X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/611a3323ea110671c5fa021e14f93b24e4a6d7b7..9b6b5f0bd2ad96deeea2070a4eba56795bb28c1a:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index 29ba3e4980..9bcb0116fb 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -9,38 +9,80 @@ class UserTest < ActiveSupport::TestCase system_user end - test "create_new_user_auto_admin_first_user" do - # This test requires no admin users exist (except for the system user) - users(:admin).delete + [[false, 'foo@example.com', true, nil], + [false, 'bar@example.com', nil, true], + [true, 'foo@example.com', true, nil], + [true, 'bar@example.com', true, true], + [false, false, nil, nil], + [true, false, true, nil] + ].each do |auto_admin_first_user_config, auto_admin_user_config, foo_should_be_admin, bar_should_be_admin| + # In each case, 'foo' is created first, then 'bar', then 'bar2', then 'baz'. + test "auto admin with auto_admin_first=#{auto_admin_first_user_config} auto_admin=#{auto_admin_user_config}" do + + if auto_admin_first_user_config + # This test requires no admin users exist (except for the system user) + users(:admin).delete + @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true).find(:all) + assert_equal 0, @all_users.size, "No admin users should exist (except for the system user)" + end - @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true).find(:all) + Rails.configuration.auto_admin_first_user = auto_admin_first_user_config + Rails.configuration.auto_admin_user = auto_admin_user_config - assert_equal 0, @all_users.size, "No admin users should exist (except for the system user)" + # See if the foo user has is_admin + foo = User.new + foo.first_name = 'foo' + foo.email = 'foo@example.com' - Rails.configuration.auto_admin_first_user = true + act_as_system_user do + foo.save! + end - assert_equal true, Rails.configuration.auto_admin_first_user - user = User.new - user.first_name = "first_name_for_newly_created_admin_user" + foo = User.find(foo.id) # get the user back + assert_equal foo_should_be_admin, foo.is_admin, "is_admin is wrong for user foo" + assert_equal 'foo', foo.first_name - act_as_system_user do - user.save! - end + # See if the bar user has is_admin + bar = User.new + bar.first_name = 'bar' + bar.email = 'bar@example.com' - user = User.find(user.id) # get the user back - assert user.is_admin, 'is_admin should be set for first new user' - assert_equal 'first_name_for_newly_created_admin_user', user.first_name + act_as_system_user do + bar.save! + end - user = User.new - user.first_name = "first_name_for_newly_created_ordinary_user" + bar = User.find(bar.id) # get the user back + assert_equal bar_should_be_admin, bar.is_admin, "is_admin is wrong for user bar" + assert_equal 'bar', bar.first_name - act_as_system_user do - user.save! - end + # A subsequent user with the bar@example.com address should never be + # elevated to admin + bar2 = User.new + bar2.first_name = 'bar2' + bar2.email = 'bar@example.com' - user = User.find(user.id) # get the user back - assert !user.is_admin, 'is_admin should not be set for second new user' - assert_equal 'first_name_for_newly_created_ordinary_user', user.first_name + act_as_system_user do + bar2.save! + end + + bar2 = User.find(bar2.id) # get the user back + assert !bar2.is_admin, "is_admin is wrong for user bar2" + assert_equal 'bar2', bar2.first_name + + # An ordinary new user should not be elevated to admin + baz = User.new + baz.first_name = 'baz' + baz.email = 'baz@example.com' + + act_as_system_user do + baz.save! + end + + baz = User.find(baz.id) # get the user back + assert !baz.is_admin + assert_equal 'baz', baz.first_name + + end end test "check non-admin active user properties" do