assert users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
- l1.update_attributes!(name: 'can_read')
+ l1.update!(name: 'can_read')
assert !users(:active).can?(write: ob)
assert users(:active).can?(read: ob)
end
test "manager user gets permission to minions' articles via can_manage link" do
+ Rails.configuration.Users.RoleGroupsVisibleToAll = false
Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = false
manager = create :active_user, first_name: "Manage", last_name: "Er"
minion = create :active_user, first_name: "Min", last_name: "Ion"
"manager saw the minion's private stuff")
assert_raises(ArvadosModel::PermissionDeniedError,
"manager could update minion's private stuff") do
- minions_specimen.update_attributes(properties: {'x' => 'y'})
+ minions_specimen.update(properties: {'x' => 'y'})
end
end
.where(uuid: minions_specimen.uuid),
"manager could not find minion's specimen by uuid")
assert_equal(true,
- minions_specimen.update_attributes(properties: {'x' => 'y'}),
+ minions_specimen.update(properties: {'x' => 'y'}),
"manager could not update minion's specimen object")
end
end
"OTHER can see #{u.first_name} in the user list")
act_as_user u do
assert_raises ArvadosModel::PermissionDeniedError, "wrote without perm" do
- other.update_attributes!(prefs: {'pwned' => true})
+ other.update!(prefs: {'pwned' => true})
end
- assert_equal(true, u.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, u.update!(prefs: {'thisisme' => true}),
"#{u.first_name} can't update its own prefs")
end
act_as_user other do
assert_raises(ArvadosModel::PermissionDeniedError,
"OTHER wrote #{u.first_name} without perm") do
- u.update_attributes!(prefs: {'pwned' => true})
+ u.update!(prefs: {'pwned' => true})
end
- assert_equal(true, other.update_attributes!(prefs: {'thisisme' => true}),
+ assert_equal(true, other.update!(prefs: {'thisisme' => true}),
"OTHER can't update its own prefs")
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable user" do
- ob.update_attributes!(owner_uuid: users(:active).uuid)
+ ob.update!(owner_uuid: users(:active).uuid)
end
end
set_user_from_auth :rominiadmin
ob = Collection.create!
assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable group" do
- ob.update_attributes!(owner_uuid: groups(:aproject).uuid)
+ ob.update!(owner_uuid: groups(:aproject).uuid)
end
end
assert users(:active).can?(write: col.uuid)
assert users(:active).can?(manage: col.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l1 and upgraded to
+ # the max permission of {l1, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Collection.readable_by(users(:active)).where(uuid: col.uuid).first
assert users(:active).can?(read: col.uuid)
assert users(:active).can?(write: prj.uuid)
assert users(:active).can?(manage: prj.uuid)
- l3.destroy!
+ # Creating l3 should have automatically deleted l0 and upgraded to
+ # the max permission of {l0, l3}, i.e., can_manage (see #18693) so
+ # there should be no can_read link now.
+ refute Link.where(tail_uuid: l3.tail_uuid,
+ head_uuid: l3.head_uuid,
+ link_class: 'permission',
+ name: 'can_read').any?
assert Group.readable_by(users(:active)).where(uuid: prj.uuid).first
assert users(:active).can?(read: prj.uuid)
end
end
end
+
+ # Show query plan for readable_by query. The plan for a test db
+ # might not resemble the plan for a production db, but it doesn't
+ # hurt to show the test db plan in test logs, and the .
+ [false, true].each do |include_trash|
+ test "query plan, include_trash=#{include_trash}" do
+ sql = Collection.readable_by(users(:active), include_trash: include_trash).to_sql
+ sql = "explain analyze #{sql}"
+ STDERR.puts sql
+ q = ActiveRecord::Base.connection.exec_query(sql)
+ q.rows.each do |row| STDERR.puts(row) end
+ end
+ end
end
projects / arvados.git / blobdiff