X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9df4cad4500d092bb07909b6f49e4eaaa6d31984..3b40453701265dc66f8efb5865d29cf508f3ca43:/services/api/test/functional/arvados/v1/users_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb index ae7b21dec8..8bffac8dd1 100644 --- a/services/api/test/functional/arvados/v1/users_controller_test.rb +++ b/services/api/test/functional/arvados/v1/users_controller_test.rb @@ -151,7 +151,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage', "foo/#{repo_name}", created['uuid'], 'arvados#repository', true, 'Repository' - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', created['uuid'], 'arvados#group', true, 'Group' verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login', @@ -335,7 +335,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase # two extra links; system_group, and group verify_links_added 2 - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', response_object['uuid'], 'arvados#group', true, 'Group' verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage', @@ -420,7 +420,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage', 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository' - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', created['uuid'], 'arvados#group', true, 'Group' verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login', @@ -458,7 +458,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage', 'foo/usertestrepo', created['uuid'], 'arvados#repository', true, 'Repository' - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', created['uuid'], 'arvados#group', true, 'Group' verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login', @@ -511,7 +511,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase assert_equal active_user[:email], created['email'], 'expected input email' # verify links - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', created['uuid'], 'arvados#group', true, 'Group' verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage', @@ -545,7 +545,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase assert_equal active_user['email'], created['email'], 'expected original email' # verify links - verify_link response_items, 'arvados#group', true, 'permission', 'can_read', + verify_link response_items, 'arvados#group', true, 'permission', 'can_write', 'All users', created['uuid'], 'arvados#group', true, 'Group' assert_equal(repos_count, repos_query.count) @@ -666,7 +666,7 @@ The Arvados team. assert_equal active_user['uuid'], json_response['uuid'] updated = User.where(uuid: active_user['uuid']).first assert_equal(true, updated.is_active) - assert_equal({read: true}, updated.group_permissions[all_users_group_uuid]) + assert_equal({read: true, write: true}, updated.group_permissions[all_users_group_uuid]) end test "non-admin user can get basic information about readable users" do @@ -674,6 +674,12 @@ The Arvados team. get(:index) check_non_admin_index check_readable_users_index [:spectator], [:inactive, :active] + json_response["items"].each do |u| + if u["uuid"] == users(:spectator).uuid + assert_equal true, u["can_write"] + assert_equal true, u["can_manage"] + end + end end test "non-admin user gets only safe attributes from users#show" do @@ -883,7 +889,7 @@ The Arvados team. ['dst', :project_viewer_trustedclient]].each do |which_scoped, auth| test "refuse to merge with scoped #{which_scoped} token" do act_as_system_user do - api_client_authorizations(auth).update_attributes(scopes: ["GET /", "POST /", "PUT /"]) + api_client_authorizations(auth).update(scopes: ["GET /", "POST /", "PUT /"]) end authorize_with(:active_trustedclient) post(:merge, params: { @@ -1079,7 +1085,7 @@ The Arvados team. end NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name", - "last_name", "username"].sort + "last_name", "username", "can_write", "can_manage"].sort def check_non_admin_index assert_response :success