X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/77f1f9eb6f2d03b53c0bb4567ef07718b934e8ea..de98daba898ad2dfa58c9e810d98dadf4d208b95:/services/api/test/functional/arvados/v1/repositories_controller_test.rb

diff --git a/services/api/test/functional/arvados/v1/repositories_controller_test.rb b/services/api/test/functional/arvados/v1/repositories_controller_test.rb
index 4b1381edb8..7ba2183d3e 100644
--- a/services/api/test/functional/arvados/v1/repositories_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/repositories_controller_test.rb
@@ -42,6 +42,39 @@ class Arvados::V1::RepositoriesControllerTest < ActionController::TestCase
     end
   end
 
+  test "get_all_permissions does not give any access to user without permission" do
+    viewer_uuid = users(:project_viewer).uuid
+    assert_equal(authorized_keys(:project_viewer).authorized_user_uuid,
+                 viewer_uuid,
+                 "project_viewer must have an authorized_key for this test to work")
+    authorize_with :admin
+    get :get_all_permissions
+    assert_response :success
+    readable_repos = json_response["repositories"].select do |repo|
+      repo["user_permissions"].has_key?(viewer_uuid)
+    end
+    assert_equal(["arvados"], readable_repos.map { |r| r["name"] },
+                 "project_viewer should only have permissions on public repos")
+  end
+
+  test "get_all_permissions gives gitolite R to user with read-only access" do
+    authorize_with :admin
+    get :get_all_permissions
+    assert_response :success
+    found_it = false
+    assert_equal(authorized_keys(:spectator).authorized_user_uuid,
+                 users(:spectator).uuid,
+                 "spectator must have an authorized_key for this test to work")
+    json_response['repositories'].each do |repo|
+      next unless repo['uuid'] == repositories(:foo).uuid
+      assert_equal('R',
+                   repo['user_permissions'][users(:spectator).uuid]['gitolite_permissions'],
+                   "spectator user should have just R access to #{repo['uuid']}")
+      found_it = true
+    end
+    assert_equal true, found_it, "spectator user does not have R on foo repo"
+  end
+
   test "get_all_permissions provides admin and active user keys" do
     authorize_with :admin
     get :get_all_permissions
@@ -54,4 +87,66 @@ class Arvados::V1::RepositoriesControllerTest < ActionController::TestCase
                    "response public_key does not match fixture #{u}.")
     end
   end
+
+  test "get_all_permissions lists repos with no authorized keys" do
+    authorize_with :admin
+    AuthorizedKey.destroy_all
+    get :get_all_permissions
+    assert_response :success
+    assert_equal(Repository.count, json_response["repositories"].size)
+    assert(json_response["repositories"].any? do |repo|
+             repo["user_permissions"].empty?
+           end, "test is invalid - all repositories have authorized keys")
+  end
+
+  test "default index includes fetch_url" do
+    authorize_with :active
+    get(:index)
+    assert_response :success
+    assert_includes(json_response["items"].map { |r| r["fetch_url"] },
+                    "git@git.zzzzz.arvadosapi.com:active/foo.git")
+  end
+
+  [
+    {cfg: :git_repo_ssh_base, cfgval: "git@example.com:", match: %r"^git@example.com:/"},
+    {cfg: :git_repo_ssh_base, cfgval: true, match: %r"^git@git.zzzzz.arvadosapi.com:/"},
+    {cfg: :git_repo_ssh_base, cfgval: false, refute: /^git@/ },
+    {cfg: :git_repo_https_base, cfgval: "https://example.com/", match: %r"https://example.com/"},
+    {cfg: :git_repo_https_base, cfgval: true, match: %r"^https://git.zzzzz.arvadosapi.com/"},
+    {cfg: :git_repo_https_base, cfgval: false, refute: /^http/ },
+  ].each do |expect|
+    test "set #{expect[:cfg]} to #{expect[:cfgval]}" do
+      Rails.configuration.send expect[:cfg].to_s+"=", expect[:cfgval]
+      authorize_with :active
+      get :index
+      assert_response :success
+      json_response['items'].each do |r|
+        if expect[:refute]
+          r['clone_urls'].each do |u|
+            refute_match expect[:refute], u
+          end
+        else
+          assert r['clone_urls'].any? do |u|
+            expect[:prefix].match u
+          end
+        end
+      end
+    end
+  end
+
+  test "select push_url in index" do
+    authorize_with :active
+    get(:index, {select: ["uuid", "push_url"]})
+    assert_response :success
+    assert_includes(json_response["items"].map { |r| r["push_url"] },
+                    "git@git.zzzzz.arvadosapi.com:active/foo.git")
+  end
+
+  test "select clone_urls in index" do
+    authorize_with :active
+    get(:index, {select: ["uuid", "clone_urls"]})
+    assert_response :success
+    assert_includes(json_response["items"].map { |r| r["clone_urls"] }.flatten,
+                    "git@git.zzzzz.arvadosapi.com:active/foo.git")
+  end
 end