X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/16f704326f44fd1e5e5e60b936c9b5895d6a6ff8..7407f41105f8000bb3908d41a31daaf3a30d9440:/services/api/test/integration/groups_test.rb diff --git a/services/api/test/integration/groups_test.rb b/services/api/test/integration/groups_test.rb index 6b1bf795ed..7021761278 100644 --- a/services/api/test/integration/groups_test.rb +++ b/services/api/test/integration/groups_test.rb @@ -9,12 +9,14 @@ class GroupsTest < ActionDispatch::IntegrationTest test "results are consistent when provided orders #{orders} is incomplete" do last = nil (0..20).each do - get '/arvados/v1/groups/contents', { - id: groups(:aproject).uuid, - filters: [["uuid", "is_a", "arvados#collection"]].to_json, - orders: orders.to_json, - format: :json, - }, auth(:active) + get '/arvados/v1/groups/contents', + params: { + id: groups(:aproject).uuid, + filters: [["uuid", "is_a", "arvados#collection"]].to_json, + orders: orders.to_json, + format: :json, + }, + headers: auth(:active) assert_response :success if last.nil? last = json_response['items'] @@ -32,12 +34,14 @@ class GroupsTest < ActionDispatch::IntegrationTest uuid_received = {} owner_received = {} while true - get "/arvados/v1/groups/contents", { - id: groups(:aproject).uuid, - limit: limit, - offset: offset, - format: :json, - }, auth(:active) + get "/arvados/v1/groups/contents", + params: { + id: groups(:aproject).uuid, + limit: limit, + offset: offset, + format: :json, + }, + headers: auth(:active) assert_response :success assert_operator(0, :<, json_response['items'].count, @@ -71,11 +75,13 @@ class GroupsTest < ActionDispatch::IntegrationTest ['no-such-thing', false], # script_parameter of pipeline instances ].each do |search_filter, expect_results| test "full text search of group-owned objects for #{search_filter}" do - get "/arvados/v1/groups/contents", { - id: groups(:aproject).uuid, - limit: 5, - :filters => [['any', '@@', search_filter]].to_json - }, auth(:active) + get "/arvados/v1/groups/contents", + params: { + id: groups(:aproject).uuid, + limit: 5, + :filters => [['any', '@@', search_filter]].to_json + }, + headers: auth(:active) assert_response :success if expect_results refute_empty json_response['items'] @@ -90,18 +96,22 @@ class GroupsTest < ActionDispatch::IntegrationTest end test "full text search is not supported for individual columns" do - get "/arvados/v1/groups/contents", { - :filters => [['name', '@@', 'Private']].to_json - }, auth(:active) + get "/arvados/v1/groups/contents", + params: { + :filters => [['name', '@@', 'Private']].to_json + }, + headers: auth(:active) assert_response 422 end test "group contents with include trash collections" do - get "/arvados/v1/groups/contents", { - include_trash: "true", - filters: [["uuid", "is_a", "arvados#collection"]].to_json, - limit: 1000 - }, auth(:active) + get "/arvados/v1/groups/contents", + params: { + include_trash: "true", + filters: [["uuid", "is_a", "arvados#collection"]].to_json, + limit: 1000 + }, + headers: auth(:active) assert_response 200 coll_uuids = [] @@ -111,10 +121,12 @@ class GroupsTest < ActionDispatch::IntegrationTest end test "group contents without trash collections" do - get "/arvados/v1/groups/contents", { - filters: [["uuid", "is_a", "arvados#collection"]].to_json, - limit: 1000 - }, auth(:active) + get "/arvados/v1/groups/contents", + params: { + filters: [["uuid", "is_a", "arvados#collection"]].to_json, + limit: 1000 + }, + headers: auth(:active) assert_response 200 coll_uuids = [] @@ -123,34 +135,104 @@ class GroupsTest < ActionDispatch::IntegrationTest assert_not_includes coll_uuids, collections(:expired_collection).uuid end - test "create request with async=true defers permissions update" do - Rails.configuration.async_permissions_update_interval = 1 # seconds + test "unsharing a project results in hiding it from previously shared user" do + # remove sharing link for project + delete "/arvados/v1/links/#{links(:share_starred_project_with_project_viewer).uuid}", headers: auth(:admin) + assert_response 200 + + # verify that the user can no longer see the project + get "/arvados/v1/groups", + params: { + filters: [['group_class', '=', 'project']].to_json, + limit: 1000 + }, headers: auth(:project_viewer) + assert_response 200 + found_projects = {} + json_response['items'].each do |g| + found_projects[g['uuid']] = g + end + assert_equal false, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid) + + # share the project + post "/arvados/v1/links", params: { + link: { + link_class: "permission", + name: "can_read", + head_uuid: groups(:starred_and_shared_active_user_project).uuid, + tail_uuid: users(:project_viewer).uuid, + } + }, headers: auth(:system_user) + assert_response 200 + assert_equal 'permission', json_response['link_class'] + + # verify that project_viewer user can now see shared project again + get "/arvados/v1/groups", params: { + filters: [['group_class', '=', 'project']].to_json, + limit: 1000 + }, headers: auth(:project_viewer) + assert_response 200 + found_projects = {} + json_response['items'].each do |g| + found_projects[g['uuid']] = g + end + assert_equal true, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid) + end +end + +class NonTransactionalGroupsTest < ActionDispatch::IntegrationTest + # Transactional tests are disabled to be able to test the concurrent + # asynchronous permissions update feature. + # This is needed because nested transactions share the connection pool, so + # one thread is locked while trying to talk to the database, until the other + # one finishes. + self.use_transactional_tests = false + + teardown do + # Explicitly reset the database after each test. + post '/database/reset', params: {}, headers: auth(:admin) + assert_response :success + end + + test "create request with async=true does not defer permissions update" do + Rails.configuration.API.AsyncPermissionsUpdateInterval = 1 # second name = "Random group #{rand(1000)}" assert_equal nil, Group.find_by_name(name) - post "/arvados/v1/groups", { - group: { - name: name + + # Following the implementation of incremental permission updates + # (#16007) the async flag is now a no-op. Permission changes are + # visible immediately. + + # Trigger the asynchronous permission update by using async=true parameter. + post "/arvados/v1/groups", + params: { + group: { + name: name, + group_class: "project" + }, + async: true }, - async: true - }, auth(:active) + headers: auth(:active) assert_response 202 - g = Group.find_by_name(name) - assert_not_nil g - get "/arvados/v1/groups", { - filters: [["name", "=", name]].to_json, - limit: 10 - }, auth(:active) - assert_response 200 - assert_equal 0, json_response['items_available'] - # Unblock the thread doing the permissions update - ActiveRecord::Base.clear_active_connections! + # The group exists in the database + assert_not_nil Group.find_by_name(name) + get "/arvados/v1/groups", + params: { + filters: [["name", "=", name]].to_json, + limit: 10 + }, + headers: auth(:active) + assert_response 200 + assert_equal 1, json_response['items_available'] - sleep(3) - get "/arvados/v1/groups", { - filters: [["name", "=", name]].to_json, - limit: 10 - }, auth(:active) + # Wait a bit and try again. + sleep(1) + get "/arvados/v1/groups", + params: { + filters: [["name", "=", name]].to_json, + limit: 10 + }, + headers: auth(:active) assert_response 200 assert_equal 1, json_response['items_available'] end