X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6bf9e1a4b5640f3cdd057810f0c9b8a945bb88bd..01a3368db1de44656e82fbc066e85ae4feb5eb75:/services/api/test/functional/arvados/v1/groups_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb index 02a4ce9663..fcdce0e600 100644 --- a/services/api/test/functional/arvados/v1/groups_controller_test.rb +++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb @@ -6,12 +6,19 @@ require 'test_helper' class Arvados::V1::GroupsControllerTest < ActionController::TestCase - test "attempt to delete group without read or write access" do + test "attempt to delete group that cannot be seen" do + Rails.configuration.Users.RoleGroupsVisibleToAll = false authorize_with :active post :destroy, params: {id: groups(:empty_lonely_group).uuid} assert_response 404 end + test "attempt to delete group without read or write access" do + authorize_with :active + post :destroy, params: {id: groups(:empty_lonely_group).uuid} + assert_response 403 + end + test "attempt to delete group without write access" do authorize_with :active post :destroy, params: {id: groups(:all_users).uuid} @@ -538,6 +545,45 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_includes(owners, groups(:asubproject).uuid) end + [:afiltergroup, :private_role].each do |grp| + test "delete non-project group #{grp}" do + authorize_with :admin + assert_not_nil Group.find_by_uuid(groups(grp).uuid) + assert !Group.find_by_uuid(groups(grp).uuid).is_trashed + post :destroy, params: { + id: groups(grp).uuid, + format: :json, + } + assert_response :success + # Should not be trashed + assert_nil Group.find_by_uuid(groups(grp).uuid) + end + end + + [ + [false, :inactive, :private_role, false], + [false, :spectator, :private_role, false], + [false, :admin, :private_role, true], + [true, :inactive, :private_role, false], + [true, :spectator, :private_role, true], + [true, :admin, :private_role, true], + # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true + [true, :inactive, :private, false], + [true, :spectator, :private, false], + [true, :admin, :private, true], + ].each do |visibleToAll, userFixture, groupFixture, visible| + test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do + Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll + authorize_with userFixture + get :show, params: {id: groups(groupFixture).uuid, format: :json} + if visible + assert_response :success + else + assert_response 404 + end + end + end + ### trashed project tests ### # @@ -874,4 +920,24 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_response 422 end + + test "include_trash does not return trash inside frozen project" do + authorize_with :active + trashtime = Time.now - 1.second + outerproj = Group.create!(group_class: 'project') + innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid) + innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid) + innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime) + innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime) + outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime) + innerproj.update_attributes!(frozen_by_uuid: users(:active).uuid) + get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true} + assert_response :success + uuids = json_response['items'].collect { |item| item['uuid'] } + assert_includes uuids, outertrash.uuid + assert_includes uuids, innerproj.uuid + assert_includes uuids, innercoll.uuid + refute_includes uuids, innertrash.uuid + refute_includes uuids, innertrashproj.uuid + end end