+ assert proj.update(frozen_by_uuid: nil), proj.errors.messages
+ end
+
+ # Cannot freeze a project if it contains container requests in
+ # Committed state (this would cause operations on the relevant
+ # Containers to fail when syncing container request state)
+ creq_uncommitted = ContainerRequest.create!(test_cr_attrs.merge(owner_uuid: proj_inner.uuid))
+ creq_committed = ContainerRequest.create!(test_cr_attrs.merge(owner_uuid: proj_inner.uuid, state: 'Committed'))
+ err = assert_raises do
+ proj.update!(frozen_by_uuid: users(:active).uuid)
+ end
+ assert_match /container request zzzzz-xvhdp-.* with state = Committed/, err.inspect
+ proj.reload
+
+ # Can freeze once all container requests are in Uncommitted or
+ # Final state
+ creq_committed.update!(state: ContainerRequest::Final)
+ assert proj.update(frozen_by_uuid: users(:active).uuid)
+ end
+ end
+
+ [
+ [false, :admin, true],
+ [false, :active, false],
+ [true, :admin, true],
+ [true, :active, true],
+ [true, :inactive, false],
+ ].each do |conf, user, allowed|
+ test "config.Users.CanCreateRoleGroups conf=#{conf}, user=#{user}" do
+ Rails.configuration.Users.CanCreateRoleGroups = conf
+ act_as_user users(user) do
+ if allowed
+ Group.create!(name: 'admin-created', group_class: 'role')
+ else
+ assert_raises(ArvadosModel::PermissionDeniedError) do
+ Group.create!(name: 'user-created', group_class: 'role')
+ end
+ end