User.includes(:authorized_keys).all.each do |u|
@users[u.uuid] = u
end
+ admins = @users.select { |k,v| v.is_admin }
@user_aks = {}
@repo_info = {}
@repos = Repository.includes(:permissions).all
end
end
# Owner of the repository, and all admins, can RW
- ([repo.owner_uuid] + @users.keys).each do |user_uuid|
- %w(can_read can_write).each do |name|
- perms << {name: name, user_uuid: user_uuid}
- end
+ ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+ perms << {name: 'can_write', user_uuid: user_uuid}
end
perms.each do |perm|
user_uuid = perm[:user_uuid]
key_type: SSH
name: admin
public_key: ssh-dss AAAAB3NzaC1kc3MAAACBAKy1IDMGwa7/Yjas77vLSShBE3SzpPXqXu6nRMC9zdIoMdctjhfP+GOOyQQP12rMs16NYmfdOxX+sa2t9syI/8NhDxTmNbHVw2jHimC6SL02v8WHDIw2vaBCVN+CHdeYbZsBB/8/M+2PO3uUWbr0TjoXcxrKYScS/aTTjSAWRg4ZAAAAFQDR/xAdrewj1ORNIQs+kWWdjmiO0wAAAIBC+G92r2ZeGaHLCMI0foKnfuQzg9fKp5krEvE6tvRNju7iOqtB9xe1qsAqr6GPZQjfSrNPac6T1pxMoh+an4PfNs5xgBIpvy93oqALd4maQt6483vsIyVCw6nQD7s/8IpIHpwxFEFs5/5moYxzY64eY0ldSXJwvPsrBTruhuUdugAAAIBut96rWQYTnYUdngyUK9EoJzgKn3l7gg0IQoFC4hS96D8vUm0wIdSEQHt01pSc0KR1Nnb4JrnNz/qCH45wOy5oB9msQ/2Pq2brTDZJcIPcN1LbMCps9PetUruz1OjK1NzDuLmvsrP3GBLxJrtmrCoKHLzPZ6QSefW0OymFgaDFGg==
+
+spectator:
+ uuid: zzzzz-fngyi-3uze1ipbnz2c2c2
+ owner_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ authorized_user_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ key_type: SSH
+ name: spectator
+ public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJK4hxmgXzg1gty+91JfkpgikAZxTvFTQoaFUJYTHIygz2V3FgU64NkK3yfwh+bhs7n8YIMftuCHfojKEJTtedbiv/mYpItetzdOwYONCGSEk1VnfipGhnFvL7FZDESTxLN9KNve3ZmZh8HvO6s8fdlTlqTTNKpsdwLiQn2s3W1TWvru/NP504MD5qPeZ4+8jZEh/uiuRaeXqPDAlE9QGPV4FRAA1xo0dBZIrRMwQC8kOttq/i2pLgHq1xW9p4J23oV68O/kkeBb7VwrX3Av/M61kvRsP8tA5gqh+HMKVO2qTP4yG6eGkAobIokQAcyZetPQIDmfVeoB0NzwPfAy4r
+
+project_viewer:
+ uuid: zzzzz-fngyi-5d3av1396niwcej
+ owner_uuid: zzzzz-tpzed-projectviewer1a
+ authorized_user_uuid: zzzzz-tpzed-projectviewer1a
+ key_type: SSH
+ name: project_viewer
+ public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPkOJMQzT9n6RousrLMU7c/KFKTI7I5JifDIEtGJJ1MMZW0GVoxtXALU90HcaRjEOwGPvQPxj7IDYqXs2N9uvm8SUWJMiz6c8NIjhGTkUoOnTFl4E9YTvkkKNs0P+3eT1Y+6zfTcFJHKP3AR4kZX+oiPHowRpCIlnLjXCFxX+E+YI554A7bS4yfOZO9lf6vtiT9I+6EqxC8a0hzZauPC1ZC3d/AFgBnrXJ2fBlAEySznru39quHN1u3v4qHTyaO2pDbG6vdI6O3JDCXCJKRv/B2FLuLTlzB0YesM1FiE6w8QgPxqb42B+uWTZb969UZliH8Pzw/mscOLAjmARDC02z
end
end
+ test "get_all_permissions does not give any access to user without permission" do
+ authorize_with :admin
+ get :get_all_permissions
+ assert_response :success
+ assert_equal(authorized_keys(:project_viewer).authorized_user_uuid,
+ users(:project_viewer).uuid,
+ "project_viewer must have an authorized_key for this test to work")
+ json_response['repositories'].each do |repo|
+ assert_equal(false,
+ repo['user_permissions'].has_key?(users(:project_viewer).uuid),
+ "project_viewer user should not have perms for #{repo['uuid']}")
+ end
+ end
+
+ test "get_all_permissions gives gitolite R to user with read-only access" do
+ authorize_with :admin
+ get :get_all_permissions
+ assert_response :success
+ found_it = false
+ assert_equal(authorized_keys(:spectator).authorized_user_uuid,
+ users(:spectator).uuid,
+ "spectator must have an authorized_key for this test to work")
+ json_response['repositories'].each do |repo|
+ next unless repo['uuid'] == repositories(:foo).uuid
+ assert_equal('R',
+ repo['user_permissions'][users(:spectator).uuid]['gitolite_permissions'],
+ "spectator user should have just R access to #{repo['uuid']}")
+ found_it = true
+ end
+ assert_equal true, found_it, "spectator user does not have R on foo repo"
+ end
+
test "get_all_permissions provides admin and active user keys" do
authorize_with :admin
get :get_all_permissions
projects / arvados.git / commitdiff