X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3f5b1be0f705c8f1491fdca5e3b57982d97378fd..f28c121ae84586bec9cbadcfc5b296f563818112:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index b6d66230db..9a0e1dbf9c 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -387,7 +387,7 @@ class UserTest < ActiveSupport::TestCase [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", true, true, "ad9"], [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", false, false, "ad9"], ].each do |active, new_user_recipients, inactive_recipients, email, auto_setup_vm, auto_setup_repo, expect_username| - test "create new user with auto setup #{active} #{email} #{auto_setup_vm} #{auto_setup_repo}" do + test "create new user with auto setup active=#{active} email=#{email} vm=#{auto_setup_vm} repo=#{auto_setup_repo}" do set_user_from_auth :admin Rails.configuration.Users.AutoSetupNewUsers = true @@ -447,30 +447,40 @@ class UserTest < ActiveSupport::TestCase assert_not_allowed { User.new.save } end - test "setup new user" do - set_user_from_auth :admin + [true, false].each do |visible| + test "setup new user with ActivatedUsersAreVisibleToOthers=#{visible}" do + Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = visible + set_user_from_auth :admin - email = 'foo@example.com' + email = 'foo@example.com' - user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) + user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) - vm = VirtualMachine.create + vm = VirtualMachine.create - response = user.setup(repo_name: 'foo/testrepo', - vm_uuid: vm.uuid) + response = user.setup(repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) - resp_user = find_obj_in_resp response, 'User' - verify_user resp_user, email + resp_user = find_obj_in_resp response, 'User' + verify_user resp_user, email - group_perm = find_obj_in_resp response, 'Link', 'arvados#group' - verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil - repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' - verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + if visible + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + else + assert_nil group_perm2 + end - vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' - verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid - assert_equal("foo", vm_perm.properties["username"]) + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + + vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' + verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid + assert_equal("foo", vm_perm.properties["username"]) + end end test "setup new user with junk in database" do @@ -514,6 +524,9 @@ class UserTest < ActiveSupport::TestCase group_perm = find_obj_in_resp response, 'Link', 'arvados#group' verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + # invoke setup again with repo_name response = user.setup(repo_name: 'foo/testrepo') resp_user = find_obj_in_resp response, 'User', nil @@ -560,7 +573,7 @@ class UserTest < ActiveSupport::TestCase break end else # looking for a link - if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind + if ArvadosModel::resource_class_for_uuid(x['head_uuid']).andand.kind == head_kind return_obj = x break end @@ -621,6 +634,7 @@ class UserTest < ActiveSupport::TestCase Rails.configuration.Users.AutoSetupNewUsersWithRepository), named_repo.uuid, user.uuid, "permission", "can_manage") end + # Check for VM login. if (auto_vm_uuid = Rails.configuration.Users.AutoSetupNewUsersWithVmUUID) != "" verify_link_exists(can_setup, auto_vm_uuid, user.uuid, @@ -677,7 +691,7 @@ class UserTest < ActiveSupport::TestCase tail_uuid: tail_uuid, link_class: link_class, name: link_name) - assert_equal link_exists, all_links.any?, "Link #{'not' if link_exists} found for #{link_name} #{link_class} #{property_value}" + assert_equal link_exists, all_links.any?, "Link#{' not' if link_exists} found for #{link_name} #{link_class} #{property_value}" if link_exists && property_name && property_value all_links.each do |link| assert_equal true, all_links.first.properties[property_name].start_with?(property_value), 'Property not found in link' @@ -685,72 +699,6 @@ class UserTest < ActiveSupport::TestCase end end - [ - [:active, 'zzzzz-borkd-abcde12345abcde'], - [:active, 'zzzzz-j7d0g-abcde12345abcde'], - [:active, 'zzzzz-tpzed-borkd'], - [:system_user, 'zzzzz-tpzed-abcde12345abcde'], - [:anonymous, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "disallow update_uuid #{fixture} -> #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - # "Successfully aborted orig->new" outcome looks the same as - # "successfully updated new->orig". - assert_update_success(old_uuid: new_uuid, - new_uuid: orig_uuid, - expect_owned_objects: fixture == :active) - end - end - - [:active, :spectator, :admin].each do |target| - test "update_uuid on #{target} as non-admin user" do - act_as_user users(:active) do - assert_raises(ArvadosModel::PermissionDeniedError) do - users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde') - end - end - end - end - - test "update_uuid to existing uuid" do - u = users(:active) - orig_uuid = u.uuid - new_uuid = users(:admin).uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - u.reload - assert_equal u.uuid, orig_uuid - assert_not_empty Collection.where(owner_uuid: orig_uuid) - assert_not_empty Group.where(owner_uuid: orig_uuid) - end - - [ - [:active, 'zbbbb-tpzed-abcde12345abcde'], - [:active, 'zzzzz-tpzed-abcde12345abcde'], - [:admin, 'zbbbb-tpzed-abcde12345abcde'], - [:admin, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "update_uuid #{fixture} to unused uuid #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - u.update_uuid(new_uuid: new_uuid) - end - assert_update_success(old_uuid: orig_uuid, - new_uuid: new_uuid, - expect_owned_objects: fixture == :active) - end - end - def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true) [[User, :uuid], [Link, :head_uuid], @@ -849,4 +797,12 @@ class UserTest < ActiveSupport::TestCase assert user.save end + test "empty identity_url saves as null" do + set_user_from_auth :admin + user = users(:active) + assert user.update_attributes(identity_url: '') + user.reload + assert_nil user.identity_url + end + end