+ state: 'uncommitted',
+ selectors: [['div.progress', false],
+ ['span.label.label-default', true, 'Uncommitted']]
+ },
+ {
+ fixture: 'container_requests',
+ state: 'queued',
+ selectors: [['div.progress', false],
+ ['span.label.label-default', true, 'Queued']]
+ },
+ {
+ fixture: 'container_requests',
+ state: 'running',
+ selectors: [['.label-info', true, 'Running']]
+ },
+ {
+ fixture: 'pipeline_instances',
+ state: 'new_pipeline',
+ selectors: [['div.progress', false],
+ ['span.label.label-default', true, 'Not started']]
+ },
+ {
+ fixture: 'pipeline_instances',
+ state: 'pipeline_in_running_state',
+ selectors: [['.label-info', true, 'Running']]
+ },
+ ].each do |c|
+ uuid = api_fixture(c[:fixture])[c[:state]]['uuid']
+ assert_select "div.dashboard-panel-info-row.row-#{uuid}" do
+ if c.include? :selectors
+ c[:selectors].each do |selector, should_show, label|
+ assert_select selector, should_show, "UUID #{uuid} should #{should_show ? '' : 'not'} show '#{selector}'"
+ if should_show and not label.nil?
+ assert_select selector, label, "UUID #{uuid} state label should show #{label}"
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+
+ test "visit a public project and verify the public projects page link exists" do
+ Rails.configuration.Users.AnonymousUserToken = api_fixture('api_client_authorizations')['anonymous']['api_token']
+ uuid = api_fixture('groups')['anonymously_accessible_project']['uuid']
+ get :show, params: {id: uuid}
+ project = assigns(:object)
+ assert_equal uuid, project['uuid']
+ refute_empty css_select("[href=\"/projects/#{project['uuid']}\"]")
+ assert_includes @response.body, "<a href=\"/projects/public\">Public Projects</a>"
+ end
+
+ test 'all_projects unaffected by params after use by ProjectsController (#6640)' do
+ @controller = ProjectsController.new
+ project_uuid = api_fixture('groups')['aproject']['uuid']
+ get :index, params: {
+ filters: [['uuid', '<', project_uuid]].to_json,
+ limit: 0,
+ offset: 1000,
+ }, session: session_for(:active)
+ assert_select "#projects-menu + ul li.divider ~ li a[href=\"/projects/#{project_uuid}\"]"
+ end
+
+ [
+ ["active", 5, ["aproject", "asubproject"], "anonymously_accessible_project"],
+ ["user1_with_load", 2, ["project_with_10_collections"], "project_with_2_pipelines_and_60_crs"],
+ ["admin", 5, ["anonymously_accessible_project", "subproject_in_anonymous_accessible_project"], "aproject"],
+ ].each do |user, page_size, tree_segment, unexpected|
+ # Note: this test is sensitive to database collation. It passes
+ # with en_US.UTF-8.
+ test "build my projects tree for #{user} user and verify #{unexpected} is omitted" do
+ use_token user
+
+ tree, _, _ = @controller.send(:my_wanted_projects_tree,
+ User.current,
+ page_size)
+
+ tree_segment_at_depth_1 = api_fixture('groups')[tree_segment[0]]
+ tree_segment_at_depth_2 = api_fixture('groups')[tree_segment[1]] if tree_segment[1]
+
+ node_depth = {}
+ tree.each do |x|
+ node_depth[x[:object]['uuid']] = x[:depth]
+ end
+
+ assert_equal(1, node_depth[tree_segment_at_depth_1['uuid']])
+ assert_equal(2, node_depth[tree_segment_at_depth_2['uuid']]) if tree_segment[1]
+
+ unexpected_project = api_fixture('groups')[unexpected]
+ assert_nil(node_depth[unexpected_project['uuid']], node_depth.inspect)
+ end
+ end
+
+ [
+ ["active", 1],
+ ["project_viewer", 1],
+ ["admin", 0],
+ ].each do |user, size|
+ test "starred projects for #{user}" do
+ use_token user
+ ctrl = ProjectsController.new
+ current_user = User.find(api_fixture('users')[user]['uuid'])
+ my_starred_project = ctrl.send :my_starred_projects, current_user
+ assert_equal(size, my_starred_project.andand.size)
+
+ ctrl2 = ProjectsController.new
+ current_user = User.find(api_fixture('users')[user]['uuid'])
+ my_starred_project = ctrl2.send :my_starred_projects, current_user
+ assert_equal(size, my_starred_project.andand.size)
+ end
+ end
+
+ test "unshare project and verify that it is no longer included in shared user's starred projects" do
+ # remove sharing link
+ use_token :system_user
+ Link.find(api_fixture('links')['share_starred_project_with_project_viewer']['uuid']).destroy
+
+ # verify that project is no longer included in starred projects
+ use_token :project_viewer
+ current_user = User.find(api_fixture('users')['project_viewer']['uuid'])
+ ctrl = ProjectsController.new
+ my_starred_project = ctrl.send :my_starred_projects, current_user
+ assert_equal(0, my_starred_project.andand.size)
+
+ # share it again
+ @controller = LinksController.new
+ post :create, params: {
+ link: {
+ link_class: 'permission',
+ name: 'can_read',
+ head_uuid: api_fixture('groups')['starred_and_shared_active_user_project']['uuid'],
+ tail_uuid: api_fixture('users')['project_viewer']['uuid'],
+ },
+ format: :json
+ }, session: session_for(:system_user)
+
+ # verify that the project is again included in starred projects
+ use_token :project_viewer
+ ctrl = ProjectsController.new
+ my_starred_project = ctrl.send :my_starred_projects, current_user
+ assert_equal(1, my_starred_project.andand.size)