X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b59b310e23b588c4007af84741d4b94bc9f595f1..0eb72b526bf8bbb011551ecf019f604e17a534f1:/services/api/test/functional/arvados/v1/groups_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb index 502c58044b..5ae1e9a9e2 100644 --- a/services/api/test/functional/arvados/v1/groups_controller_test.rb +++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + require 'test_helper' class Arvados::V1::GroupsControllerTest < ActionController::TestCase @@ -41,6 +45,7 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_not_includes group_uuids, groups(:aproject).uuid assert_not_includes group_uuids, groups(:asubproject).uuid assert_includes group_uuids, groups(:private).uuid + assert_includes group_uuids, groups(:group_with_no_class).uuid end test "get list of groups with bogus group_class" do @@ -54,12 +59,12 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_equal 0, json_response['items_available'] end - def check_project_contents_response + def check_project_contents_response disabled_kinds=[] assert_response :success assert_operator 2, :<=, json_response['items_available'] assert_operator 2, :<=, json_response['items'].count kinds = json_response['items'].collect { |i| i['kind'] }.uniq - expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job' + expect_kinds = %w'arvados#group arvados#specimen arvados#pipelineTemplate arvados#job' - disabled_kinds assert_equal expect_kinds, (expect_kinds & kinds) json_response['items'].each do |i| @@ -68,6 +73,10 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase "group#contents returned a non-project group") end end + + disabled_kinds.each do |d| + assert_equal true, !kinds.include?(d) + end end test 'get group-owned objects' do @@ -111,6 +120,7 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase authorize_with :active get :contents, { format: :json, + limit: 200, id: users(:active).uuid } assert_response :success @@ -291,6 +301,20 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase end end + test "Collection contents don't include manifest_text" do + authorize_with :active + get :contents, { + id: groups(:aproject).uuid, + filters: [["uuid", "is_a", "arvados#collection"]], + format: :json, + } + assert_response :success + refute(json_response["items"].any? { |c| not c["portable_data_hash"] }, + "response included an item without a portable data hash") + refute(json_response["items"].any? { |c| c.include?("manifest_text") }, + "response included an item with a manifest text") + end + test 'get writable_by list for owned group' do authorize_with :active get :show, { @@ -361,8 +385,148 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_not_equal(new_project['uuid'], groups(:aproject).uuid, "create returned same uuid as existing project") - assert_equal(new_project['name'], - 'A Project (2)', - "new project name '#{new_project['name']}' was expected to be 'A Project (2)'") + assert_match(/^A Project \(\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d\.\d{3}Z\)$/, + new_project['name']) + end + + test "unsharing a project results in hiding it from previously shared user" do + # remove sharing link for project + @controller = Arvados::V1::LinksController.new + authorize_with :admin + post :destroy, id: links(:share_starred_project_with_project_viewer).uuid + assert_response :success + + # verify that the user can no longer see the project + @test_counter = 0 # Reset executed action counter + @controller = Arvados::V1::GroupsController.new + authorize_with :project_viewer + get :index, filters: [['group_class', '=', 'project']], format: :json + assert_response :success + found_projects = {} + json_response['items'].each do |g| + found_projects[g['uuid']] = g + end + assert_equal false, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid) + + # share the project + @test_counter = 0 + @controller = Arvados::V1::LinksController.new + authorize_with :system_user + post :create, link: { + link_class: "permission", + name: "can_read", + head_uuid: groups(:starred_and_shared_active_user_project).uuid, + tail_uuid: users(:project_viewer).uuid, + } + + # verify that project_viewer user can now see shared project again + @test_counter = 0 + @controller = Arvados::V1::GroupsController.new + authorize_with :project_viewer + get :index, filters: [['group_class', '=', 'project']], format: :json + assert_response :success + found_projects = {} + json_response['items'].each do |g| + found_projects[g['uuid']] = g + end + assert_equal true, found_projects.include?(groups(:starred_and_shared_active_user_project).uuid) + end + + [ + [['owner_uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 200, + 'zzzzz-d1hrv-subprojpipeline', 'zzzzz-d1hrv-1xfj6xkicf2muk2'], + [["pipeline_instances.state", "not in", ["Complete", "Failed"]], 200, + 'zzzzz-d1hrv-1xfj6xkicf2muk2', 'zzzzz-d1hrv-i3e77t9z5y8j9cc'], + [['container_requests.requesting_container_uuid', '=', nil], 200, + 'zzzzz-xvhdp-cr4queuedcontnr', 'zzzzz-xvhdp-cr4requestercn2'], + [['container_requests.no_such_column', '=', nil], 422], + [['container_requests.', '=', nil], 422], + [['.requesting_container_uuid', '=', nil], 422], + [['no_such_table.uuid', '!=', 'zzzzz-tpzed-xurymjxw79nv3jz'], 422], + ].each do |filter, expect_code, expect_uuid, not_expect_uuid| + test "get contents with '#{filter}' filter" do + authorize_with :active + get :contents, filters: [filter], format: :json + assert_response expect_code + if expect_code == 200 + assert_not_empty json_response['items'] + item_uuids = json_response['items'].collect {|item| item['uuid']} + assert_includes(item_uuids, expect_uuid) + assert_not_includes(item_uuids, not_expect_uuid) + end + end + end + + test 'get contents with jobs and pipeline instances disabled' do + Rails.configuration.disable_api_methods = ['jobs.index', 'pipeline_instances.index'] + + authorize_with :active + get :contents, { + id: groups(:aproject).uuid, + format: :json, + } + check_project_contents_response %w'arvados#pipelineInstance arvados#job' + end + + test 'get contents with low max_index_database_read' do + # Some result will certainly have at least 12 bytes in a + # restricted column + Rails.configuration.max_index_database_read = 12 + authorize_with :active + get :contents, { + id: groups(:aproject).uuid, + format: :json, + } + assert_response :success + assert_not_empty(json_response['items']) + assert_operator(json_response['items'].count, + :<, json_response['items_available']) + end + + test 'get contents, recursive=true' do + authorize_with :active + params = { + id: groups(:aproject).uuid, + recursive: true, + format: :json, + } + get :contents, params + owners = json_response['items'].map do |item| + item['owner_uuid'] + end + assert_includes(owners, groups(:aproject).uuid) + assert_includes(owners, groups(:asubproject).uuid) + end + + [false, nil].each do |recursive| + test "get contents, recursive=#{recursive.inspect}" do + authorize_with :active + params = { + id: groups(:aproject).uuid, + format: :json, + } + params[:recursive] = false if recursive == false + get :contents, params + owners = json_response['items'].map do |item| + item['owner_uuid'] + end + assert_includes(owners, groups(:aproject).uuid) + refute_includes(owners, groups(:asubproject).uuid) + end + end + + test 'get home project contents, recursive=true' do + authorize_with :active + get :contents, { + id: users(:active).uuid, + recursive: true, + format: :json, + } + owners = json_response['items'].map do |item| + item['owner_uuid'] + end + assert_includes(owners, users(:active).uuid) + assert_includes(owners, groups(:aproject).uuid) + assert_includes(owners, groups(:asubproject).uuid) end end