20831: Return is_admin and is_invited so batch updates work

author Peter Amstutz <peter.amstutz@curii.com>

Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)

committer Peter Amstutz <peter.amstutz@curii.com>

Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)
author Peter Amstutz <peter.amstutz@curii.com>
Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)
committer Peter Amstutz <peter.amstutz@curii.com>
Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go

index c65e1429241a6030c9bdb063cc6d4037d6116717..95b50e7827b12a82eca1091107dc91a14ef4fbfe 100644 (file)
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -627,6 +627,7 @@ var userAttrsCachedFromLoginCluster = map[string]bool{
         "first_name":  true,
         "is_active":   true,
         "is_admin":    true,
+       "is_invited":  true,
         "last_name":   true,
         "modified_at": true,
         "prefs":       true,
@@ -636,7 +637,6 @@ var userAttrsCachedFromLoginCluster = map[string]bool{
         "etag":                    false,
         "full_name":               false,
         "identity_url":            false,
-       "is_invited":              false,
         "modified_by_client_uuid": false,
         "modified_by_user_uuid":   false,
         "owner_uuid":              false,
diff --git a/lib/controller/federation/user_test.go b/lib/controller/federation/user_test.go

index 1bd1bd2f18b9315c44428da2623f121e61e17fe8..33bc95d0ea2e6ac331087911cc8b4b9d8948f8a1 100644 (file)
--- a/lib/controller/federation/user_test.go
+++ b/lib/controller/federation/user_test.go
@@ -78,7 +78,7 @@ func (s *UserSuite) TestLoginClusterUserList(c *check.C) {
                                                 "identity_url": false,
                                                 // virtual attrs
                                                 "full_name":  false,
-                                               "is_invited": false,
+                                               "is_invited": true,
                                         }
                                         if opts.Select != nil {
                                                 // Only the selected
@@ -146,7 +146,7 @@ func (s *UserSuite) TestLoginClusterUserGet(c *check.C) {
                         "identity_url": false,
                         // virtual attrs
                         "full_name":  false,
-                       "is_invited": false,
+                       "is_invited": true,
                 }
                 if opts.Select != nil {
                         // Only the selected
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb

index 8f69c6cf7777e0d4f464b7d4508f6735ac2f279d..031dd2e4f92ba7c1764756027cef95db0afa5714 100644 (file)
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -250,7 +250,7 @@ class Arvados::V1::UsersController < ApplicationController
      return super if @read_users.any?(&:is_admin)
      if params[:uuid] != current_user.andand.uuid
        # Non-admin index/show returns very basic information about readable users.
-      safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name", "username", "can_write", "can_manage", "kind"]
+      safe_attrs = ["uuid", "is_active", "is_admin", "is_invited", "email", "first_name", "last_name", "username", "can_write", "can_manage", "kind"]
        if @select
          @select = @select & safe_attrs
        else
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb

index d9040387e9e53de4b9b09e0cb7e04b0bc58e62b1..3ce411b976b9d2a91258da20739c5ddb4e855073 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -105,6 +105,10 @@ class User < ArvadosModel
         self.groups_i_can(:read).select { |x| x.match(/-f+$/) }.first)
    end
  
+  def self.ignored_select_attributes
+    super + ["full_name", "is_invited"]
+  end
+
    def groups_i_can(verb)
      my_groups = self.group_permissions(VAL_FOR_PERM[verb]).keys
      if verb == :read
@@ -654,7 +658,7 @@ SELECT target_uuid, perm_level
          end
        end
  
-      if user.is_invited && !remote_user[:is_invited]
+      if user.is_invited && remote_user[:is_invited] == false
          # Remote user is not "invited" state, they should be unsetup, which
          # also makes them inactive.
          user.unsetup
@@ -674,13 +678,14 @@ SELECT target_uuid, perm_level
             Rails.configuration.RemoteClusters[remote_user_prefix].andand["ActivateUsers"])
            # remote user is active and invited, we need to activate them
            user.update!(is_active: true)
-        elsif user.is_active && !remote_user[:is_active]
+        elsif user.is_active && remote_user[:is_active] == false
            # remote user is not active, we need to de-activate them
            user.update!(is_active: false)
          end
  
          if remote_user_prefix == Rails.configuration.Login.LoginCluster and
            user.is_active and
+          !remote_user[:is_admin].nil? and
            user.is_admin != remote_user[:is_admin]
            # Remote cluster controls our user database, including the
            # admin flag.
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml

index 99b97510db99951575052e88703b5d962d6716c7..00d597153486ae391c255640d44dfaf93e8a71dd 100644 (file)
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -1139,3 +1139,17 @@ public_favorites_permission_link:
    name: can_read
    head_uuid: zzzzz-j7d0g-publicfavorites
    properties: {}
+
+future_project_user_member_of_all_users_group:
+  uuid: zzzzz-o0j2j-cdnq6627g0h0r2a
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2015-07-28T21:34:41.361747000Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2015-07-28T21:34:41.361747000Z
+  updated_at: 2015-07-28T21:34:41.361747000Z
+  tail_uuid: zzzzz-tpzed-futureprojview2
+  link_class: permission
+  name: can_write
+  head_uuid: zzzzz-j7d0g-fffffffffffffff
+  properties: {}
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb

index fe24e441ce46d7f38bc74e6022a3a671cfe60742..07e0b71d86098877da212a2d7eefc0087204d25e 100644 (file)
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -1101,7 +1101,7 @@ The Arvados team.
      assert_equal(1, Log.where(object_uuid: unchanginguuid).count)
    end
  
-  NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
+  NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "is_admin", "is_invited", "email", "first_name",
                           "last_name", "username", "can_write", "can_manage"].sort
  
    def check_non_admin_index
author	Peter Amstutz <peter.amstutz@curii.com>
	Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Thu, 16 Nov 2023 21:47:15 +0000 (16:47 -0500)
lib/controller/federation/conn.go		patch \| blob \| history
lib/controller/federation/user_test.go		patch \| blob \| history
services/api/app/controllers/arvados/v1/users_controller.rb		patch \| blob \| history
services/api/app/models/user.rb		patch \| blob \| history
services/api/test/fixtures/links.yml		patch \| blob \| history
services/api/test/functional/arvados/v1/users_controller_test.rb		patch \| blob \| history