X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1128f6e0d62f71f4ee91ab609c918ae5bb291edd..1346cc5072843797a8091cd67a0eb75499a97642:/services/api/test/integration/groups_test.rb

diff --git a/services/api/test/integration/groups_test.rb b/services/api/test/integration/groups_test.rb
index 5ceb99bcb9..eb97fc1f49 100644
--- a/services/api/test/integration/groups_test.rb
+++ b/services/api/test/integration/groups_test.rb
@@ -1,6 +1,31 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class GroupsTest < ActionDispatch::IntegrationTest
+  [[], ['replication_confirmed']].each do |orders|
+    test "results are consistent when provided orders #{orders} is incomplete" do
+      last = nil
+      (0..20).each do
+        get '/arvados/v1/groups/contents',
+          params: {
+            id: groups(:aproject).uuid,
+            filters: [["uuid", "is_a", "arvados#collection"]].to_json,
+            orders: orders.to_json,
+            format: :json,
+          },
+          headers: auth(:active)
+        assert_response :success
+        if last.nil?
+          last = json_response['items']
+        else
+          assert_equal last, json_response['items']
+        end
+      end
+    end
+  end
 
   test "get all pages of group-owned objects" do
     limit = 5
@@ -9,14 +34,14 @@ class GroupsTest < ActionDispatch::IntegrationTest
     uuid_received = {}
     owner_received = {}
     while true
-      @json_response = nil
-
-      get "/arvados/v1/groups/contents", {
-        id: groups(:aproject).uuid,
-        limit: limit,
-        offset: offset,
-        format: :json,
-      }, auth(:active)
+      get "/arvados/v1/groups/contents",
+        params: {
+          id: groups(:aproject).uuid,
+          limit: limit,
+          offset: offset,
+          format: :json,
+        },
+        headers: auth(:active)
 
       assert_response :success
       assert_operator(0, :<, json_response['items'].count,
@@ -50,11 +75,13 @@ class GroupsTest < ActionDispatch::IntegrationTest
     ['no-such-thing', false],         # script_parameter of pipeline instances
   ].each do |search_filter, expect_results|
     test "full text search of group-owned objects for #{search_filter}" do
-      get "/arvados/v1/groups/contents", {
-        id: groups(:aproject).uuid,
-        limit: 5,
-        :filters => [['any', '@@', search_filter]].to_json
-      }, auth(:active)
+      get "/arvados/v1/groups/contents",
+        params: {
+          id: groups(:aproject).uuid,
+          limit: 5,
+          :filters => [['any', '@@', search_filter]].to_json
+        },
+        headers: auth(:active)
       assert_response :success
       if expect_results
         refute_empty json_response['items']
@@ -69,9 +96,139 @@ class GroupsTest < ActionDispatch::IntegrationTest
   end
 
   test "full text search is not supported for individual columns" do
-    get "/arvados/v1/groups/contents", {
-      :filters => [['name', '@@', 'Private']].to_json
-    }, auth(:active)
+    get "/arvados/v1/groups/contents",
+      params: {
+        :filters => [['name', '@@', 'Private']].to_json
+      },
+      headers: auth(:active)
     assert_response 422
   end
+
+  test "group contents with include trash collections" do
+    get "/arvados/v1/groups/contents",
+      params: {
+        include_trash: "true",
+        filters: [["uuid", "is_a", "arvados#collection"]].to_json,
+        limit: 1000
+      },
+      headers: auth(:active)
+    assert_response 200
+
+    coll_uuids = []
+    json_response['items'].each { |c| coll_uuids << c['uuid'] }
+    assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
+    assert_includes coll_uuids, collections(:expired_collection).uuid
+  end
+
+  test "group contents without trash collections" do
+    get "/arvados/v1/groups/contents",
+      params: {
+        filters: [["uuid", "is_a", "arvados#collection"]].to_json,
+        limit: 1000
+      },
+      headers: auth(:active)
+    assert_response 200
+
+    coll_uuids = []
+    json_response['items'].each { |c| coll_uuids << c['uuid'] }
+    assert_includes coll_uuids, collections(:foo_collection_in_aproject).uuid
+    assert_not_includes coll_uuids, collections(:expired_collection).uuid
+  end
+
+  test "unsharing a project results in hiding it from previously shared user" do
+    # remove sharing link for project
+    delete "/arvados/v1/links/#{links(:share_starred_project_with_project_viewer).uuid}", headers: auth(:admin)
+    assert_response 200
+
+    # verify that the user can no longer see the project
+    get "/arvados/v1/groups",
+      params: {
+        filters: [['group_class', '=', 'project']].to_json,
+        limit: 1000
+      }, headers: auth(:project_viewer)
+    assert_response 200
+    found_projects = {}
+    json_response['items'].each do |g|
+      found_projects[g['uuid']] = g
+    end
+    assert_equal false, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
+
+    # share the project
+    post "/arvados/v1/links", params: {
+      link: {
+        link_class: "permission",
+        name: "can_read",
+        head_uuid: groups(:starred_and_shared_active_user_project).uuid,
+        tail_uuid: users(:project_viewer).uuid,
+      }
+    }, headers: auth(:system_user)
+    assert_response 200
+    assert_equal 'permission', json_response['link_class']
+
+    # verify that project_viewer user can now see shared project again
+    get "/arvados/v1/groups", params: {
+      filters: [['group_class', '=', 'project']].to_json,
+      limit: 1000
+    }, headers: auth(:project_viewer)
+    assert_response 200
+    found_projects = {}
+    json_response['items'].each do |g|
+      found_projects[g['uuid']] = g
+    end
+    assert_equal true, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid)
+  end
+end
+
+class NonTransactionalGroupsTest < ActionDispatch::IntegrationTest
+  # Transactional tests are disabled to be able to test the concurrent
+  # asynchronous permissions update feature.
+  # This is needed because nested transactions share the connection pool, so
+  # one thread is locked while trying to talk to the database, until the other
+  # one finishes.
+  self.use_transactional_tests = false
+
+  teardown do
+    # Explicitly reset the database after each test.
+    post '/database/reset', params: {}, headers: auth(:admin)
+    assert_response :success
+  end
+
+  test "create request with async=true defers permissions update" do
+    Rails.configuration.API.AsyncPermissionsUpdateInterval = 1 # second
+    name = "Random group #{rand(1000)}"
+    assert_equal nil, Group.find_by_name(name)
+
+    # Trigger the asynchronous permission update by using async=true parameter.
+    post "/arvados/v1/groups",
+      params: {
+        group: {
+          name: name
+        },
+        async: true
+      },
+      headers: auth(:active)
+    assert_response 202
+
+    # The group exists on the database, but it's not accessible yet.
+    assert_not_nil Group.find_by_name(name)
+    get "/arvados/v1/groups",
+      params: {
+        filters: [["name", "=", name]].to_json,
+        limit: 10
+      },
+      headers: auth(:active)
+    assert_response 200
+    assert_equal 0, json_response['items_available']
+
+    # Wait a bit and try again.
+    sleep(1)
+    get "/arvados/v1/groups",
+      params: {
+        filters: [["name", "=", name]].to_json,
+        limit: 10
+      },
+      headers: auth(:active)
+    assert_response 200
+    assert_equal 1, json_response['items_available']
+  end
 end