X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3ef580c47029ff0fbf959b044f29c183f41cb609..08d0b1ab43499b7f13462d5e3555d239b4634d22:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index 742deda0c6..67c410047c 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + require 'test_helper' class UserTest < ActiveSupport::TestCase @@ -447,7 +451,9 @@ class UserTest < ActiveSupport::TestCase vm = VirtualMachine.create - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -490,7 +496,9 @@ class UserTest < ActiveSupport::TestCase verify_link resp_link, 'permission', 'can_login', email, bad_uuid - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -522,7 +530,7 @@ class UserTest < ActiveSupport::TestCase user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) - response = User.setup user, openid_prefix + response = user.setup(openid_prefix: openid_prefix) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -537,7 +545,8 @@ class UserTest < ActiveSupport::TestCase verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil # invoke setup again with repo_name - response = User.setup user, openid_prefix, 'foo/testrepo' + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo') resp_user = find_obj_in_resp response, 'User', nil verify_user resp_user, email assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found' @@ -551,7 +560,9 @@ class UserTest < ActiveSupport::TestCase # invoke setup again with a vm_uuid vm = VirtualMachine.create - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User', nil verify_user resp_user, email @@ -632,11 +643,11 @@ class UserTest < ActiveSupport::TestCase assert_equal(expect_username, user.username) # check user setup - verify_link_exists(Rails.configuration.auto_setup_new_users, + verify_link_exists(Rails.configuration.auto_setup_new_users || active, groups(:all_users).uuid, user.uuid, "permission", "can_read") # Check for OID login link. - verify_link_exists(Rails.configuration.auto_setup_new_users, + verify_link_exists(Rails.configuration.auto_setup_new_users || active, user.uuid, user.email, "permission", "can_login") # Check for repository. if named_repo = (prior_repo or @@ -710,4 +721,83 @@ class UserTest < ActiveSupport::TestCase end end + [ + [:active, 'zzzzz-borkd-abcde12345abcde'], + [:active, 'zzzzz-j7d0g-abcde12345abcde'], + [:active, 'zzzzz-tpzed-borkd'], + [:system_user, 'zzzzz-tpzed-abcde12345abcde'], + [:anonymous, 'zzzzz-tpzed-abcde12345abcde'], + ].each do |fixture, new_uuid| + test "disallow update_uuid #{fixture} -> #{new_uuid}" do + u = users(fixture) + orig_uuid = u.uuid + act_as_system_user do + assert_raises do + u.update_uuid(new_uuid: new_uuid) + end + end + # "Successfully aborted orig->new" outcome looks the same as + # "successfully updated new->orig". + assert_update_success(old_uuid: new_uuid, + new_uuid: orig_uuid, + expect_owned_objects: fixture == :active) + end + end + + [:active, :spectator, :admin].each do |target| + test "update_uuid on #{target} as non-admin user" do + act_as_user users(:active) do + assert_raises(ArvadosModel::PermissionDeniedError) do + users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde') + end + end + end + end + + test "update_uuid to existing uuid" do + u = users(:active) + orig_uuid = u.uuid + new_uuid = users(:admin).uuid + act_as_system_user do + assert_raises do + u.update_uuid(new_uuid: new_uuid) + end + end + u.reload + assert_equal u.uuid, orig_uuid + assert_not_empty Collection.where(owner_uuid: orig_uuid) + assert_not_empty Group.where(owner_uuid: orig_uuid) + end + + [ + [:active, 'zbbbb-tpzed-abcde12345abcde'], + [:active, 'zzzzz-tpzed-abcde12345abcde'], + [:admin, 'zbbbb-tpzed-abcde12345abcde'], + [:admin, 'zzzzz-tpzed-abcde12345abcde'], + ].each do |fixture, new_uuid| + test "update_uuid #{fixture} to unused uuid #{new_uuid}" do + u = users(fixture) + orig_uuid = u.uuid + act_as_system_user do + u.update_uuid(new_uuid: new_uuid) + end + assert_update_success(old_uuid: orig_uuid, + new_uuid: new_uuid, + expect_owned_objects: fixture == :active) + end + end + + def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true) + [[User, :uuid], + [Link, :head_uuid], + [Link, :tail_uuid], + [Group, :owner_uuid], + [Collection, :owner_uuid], + ].each do |klass, attr| + assert_empty klass.where(attr => old_uuid) + if klass == User || expect_owned_objects + assert_not_empty klass.where(attr => new_uuid) + end + end + end end