X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/045e3127cb48845c7d988d01488c055f02ae2ec3..685db28b50225cde7dbb03aa2275f7a165d888a3:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index f973c6ba1f..7368d89374 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -447,30 +447,40 @@ class UserTest < ActiveSupport::TestCase assert_not_allowed { User.new.save } end - test "setup new user" do - set_user_from_auth :admin + [true, false].each do |visible| + test "setup new user with ActivatedUsersAreVisibleToOthers=#{visible}" do + Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = visible + set_user_from_auth :admin - email = 'foo@example.com' + email = 'foo@example.com' - user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) + user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) - vm = VirtualMachine.create + vm = VirtualMachine.create - response = user.setup(repo_name: 'foo/testrepo', - vm_uuid: vm.uuid) + response = user.setup(repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) - resp_user = find_obj_in_resp response, 'User' - verify_user resp_user, email + resp_user = find_obj_in_resp response, 'User' + verify_user resp_user, email - group_perm = find_obj_in_resp response, 'Link', 'arvados#group' - verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil - repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' - verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + if visible + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + else + assert_nil group_perm2 + end - vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' - verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid - assert_equal("foo", vm_perm.properties["username"]) + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + + vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' + verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid + assert_equal("foo", vm_perm.properties["username"]) + end end test "setup new user with junk in database" do @@ -514,6 +524,9 @@ class UserTest < ActiveSupport::TestCase group_perm = find_obj_in_resp response, 'Link', 'arvados#group' verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + # invoke setup again with repo_name response = user.setup(repo_name: 'foo/testrepo') resp_user = find_obj_in_resp response, 'User', nil @@ -560,7 +573,7 @@ class UserTest < ActiveSupport::TestCase break end else # looking for a link - if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind + if ArvadosModel::resource_class_for_uuid(x['head_uuid']).andand.kind == head_kind return_obj = x break end @@ -686,72 +699,6 @@ class UserTest < ActiveSupport::TestCase end end - [ - [:active, 'zzzzz-borkd-abcde12345abcde'], - [:active, 'zzzzz-j7d0g-abcde12345abcde'], - [:active, 'zzzzz-tpzed-borkd'], - [:system_user, 'zzzzz-tpzed-abcde12345abcde'], - [:anonymous, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "disallow update_uuid #{fixture} -> #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - # "Successfully aborted orig->new" outcome looks the same as - # "successfully updated new->orig". - assert_update_success(old_uuid: new_uuid, - new_uuid: orig_uuid, - expect_owned_objects: fixture == :active) - end - end - - [:active, :spectator, :admin].each do |target| - test "update_uuid on #{target} as non-admin user" do - act_as_user users(:active) do - assert_raises(ArvadosModel::PermissionDeniedError) do - users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde') - end - end - end - end - - test "update_uuid to existing uuid" do - u = users(:active) - orig_uuid = u.uuid - new_uuid = users(:admin).uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - u.reload - assert_equal u.uuid, orig_uuid - assert_not_empty Collection.where(owner_uuid: orig_uuid) - assert_not_empty Group.where(owner_uuid: orig_uuid) - end - - [ - [:active, 'zbbbb-tpzed-abcde12345abcde'], - [:active, 'zzzzz-tpzed-abcde12345abcde'], - [:admin, 'zbbbb-tpzed-abcde12345abcde'], - [:admin, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "update_uuid #{fixture} to unused uuid #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - u.update_uuid(new_uuid: new_uuid) - end - assert_update_success(old_uuid: orig_uuid, - new_uuid: new_uuid, - expect_owned_objects: fixture == :active) - end - end - def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true) [[User, :uuid], [Link, :head_uuid],