projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb3b70b)
api: Have users own the logs they generate.
authorBrett Smith <brett@curoverse.com>
Thu, 10 Apr 2014 15:43:55 +0000 (11:43 -0400)
committerBrett Smith <brett@curoverse.com>
Thu, 10 Apr 2014 15:43:55 +0000 (11:43 -0400)
Setting the owner to the system user was intended to provide the
security policy we wanted.  Now that we've opted instead to give logs
overrides for the permission_to_ACTION methods, users should own their
own logs so they can read them.

services/api/app/models/log.rb patch | blob | history
services/api/test/functional/arvados/v1/logs_controller_test.rb patch | blob | history
services/api/test/unit/log_test.rb patch | blob | history

diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 17d6ec42db6ce331ed71f99cd5474eb3148ecc4f..223d125d4b7f5f60517907c0b3a1d0539b4a7e57 100644 (file)
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -4,7 +4,6 @@ class Log < ArvadosModel
   include CommonApiTemplate
   serialize :properties, Hash
   before_validation :set_default_event_at
-  before_save { self.owner_uuid = self.system_user_uuid }
   attr_accessor :object
 
   api_accessible :user, extend: :common do |t|
diff --git a/services/api/test/functional/arvados/v1/logs_controller_test.rb b/services/api/test/functional/arvados/v1/logs_controller_test.rb
index 3e8508af97cd106fbfba2e84b0ef64b54fb0254f..9c410996b84509861f85f6fd8fcc1c9557cb5b4a 100644 (file)
--- a/services/api/test/functional/arvados/v1/logs_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/logs_controller_test.rb
@@ -1,4 +1,15 @@
 require 'test_helper'
 
 class Arvados::V1::LogsControllerTest < ActionController::TestCase
+  test "non-admins can read their own logs" do
+    authorize_with :active
+    post :create, log: {summary: "test log"}
+    assert_response :success
+    uuid = JSON.parse(@response.body)['uuid']
+    assert_not_nil uuid
+    get :show, {id: uuid}
+    assert_response(:success, "failed to load created log")
+    assert_equal("test log", assigns(:object).summary,
+                 "loaded wrong log after creation")
+  end
 end
diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index 8879dfad1bc70890248bae19434c4e3cb8aa91c6..7a27767d5ca6b0a05364e99b37e90b087533c42e 100644 (file)
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -32,8 +32,8 @@ class LogTest < ActiveSupport::TestCase
     @log_count += 1
     log = logs.last
     props = log.properties
-    assert_equal(system_user_uuid, log.owner_uuid,
-                 "log is not owned by system user")
+    assert_equal(current_user.andand.uuid, log.owner_uuid,
+                 "log is not owned by current user")
     assert_equal(current_user.andand.uuid, log.modified_by_user_uuid,
                  "log is not 'modified by' current user")
     assert_equal(current_api_client.andand.uuid, log.modified_by_client_uuid,