Links controller checks that head/tail_kind matches head/tail_uuid.

author Peter Amstutz <peter.amstutz@curoverse.com>

Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)

committer Peter Amstutz <peter.amstutz@curoverse.com>

Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)
author Peter Amstutz <peter.amstutz@curoverse.com>
Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)
committer Peter Amstutz <peter.amstutz@curoverse.com>
Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)
diff --git a/services/api/app/controllers/arvados/v1/links_controller.rb b/services/api/app/controllers/arvados/v1/links_controller.rb

index 1b5bf78dbeb61821411e6cb754d6d977825bad58..563804ef15d05df2c2187a56eaa1a80aa612573d 100644 (file)
--- a/services/api/app/controllers/arvados/v1/links_controller.rb
+++ b/services/api/app/controllers/arvados/v1/links_controller.rb
@@ -1,6 +1,14 @@
  class Arvados::V1::LinksController < ApplicationController
  
    def create
+    if resource_attrs[:head_kind] and ArvadosModel::resource_class_for_uuid(resource_attrs[:head_uuid]).kind != resource_attrs[:head_kind]
+      errors.add(attr, "'#{resource_attrs[:head_kind]}' does not match '#{head_uuid}'")
+    end
+
+    if resource_attrs[:tail_kind] and ArvadosModel::resource_class_for_uuid(resource_attrs[:tail_uuid]).kind != resource_attrs[:tail_kind]
+      errors.add(attr, "'#{resource_attrs[:tail_kind]}' does not match '#{tail_uuid}'")
+    end
+
      resource_attrs.delete :head_kind
      resource_attrs.delete :tail_kind
      super
diff --git a/services/api/test/functional/arvados/v1/links_controller_test.rb b/services/api/test/functional/arvados/v1/links_controller_test.rb

index 09dd1621d681fbecc6480b78e369a61e57241065..f4d65c19921e4f4434c94257620fce6a0b974752 100644 (file)
--- a/services/api/test/functional/arvados/v1/links_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/links_controller_test.rb
@@ -175,5 +175,32 @@ class Arvados::V1::LinksControllerTest < ActionController::TestCase
      assert_equal found.count, (found.select { |f| f.head_uuid.match /[a-z0-9]{5}-tpzed-[a-z0-9]{15}/}).count
    end
  
+  test "head_kind matches head_uuid" do
+    link = {
+      link_class: 'test',
+      name: 'stuff',
+      head_uuid: groups(:public).uuid,
+      head_kind: "arvados#user",
+      tail_uuid: users(:spectator).uuid,
+      tail_kind: "arvados#user",
+    }
+    authorize_with :admin
+    post :create, link: link
+    assert_response 422
+  end
+
+  test "tail_kind matches tail_uuid" do
+    link = {
+      link_class: 'test',
+      name: 'stuff',
+      head_uuid: users(:active).uuid,
+      head_kind: "arvados#user",
+      tail_uuid: groups(:public).uuid,
+      tail_kind: "arvados#user",
+    }
+    authorize_with :admin
+    post :create, link: link
+    assert_response 422
+  end
  
  end
author	Peter Amstutz <peter.amstutz@curoverse.com>
	Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)
committer	Peter Amstutz <peter.amstutz@curoverse.com>
	Mon, 14 Apr 2014 15:22:41 +0000 (11:22 -0400)
services/api/app/controllers/arvados/v1/links_controller.rb		patch \| blob \| history
services/api/test/functional/arvados/v1/links_controller_test.rb		patch \| blob \| history