X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/58b6e6889cf9f9b108fe4a6ba7a100713bedbab9..7407f41105f8000bb3908d41a31daaf3a30d9440:/services/api/test/unit/link_test.rb

diff --git a/services/api/test/unit/link_test.rb b/services/api/test/unit/link_test.rb
index 028f403a28..00f3cc2913 100644
--- a/services/api/test/unit/link_test.rb
+++ b/services/api/test/unit/link_test.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class LinkTest < ActiveSupport::TestCase
@@ -7,17 +11,27 @@ class LinkTest < ActiveSupport::TestCase
     set_user_from_auth :admin_trustedclient
   end
 
-  test "cannot delete an object referenced by links" do
-    ob = Specimen.create
-    link = Link.create(tail_uuid: users(:active).uuid,
-                       head_uuid: ob.uuid,
-                       link_class: 'test',
-                       name: 'test')
+  test "cannot delete an object referenced by unwritable links" do
+    ob = act_as_user users(:active) do
+      Specimen.create
+    end
+    link = act_as_user users(:admin) do
+      Link.create(tail_uuid: users(:active).uuid,
+                  head_uuid: ob.uuid,
+                  link_class: 'test',
+                  name: 'test')
+    end
     assert_equal users(:admin).uuid, link.owner_uuid
-    assert_raises(ActiveRecord::DeleteRestrictionError,
+    assert_raises(ArvadosModel::PermissionDeniedError,
                   "should not delete #{ob.uuid} with link #{link.uuid}") do
+      act_as_user users(:active) do
+        ob.destroy
+      end
+    end
+    act_as_user users(:admin) do
       ob.destroy
     end
+    assert_empty Link.where(uuid: link.uuid)
   end
 
   def new_active_link_valid?(link_attrs)
@@ -34,6 +48,11 @@ class LinkTest < ActiveSupport::TestCase
     end
   end
 
+  test "non-admin project owner can make it public" do
+    assert(new_active_link_valid?(tail_uuid: groups(:anonymous_group).uuid),
+           "non-admin project owner can't make their project public")
+  end
+
   test "link granting permission to nonexistent user is invalid" do
     refute new_active_link_valid?(tail_uuid:
                                   users(:active).uuid.sub(/-\w+$/, "-#{'z' * 15}"))
@@ -61,4 +80,9 @@ class LinkTest < ActiveSupport::TestCase
   test "link granting project permissions to unreadable user is invalid" do
     refute new_active_link_valid?(tail_uuid: users(:admin).uuid)
   end
+
+  test "permission link can't exist on past collection versions" do
+    refute new_active_link_valid?(tail_uuid: groups(:public).uuid,
+                                  head_uuid: collections(:w_a_z_file_version_1).uuid)
+  end
 end