@updates = params['project']
super
end
+
+ def share_with
+ if not params[:uuids].andand.any?
+ @errors = ["No user/group UUIDs specified to share with."]
+ return render_error(status: 422)
+ end
+ results = {"success" => [], "failure" => {}}
+ params[:uuids].each do |shared_uuid|
+ begin
+ Link.create(tail_uuid: shared_uuid, link_class: "permission",
+ name: "can_read", head_uuid: @object.uuid)
+ rescue ArvadosApiClient::ApiError => error
+ results["failure"][shared_uuid] = error.api_response.andand[:errors]
+ else
+ results["success"] << shared_uuid
+ end
+ end
+ status = (results["failure"].empty?) ? 200 : 422
+ respond_to do |f|
+ f.json { render(json: results, status: status) }
+ end
+ end
end
match 'remove/:item_uuid', on: :member, via: :delete, action: :remove_item
match 'remove_items', on: :member, via: :delete, action: :remove_items
get 'choose', on: :collection
+ post 'share_with', on: :member
end
post 'actions' => 'actions#post'
end
end
end
+
+ test "sharing a project with a user and group" do
+ uuid_list = [api_fixture("groups")["future_project_viewing_group"]["uuid"],
+ api_fixture("users")["future_project_user"]["uuid"]]
+ post(:share_with, {
+ id: api_fixture("groups")["asubproject"]["uuid"],
+ format: "json",
+ uuids: uuid_list},
+ session_for(:active))
+ assert_response :success
+ json_response = Oj.load(@response.body)
+ assert_equal(uuid_list, json_response["success"])
+ end
+
+ test "user with project read permission can't add permissions" do
+ post(:share_with, {
+ id: api_fixture("groups")["aproject"]["uuid"],
+ uuids: [api_fixture("users")["spectator"]["uuid"]],
+ format: "json"},
+ session_for(:project_viewer))
+ assert_response 422
+ end
end
description: "Test project belonging to active user's first test project"
group_class: folder
+future_project_viewing_group:
+ uuid: zzzzz-j7d0g-futrprojviewgrp
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ created_at: 2014-04-21 15:37:48 -0400
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ modified_at: 2014-04-21 15:37:48 -0400
+ updated_at: 2014-04-21 15:37:48 -0400
+ name: Future Project Viewing Group
+ description: "Group used to test granting Group Project viewing"
+
bad_group_has_ownership_cycle_a:
uuid: zzzzz-j7d0g-cx2al9cqkmsf1hs
owner_uuid: zzzzz-j7d0g-0077nzts8c178lw
is_admin: false
prefs: {}
+future_project_user:
+ # Workbench tests give this user permission on aproject.
+ uuid: zzzzz-tpzed-futureprojview2
+ email: future-project-user@arvados.local
+ first_name: Future Project
+ last_name: User
+ identity_url: https://future-project-user.openid.local
+ is_active: true
+ is_admin: false
+ prefs: {}
+
spectator:
owner_uuid: zzzzz-tpzed-000000000000000
uuid: zzzzz-tpzed-l1s2piq4t4mps8r