c.Check(subproject.CanWrite, check.Equals, true)
c.Check(subproject.CanManage, check.Equals, true)
+ projlist, err := s.localdb.GroupList(ctxUser1, arvados.ListOptions{
+ Limit: -1,
+ Filters: []arvados.Filter{{"uuid", "in", []string{project.UUID, subproject.UUID}}},
+ })
+ c.Assert(err, check.IsNil)
+ c.Assert(projlist.Items, check.HasLen, 2)
+ for _, p := range projlist.Items {
+ c.Check(p.CanWrite, check.Equals, true)
+ c.Check(p.CanManage, check.Equals, true)
+ }
+
// Give 2nd user permission to read
permlink, err := s.localdb.LinkCreate(ctxAdmin, arvados.CreateOptions{
Attrs: map[string]interface{}{
c.Assert(err, check.IsNil)
c.Check(subproject2.CanWrite, check.Equals, false)
c.Check(subproject2.CanManage, check.Equals, true)
+
+ u, err := s.localdb.UserGet(ctxUser1, arvados.GetOptions{
+ UUID: arvadostest.ActiveUserUUID,
+ })
+ c.Assert(err, check.IsNil)
+ c.Check(u.CanWrite, check.Equals, true)
+ c.Check(u.CanManage, check.Equals, true)
+
+ for _, selectParam := range [][]string{
+ nil,
+ {"can_write", "can_manage"},
+ } {
+ c.Logf("selectParam: %+v", selectParam)
+ ulist, err := s.localdb.UserList(ctxUser1, arvados.ListOptions{
+ Limit: -1,
+ Filters: []arvados.Filter{{"uuid", "=", arvadostest.ActiveUserUUID}},
+ Select: selectParam,
+ })
+ c.Assert(err, check.IsNil)
+ c.Assert(ulist.Items, check.HasLen, 1)
+ c.Logf("%+v", ulist.Items)
+ for _, u := range ulist.Items {
+ c.Check(u.CanWrite, check.Equals, true)
+ c.Check(u.CanManage, check.Equals, true)
+ }
+ }
}
return super if @read_users.any?(&:is_admin)
if params[:uuid] != current_user.andand.uuid
# Non-admin index/show returns very basic information about readable users.
- safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name", "username"]
+ safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name", "username", "can_write", "can_manage"]
if @select
@select = @select & safe_attrs
else
get(:index)
check_non_admin_index
check_readable_users_index [:spectator], [:inactive, :active]
+ json_response["items"].each do |u|
+ if u["uuid"] == users(:spectator).uuid
+ assert_equal true, u["can_write"]
+ assert_equal true, u["can_manage"]
+ end
+ end
end
test "non-admin user gets only safe attributes from users#show" do
end
NON_ADMIN_USER_DATA = ["uuid", "kind", "is_active", "email", "first_name",
- "last_name", "username"].sort
+ "last_name", "username", "can_write", "can_manage"].sort
def check_non_admin_index
assert_response :success