X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/67a54670123669370bb4e664c7e40c71f7539b5f..bd11c0a9ff6ce23f0992af11d7dc7aef32860e22:/services/api/test/unit/user_test.rb?ds=sidebyside diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index 4695c9160a..6cee757ee1 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -1,17 +1,23 @@ require 'test_helper' class UserTest < ActiveSupport::TestCase + include CurrentApiClient # The fixture services/api/test/fixtures/users.yml serves as the input for this test case setup do + # Make sure system_user exists before making "pre-test users" list + system_user + @all_users = User.find(:all) @all_users.each do |user| - if user.is_admin && user.is_active + if user.uuid == system_user_uuid + @system_user = user + elsif user.is_admin && user.is_active @admin_user = user elsif user.is_active && !user.is_admin @active_user = user - elsif !user.is_active && !user.is_invited + elsif !user.is_active && !user.is_invited @uninvited_user = user end end @@ -81,7 +87,7 @@ class UserTest < ActiveSupport::TestCase assert_equal found_user.identity_url, user.identity_url end - test "create new user" do + test "create new user" do Thread.current[:user] = @admin_user # set admin user as the current user user = User.new @@ -89,7 +95,7 @@ class UserTest < ActiveSupport::TestCase user.save # verify there is one extra user in the db now - assert (User.find(:all).size == @all_users.size+1) + assert_equal @all_users.size+1, User.find(:all).size user = User.find(user.id) # get the user back assert_equal(user.first_name, 'first_name_for_newly_created_user') @@ -103,7 +109,7 @@ class UserTest < ActiveSupport::TestCase assert_equal(user.first_name, 'first_name_for_newly_created_user_updated') end - test "update existing user" do + test "update existing user" do Thread.current[:user] = @active_user # set active user as current user @active_user.first_name = "first_name_changed" @active_user.save @@ -119,22 +125,22 @@ class UserTest < ActiveSupport::TestCase @active_user = User.find(@active_user.id) # get the user back assert_equal(@active_user.first_name, 'first_name_changed_by_admin_for_active_user') end - - test "delete a user and verify" do + + test "delete a user and verify" do active_user_uuid = @active_user.uuid - Thread.current[:user] = @admin_user + Thread.current[:user] = @admin_user @active_user.delete found_deleted_user = false - User.find(:all).each do |user| - if user.uuid == active_user_uuid + User.find(:all).each do |user| + if user.uuid == active_user_uuid found_deleted_user = true break - end + end end assert !found_deleted_user, "found deleted user: "+active_user_uuid - + end test "create new user as non-admin user" do @@ -143,19 +149,140 @@ class UserTest < ActiveSupport::TestCase begin user = User.new user.save - rescue ArvadosModel::PermissionDeniedError + rescue ArvadosModel::PermissionDeniedError => e end + assert (e.message.include? 'PermissionDeniedError'), + 'Expected PermissionDeniedError' end - test "setup new user as non-admin user" do - Thread.current[:user] = @active_user + test "setup new user" do + Thread.current[:user] = @admin_user - begin - user = User.new - user.email = 'abc@xyz.com' - - User.setup user, 'http://openid/prefix' - rescue ArvadosModel::PermissionDeniedError + email = 'foo@example.com' + openid_prefix = 'http://openid/prefix' + + user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) + + vm = VirtualMachine.create + + response = User.setup user, openid_prefix, 'test_repo', vm.uuid + + resp_user = find_obj_in_resp response, 'User' + verify_user resp_user, email + + oid_login_perm = find_obj_in_resp response, 'Link', 'arvados#user' + + verify_link oid_login_perm, 'permission', 'can_login', resp_user[:email], + resp_user[:uuid] + + assert_equal openid_prefix, oid_login_perm[:properties][:identity_url_prefix], + 'expected identity_url_prefix not found for oid_login_perm' + + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil + + vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' + verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid + end + + test "setup new user in multiple steps" do + Thread.current[:user] = @admin_user + + email = 'foo@example.com' + openid_prefix = 'http://openid/prefix' + + user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) + + response = User.setup user, openid_prefix + + resp_user = find_obj_in_resp response, 'User' + verify_user resp_user, email + + oid_login_perm = find_obj_in_resp response, 'Link', 'arvados#user' + verify_link oid_login_perm, 'permission', 'can_login', resp_user[:email], + resp_user[:uuid] + assert_equal openid_prefix, oid_login_perm[:properties][:identity_url_prefix], + 'expected identity_url_prefix not found for oid_login_perm' + + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + + # invoke setup again with repo_name + response = User.setup user, openid_prefix, 'test_repo' + resp_user = find_obj_in_resp response, 'User', nil + verify_user resp_user, email + assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found' + + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil + + # invoke setup again with a vm_uuid + vm = VirtualMachine.create + + response = User.setup user, openid_prefix, 'test_repo', vm.uuid + + resp_user = find_obj_in_resp response, 'User', nil + verify_user resp_user, email + assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found' + + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil + + vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' + verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid + end + + def find_obj_in_resp (response_items, object_type, head_kind=nil) + return_obj = nil + response_items.each { |x| + if !x + next + end + + if object_type == 'User' + if ArvadosModel::resource_class_for_uuid(x['uuid']) == User + return_obj = x + break + end + else # looking for a link + if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind + return_obj = x + break + end + end + } + return return_obj + end + + def verify_user (resp_user, email) + assert_not_nil resp_user, 'expected user object' + assert_not_nil resp_user['uuid'], 'expected user object' + assert_equal email, resp_user['email'], 'expected email not found' + + end + + def verify_link (link_object, link_class, link_name, tail_uuid, head_uuid) + assert_not_nil link_object, "expected link for #{link_class} #{link_name}" + assert_not_nil link_object[:uuid], + "expected non-nil uuid for link for #{link_class} #{link_name}" + assert_equal link_class, link_object[:link_class], + "expected link_class not found for #{link_class} #{link_name}" + assert_equal link_name, link_object[:name], + "expected link_name not found for #{link_class} #{link_name}" + assert_equal tail_uuid, link_object[:tail_uuid], + "expected tail_uuid not found for #{link_class} #{link_name}" + if head_uuid + assert_equal head_uuid, link_object[:head_uuid], + "expected head_uuid not found for #{link_class} #{link_name}" end end