X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/dad333f819ba1e4c7634527130634da40585f3aa..ae92d144610446849eb568247a44f02ae985c281:/services/api/test/functional/arvados/v1/groups_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb index 76d8cb9736..cfcb33d40a 100644 --- a/services/api/test/functional/arvados/v1/groups_controller_test.rb +++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb @@ -6,12 +6,19 @@ require 'test_helper' class Arvados::V1::GroupsControllerTest < ActionController::TestCase - test "attempt to delete group without read or write access" do + test "attempt to delete group that cannot be seen" do + Rails.configuration.Users.RoleGroupsVisibleToAll = false authorize_with :active post :destroy, params: {id: groups(:empty_lonely_group).uuid} assert_response 404 end + test "attempt to delete group without read or write access" do + authorize_with :active + post :destroy, params: {id: groups(:empty_lonely_group).uuid} + assert_response 403 + end + test "attempt to delete group without write access" do authorize_with :active post :destroy, params: {id: groups(:all_users).uuid} @@ -349,7 +356,7 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase end end - test "Collection contents don't include manifest_text" do + test "Collection contents don't include manifest_text or unsigned_manifest_text" do authorize_with :active get :contents, params: { id: groups(:aproject).uuid, @@ -360,7 +367,9 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase refute(json_response["items"].any? { |c| not c["portable_data_hash"] }, "response included an item without a portable data hash") refute(json_response["items"].any? { |c| c.include?("manifest_text") }, - "response included an item with a manifest text") + "response included an item with manifest_text") + refute(json_response["items"].any? { |c| c.include?("unsigned_manifest_text") }, + "response included an item with unsigned_manifest_text") end test 'get writable_by list for owned group' do @@ -536,6 +545,45 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_includes(owners, groups(:asubproject).uuid) end + [:afiltergroup, :private_role].each do |grp| + test "delete non-project group #{grp}" do + authorize_with :admin + assert_not_nil Group.find_by_uuid(groups(grp).uuid) + assert !Group.find_by_uuid(groups(grp).uuid).is_trashed + post :destroy, params: { + id: groups(grp).uuid, + format: :json, + } + assert_response :success + # Should not be trashed + assert_nil Group.find_by_uuid(groups(grp).uuid) + end + end + + [ + [false, :inactive, :private_role, false], + [false, :spectator, :private_role, false], + [false, :admin, :private_role, true], + [true, :inactive, :private_role, false], + [true, :spectator, :private_role, true], + [true, :admin, :private_role, true], + # project (non-role) groups are invisible even when RoleGroupsVisibleToAll is true + [true, :inactive, :private, false], + [true, :spectator, :private, false], + [true, :admin, :private, true], + ].each do |visibleToAll, userFixture, groupFixture, visible| + test "with RoleGroupsVisibleToAll=#{visibleToAll}, #{groupFixture} group is #{visible ? '' : 'in'}visible to #{userFixture} user" do + Rails.configuration.Users.RoleGroupsVisibleToAll = visibleToAll + authorize_with userFixture + get :show, params: {id: groups(groupFixture).uuid, format: :json} + if visible + assert_response :success + else + assert_response 404 + end + end + end + ### trashed project tests ### # @@ -739,6 +787,28 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase end end + # the group class overrides the destroy method. Make sure that the destroyed + # object is returned + [ + {group_class: "project"}, + {group_class: "role"}, + {group_class: "filter", properties: {"filters":[]}}, + ].each do |params| + test "destroy group #{params} returns object" do + authorize_with :active + + group = Group.create!(params) + + post :destroy, params: { + id: group.uuid, + format: :json, + } + assert_response :success + assert_not_nil json_response + assert_equal group.uuid, json_response["uuid"] + end + end + test 'get shared owned by another user' do authorize_with :user_bar_in_sharing_group @@ -872,4 +942,24 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase assert_response 422 end + + test "include_trash does not return trash inside frozen project" do + authorize_with :active + trashtime = Time.now - 1.second + outerproj = Group.create!(group_class: 'project') + innerproj = Group.create!(group_class: 'project', owner_uuid: outerproj.uuid) + innercoll = Collection.create!(name: 'inner-not-trashed', owner_uuid: innerproj.uuid) + innertrash = Collection.create!(name: 'inner-trashed', owner_uuid: innerproj.uuid, trash_at: trashtime) + innertrashproj = Group.create!(group_class: 'project', name: 'inner-trashed-proj', owner_uuid: innerproj.uuid, trash_at: trashtime) + outertrash = Collection.create!(name: 'outer-trashed', owner_uuid: outerproj.uuid, trash_at: trashtime) + innerproj.update_attributes!(frozen_by_uuid: users(:active).uuid) + get :contents, params: {id: outerproj.uuid, include_trash: true, recursive: true} + assert_response :success + uuids = json_response['items'].collect { |item| item['uuid'] } + assert_includes uuids, outertrash.uuid + assert_includes uuids, innerproj.uuid + assert_includes uuids, innercoll.uuid + refute_includes uuids, innertrash.uuid + refute_includes uuids, innertrashproj.uuid + end end