X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7fb83a3380e62721801a4980c48ba78208c7b2e2..31e1d10eb4a54b13f55b3c9638f46032be633ff9:/services/api/test/functional/arvados/v1/repositories_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/repositories_controller_test.rb b/services/api/test/functional/arvados/v1/repositories_controller_test.rb index 4b1381edb8..0793d12e4e 100644 --- a/services/api/test/functional/arvados/v1/repositories_controller_test.rb +++ b/services/api/test/functional/arvados/v1/repositories_controller_test.rb @@ -42,6 +42,38 @@ class Arvados::V1::RepositoriesControllerTest < ActionController::TestCase end end + test "get_all_permissions does not give any access to user without permission" do + authorize_with :admin + get :get_all_permissions + assert_response :success + assert_equal(authorized_keys(:project_viewer).authorized_user_uuid, + users(:project_viewer).uuid, + "project_viewer must have an authorized_key for this test to work") + json_response['repositories'].each do |repo| + assert_equal(false, + repo['user_permissions'].has_key?(users(:project_viewer).uuid), + "project_viewer user should not have perms for #{repo['uuid']}") + end + end + + test "get_all_permissions gives gitolite R to user with read-only access" do + authorize_with :admin + get :get_all_permissions + assert_response :success + found_it = false + assert_equal(authorized_keys(:spectator).authorized_user_uuid, + users(:spectator).uuid, + "spectator must have an authorized_key for this test to work") + json_response['repositories'].each do |repo| + next unless repo['uuid'] == repositories(:foo).uuid + assert_equal('R', + repo['user_permissions'][users(:spectator).uuid]['gitolite_permissions'], + "spectator user should have just R access to #{repo['uuid']}") + found_it = true + end + assert_equal true, found_it, "spectator user does not have R on foo repo" + end + test "get_all_permissions provides admin and active user keys" do authorize_with :admin get :get_all_permissions