X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/47e59a35d5ed9b2cdb052894d741972324058505..1df6b1005acfdc098f6f42a384924f6879543c7b:/services/api/test/functional/arvados/v1/groups_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb index 3442eda244..55493046ed 100644 --- a/services/api/test/functional/arvados/v1/groups_controller_test.rb +++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb @@ -116,6 +116,25 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase end end + test "list trashed collections and projects" do + authorize_with :active + get(:contents, { + format: :json, + include_trash: true, + filters: [ + ['uuid', 'is_a', ['arvados#collection', 'arvados#group']], + ['is_trashed', '=', true], + ], + limit: 10000, + }) + assert_response :success + found_uuids = json_response['items'].collect { |i| i['uuid'] } + assert_includes found_uuids, groups(:trashed_project).uuid + refute_includes found_uuids, groups(:aproject).uuid + assert_includes found_uuids, collections(:expired_collection).uuid + refute_includes found_uuids, collections(:w_a_z_file).uuid + end + test "list objects in home project" do authorize_with :active get :contents, { @@ -139,64 +158,59 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_includes ids, collections(:baz_file_in_asubproject).uuid end - [['asc', :<=], - ['desc', :>=]].each do |order, operator| - test "user with project read permission can sort project collections #{order}" do + [ + ['collections.name', 'asc', :<=, "name"], + ['collections.name', 'desc', :>=, "name"], + ['name', 'asc', :<=, "name"], + ['name', 'desc', :>=, "name"], + ['collections.created_at', 'asc', :<=, "created_at"], + ['collections.created_at', 'desc', :>=, "created_at"], + ['created_at', 'asc', :<=, "created_at"], + ['created_at', 'desc', :>=, "created_at"], + ].each do |column, order, operator, field| + test "user with project read permission can sort projects on #{column} #{order}" do authorize_with :project_viewer get :contents, { id: groups(:asubproject).uuid, format: :json, filters: [['uuid', 'is_a', "arvados#collection"]], - order: "collections.name #{order}" + order: "#{column} #{order}" } - sorted_names = json_response['items'].collect { |item| item["name"] } - # Here we avoid assuming too much about the database - # collation. Both "alice"<"Bob" and "alice">"Bob" can be - # correct. Hopefully it _is_ safe to assume that if "a" comes - # before "b" in the ascii alphabet, "aX">"bY" is never true for - # any strings X and Y. - reliably_sortable_names = sorted_names.select do |name| - name[0] >= 'a' and name[0] <= 'z' - end.uniq do |name| - name[0] - end - # Preserve order of sorted_names. But do not use &=. If - # sorted_names has out-of-order duplicates, we want to preserve - # them here, so we can detect them and fail the test below. - sorted_names.select! do |name| - reliably_sortable_names.include? name - end - actually_checked_anything = false - previous = nil - sorted_names.each do |entry| - if previous - assert_operator(previous, operator, entry, - "Entries sorted incorrectly.") - actually_checked_anything = true + sorted_values = json_response['items'].collect { |item| item[field] } + if field == "name" + # Here we avoid assuming too much about the database + # collation. Both "alice"<"Bob" and "alice">"Bob" can be + # correct. Hopefully it _is_ safe to assume that if "a" comes + # before "b" in the ascii alphabet, "aX">"bY" is never true for + # any strings X and Y. + reliably_sortable_names = sorted_values.select do |name| + name[0] >= 'a' && name[0] <= 'z' + end.uniq do |name| + name[0] + end + # Preserve order of sorted_values. But do not use &=. If + # sorted_values has out-of-order duplicates, we want to preserve + # them here, so we can detect them and fail the test below. + sorted_values.select! do |name| + reliably_sortable_names.include? name end - previous = entry end - assert actually_checked_anything, "Didn't even find two names to compare." + assert_sorted(operator, sorted_values) end end - test 'list objects across multiple projects' do - authorize_with :project_viewer - get :contents, { - format: :json, - filters: [['uuid', 'is_a', 'arvados#specimen']] - } - assert_response :success - found_uuids = json_response['items'].collect { |i| i['uuid'] } - [[:in_aproject, true], - [:in_asubproject, true], - [:owned_by_private_group, false]].each do |specimen_fixture, should_find| - if should_find - assert_includes found_uuids, specimens(specimen_fixture).uuid, "did not find specimen fixture '#{specimen_fixture}'" - else - refute_includes found_uuids, specimens(specimen_fixture).uuid, "found specimen fixture '#{specimen_fixture}'" + def assert_sorted(operator, sorted_items) + actually_checked_anything = false + previous = nil + sorted_items.each do |entry| + if !previous.nil? + assert_operator(previous, operator, entry, + "Entries sorted incorrectly.") + actually_checked_anything = true end + previous = entry end + assert actually_checked_anything, "Didn't even find two items to compare." end # Even though the project_viewer tests go through other controllers, @@ -705,4 +719,134 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_not_nil Group.readable_by(users(auth)).where(uuid: groups(:trashed_subproject).uuid).first end end + + test 'get shared owned by another user' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Link.create!( + tail_uuid: users(:user_bar_in_sharing_group).uuid, + link_class: 'permission', + name: 'can_read', + head_uuid: groups(:project_owned_by_foo).uuid) + end + + get :shared, {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"} + + assert_equal 1, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + + assert_equal 1, json_response['included'].length + assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid + end + + test 'get shared, owned by unreadable project' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid) + Link.create!( + tail_uuid: users(:user_bar_in_sharing_group).uuid, + link_class: 'permission', + name: 'can_read', + head_uuid: groups(:project_owned_by_foo).uuid) + end + + get :shared, {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"} + + assert_equal 1, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + + assert_equal 0, json_response['included'].length + end + + test 'get shared, owned by non-project' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:group_for_sharing_tests).uuid) + end + + get :shared, {:filters => [["group_class", "=", "project"]], :include => "owner_uuid"} + + assert_equal 1, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + + assert_equal 1, json_response['included'].length + assert_equal json_response['included'][0]["uuid"], groups(:group_for_sharing_tests).uuid + end + + ### contents with exclude_home_project + + test 'contents, exclude home owned by another user' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Link.create!( + tail_uuid: users(:user_bar_in_sharing_group).uuid, + link_class: 'permission', + name: 'can_read', + head_uuid: groups(:project_owned_by_foo).uuid) + Link.create!( + tail_uuid: users(:user_bar_in_sharing_group).uuid, + link_class: 'permission', + name: 'can_read', + head_uuid: collections(:collection_owned_by_foo).uuid) + end + + get :contents, {:include => "owner_uuid", :exclude_home_project => true} + + assert_equal 2, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + assert_equal json_response['items'][1]["uuid"], collections(:collection_owned_by_foo).uuid + + assert_equal 1, json_response['included'].length + assert_equal json_response['included'][0]["uuid"], users(:user_foo_in_sharing_group).uuid + end + + test 'contents, exclude home, owned by unreadable project' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:aproject).uuid) + Link.create!( + tail_uuid: users(:user_bar_in_sharing_group).uuid, + link_class: 'permission', + name: 'can_read', + head_uuid: groups(:project_owned_by_foo).uuid) + end + + get :contents, {:include => "owner_uuid", :exclude_home_project => true} + + assert_equal 1, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + + assert_equal 0, json_response['included'].length + end + + test 'contents, exclude home, owned by non-project' do + authorize_with :user_bar_in_sharing_group + + act_as_system_user do + Group.find_by_uuid(groups(:project_owned_by_foo).uuid).update!(owner_uuid: groups(:group_for_sharing_tests).uuid) + end + + get :contents, {:include => "owner_uuid", :exclude_home_project => true} + + assert_equal 1, json_response['items'].length + assert_equal json_response['items'][0]["uuid"], groups(:project_owned_by_foo).uuid + + assert_equal 1, json_response['included'].length + assert_equal json_response['included'][0]["uuid"], groups(:group_for_sharing_tests).uuid + end + + + test 'contents, exclude home, with parent specified' do + authorize_with :active + + get :contents, {id: groups(:aproject).uuid, :include => "owner_uuid", :exclude_home_project => true} + + assert_response 422 + end + end