X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/44e4d85c32d5e4ea4dc651570672e59d7a10d3b3..0821f5481edd016a3744bb50d97a9e5b99cd1a0f:/services/api/test/unit/permission_test.rb

diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index 20cffdaaa7..79fc1f29c7 100644
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -354,17 +354,26 @@ class PermissionTest < ActiveSupport::TestCase
     end
   end
 
-  test "active user cannot write admin's repo" do
-    set_user_from_auth :active
-    assert_raises ArvadosModel::PermissionDeniedError, "pwned" do
-      repositories(:repository3).update_attributes(name: "kilroy")
-    end
+  def container_logs(container, user)
+    Log.readable_by(users(user)).
+      where(object_uuid: containers(container).uuid, event_type: "test")
   end
 
-  test "active user cannot change repo name via can_manage permission" do
-    set_user_from_auth :active
-    assert_raises ArvadosModel::PermissionDeniedError, "pwned" do
-      repositories(:foo).update_attributes(name: "arvados")
-    end
+  test "container logs created by dispatch are visible to container requestor" do
+    set_user_from_auth :dispatch1
+    Log.create!(object_uuid: containers(:running).uuid,
+                event_type: "test")
+
+    assert_not_empty container_logs(:running, :admin)
+    assert_not_empty container_logs(:running, :active)
+    assert_empty container_logs(:running, :spectator)
+  end
+
+  test "container logs created by dispatch are public if container request is public" do
+    set_user_from_auth :dispatch1
+    Log.create!(object_uuid: containers(:running_older).uuid,
+                event_type: "test")
+
+    assert_not_empty container_logs(:running_older, :anonymous)
   end
 end