X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/dfe0ec7bfec3fd72cd40d3962e5c8af08d2413d2..e4fca76d5db9bd844530454894d07ddc729b4a9a:/apps/workbench/test/controllers/projects_controller_test.rb
diff --git a/apps/workbench/test/controllers/projects_controller_test.rb b/apps/workbench/test/controllers/projects_controller_test.rb
index d31d6e3458..3522745fe4 100644
--- a/apps/workbench/test/controllers/projects_controller_test.rb
+++ b/apps/workbench/test/controllers/projects_controller_test.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
require 'test_helper'
require 'helpers/share_object_helper'
@@ -28,7 +32,7 @@ class ProjectsControllerTest < ActionController::TestCase
id: readonly_project_uuid
}, session_for(which_user)
buttons = css_select('[data-method=post]').select do |el|
- el.attributes['data-remote-href'].match /project.*owner_uuid.*#{readonly_project_uuid}/
+ el.attributes['data-remote-href'].value.match /project.*owner_uuid.*#{readonly_project_uuid}/
end
if should_show
assert_not_empty(buttons, "did not offer to create a subproject")
@@ -101,8 +105,9 @@ class ProjectsControllerTest < ActionController::TestCase
end
test "project admin can remove collections from the project" do
- # Deleting an object that supports 'expires_at' should make it
- # completely inaccessible to API queries, not simply moved out of the project.
+ # Deleting an object that supports 'trash_at' should make it
+ # completely inaccessible to API queries, not simply moved out of
+ # the project.
coll_key = "collection_to_remove_from_subproject"
coll_uuid = api_fixture("collections")[coll_key]["uuid"]
delete(:remove_item,
@@ -116,12 +121,12 @@ class ProjectsControllerTest < ActionController::TestCase
use_token :subproject_admin
assert_raise ArvadosApiClient::NotFoundException do
- Collection.find(coll_uuid)
+ Collection.find(coll_uuid, cache: false)
end
end
test "project admin can remove items from project other than collections" do
- # An object which does not have an expired_at field (e.g. Specimen)
+ # An object which does not have an trash_at field (e.g. Specimen)
# should be implicitly moved to the user's Home project when removed.
specimen_uuid = api_fixture('specimens', 'in_asubproject')['uuid']
delete(:remove_item,
@@ -141,7 +146,6 @@ class ProjectsControllerTest < ActionController::TestCase
# An object which does not offer an expired_at field but has a xx_owner_uuid_name_unique constraint
# will be renamed when removed and another object with the same name exists in user's home project.
[
- ['groups', 'subproject_in_asubproject_with_same_name_as_one_in_active_user_home'],
['pipeline_templates', 'template_in_asubproject_with_same_name_as_one_in_active_user_home'],
].each do |dm, fixture|
test "removing #{dm} from a subproject results in renaming it when there is another such object with same name in home project" do
@@ -331,10 +335,20 @@ class ProjectsControllerTest < ActionController::TestCase
project = api_fixture('groups')['aproject']
use_token :active
found = Group.find(project['uuid'])
- found.description = 'Textile description with link to home page take me home.'
+ found.description = 'Textile description with link to home page take me home.'
found.save!
get(:show, {id: project['uuid']}, session_for(:active))
- assert_includes @response.body, 'Textile description with link to home page take me home.'
+ assert_includes @response.body, 'Textile description with link to home page take me home.'
+ end
+
+ test "find a project and edit description to unsafe html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'Textile description with unsafe script tag .'
+ found.save!
+ get(:show, {id: project['uuid']}, session_for(:active))
+ assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").'
end
test "find a project and edit description to textile description with link to object" do
@@ -435,7 +449,7 @@ class ProjectsControllerTest < ActionController::TestCase
{
fixture: 'container_requests',
state: 'running',
- selectors: [['div.progress', true]]
+ selectors: [['.label-info', true, 'Running']]
},
{
fixture: 'pipeline_instances',
@@ -446,7 +460,7 @@ class ProjectsControllerTest < ActionController::TestCase
{
fixture: 'pipeline_instances',
state: 'pipeline_in_running_state',
- selectors: [['div.progress', true]]
+ selectors: [['.label-info', true, 'Running']]
},
].each do |c|
uuid = api_fixture(c[:fixture])[c[:state]]['uuid']
@@ -490,27 +504,28 @@ class ProjectsControllerTest < ActionController::TestCase
["user1_with_load", 2, ["project_with_10_collections"], "project_with_2_pipelines_and_60_crs"],
["admin", 5, ["anonymously_accessible_project", "subproject_in_anonymous_accessible_project"], "aproject"],
].each do |user, page_size, tree_segment, unexpected|
+ # Note: this test is sensitive to database collation. It passes
+ # with en_US.UTF-8.
test "build my projects tree for #{user} user and verify #{unexpected} is omitted" do
use_token user
- ctrl = ProjectsController.new
-
- current_user = User.find(api_fixture('users')[user]['uuid'])
- my_tree = ctrl.send :my_wanted_projects_tree, current_user, page_size
+ tree, _, _ = @controller.send(:my_wanted_projects_tree,
+ User.current,
+ page_size)
tree_segment_at_depth_1 = api_fixture('groups')[tree_segment[0]]
tree_segment_at_depth_2 = api_fixture('groups')[tree_segment[1]] if tree_segment[1]
- tree_nodes = {}
- my_tree[0].each do |x|
- tree_nodes[x[:object]['uuid']] = x[:depth]
+ node_depth = {}
+ tree.each do |x|
+ node_depth[x[:object]['uuid']] = x[:depth]
end
- assert_equal(1, tree_nodes[tree_segment_at_depth_1['uuid']])
- assert_equal(2, tree_nodes[tree_segment_at_depth_2['uuid']]) if tree_segment[1]
+ assert_equal(1, node_depth[tree_segment_at_depth_1['uuid']])
+ assert_equal(2, node_depth[tree_segment_at_depth_2['uuid']]) if tree_segment[1]
unexpected_project = api_fixture('groups')[unexpected]
- assert_nil(tree_nodes[unexpected_project['uuid']])
+ assert_nil(node_depth[unexpected_project['uuid']], node_depth.inspect)
end
end