projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9b55fb)
19139: Adds tests related to user creation.
authorLucas Di Pentima <lucas.dipentima@curii.com>
Thu, 14 Jul 2022 13:59:41 +0000 (10:59 -0300)
committerLucas Di Pentima <lucas.dipentima@curii.com>
Thu, 14 Jul 2022 14:13:27 +0000 (11:13 -0300)
* Confirms that non-admin users cannot create user records.
* Exposes bug where user's owner_uuid fields were populated with the UUID of
  the creating admin user instead of using the system root user's UUID.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

services/api/test/integration/users_test.rb patch | blob | history

diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb
index 3660d35bad57a8353fa412784f094b2ccd00fe6e..369e3a2efa56caf033e04990292ded2374658073 100644 (file)
--- a/services/api/test/integration/users_test.rb
+++ b/services/api/test/integration/users_test.rb
@@ -493,4 +493,31 @@ class UsersTest < ActionDispatch::IntegrationTest
       headers: auth(:admin))
     assert_response 422
   end
+
+  test "creating users only accepted for admins" do
+    assert_equal false, users(:active).is_admin
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:active)
+    assert_response 403
+  end
+
+  test "create users assigns the system root user as their owner" do
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:admin)
+    assert_response :success
+    assert_not_nil json_response["uuid"]
+    assert_equal users(:system_user).uuid, json_response["owner_uuid"]
+  end
 end