projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e358c0)
16811: Add a test that system users/groups can't be deleted.
authorPeter Amstutz <peter.amstutz@curii.com>
Fri, 18 Sep 2020 23:21:09 +0000 (19:21 -0400)
committerPeter Amstutz <peter.amstutz@curii.com>
Fri, 18 Sep 2020 23:21:09 +0000 (19:21 -0400)
Also tweak PublicFavoritesProject migration to use up/down instead of
change.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

services/api/db/migrate/20200914203202_public_favorites_project.rb patch | blob | history
services/api/test/fixtures/groups.yml patch | blob | history
services/api/test/unit/permission_test.rb patch | blob | history

diff --git a/services/api/db/migrate/20200914203202_public_favorites_project.rb b/services/api/db/migrate/20200914203202_public_favorites_project.rb
index 0718778ddca7315ea443b7a128b8cdfc3f85ea70..ef139aa70437f2da1bf68063904eef7fe44fabed 100644 (file)
--- a/services/api/db/migrate/20200914203202_public_favorites_project.rb
+++ b/services/api/db/migrate/20200914203202_public_favorites_project.rb
@@ -4,7 +4,7 @@
 
 class PublicFavoritesProject < ActiveRecord::Migration[5.2]
   include CurrentApiClient
-  def change
+  def up
     act_as_system_user do
       public_project_group
       public_project_read_permission
@@ -17,4 +17,7 @@ class PublicFavoritesProject < ActiveRecord::Migration[5.2]
       end
     end
   end
+
+  def down
+  end
 end
diff --git a/services/api/test/fixtures/groups.yml b/services/api/test/fixtures/groups.yml
index ee0d786bbe2f1537a9ef904df51eba7f221eea75..31a72f17208090a9b210996b4c34379e95116aa1 100644 (file)
--- a/services/api/test/fixtures/groups.yml
+++ b/services/api/test/fixtures/groups.yml
@@ -56,6 +56,13 @@ system_group:
   description: System-owned Group
   group_class: role
 
+public_favorites_project:
+  uuid: zzzzz-j7d0g-publicfavorites
+  owner_uuid: zzzzz-tpzed-000000000000000
+  name: Public favorites
+  description: Public favorites
+  group_class: project
+
 empty_lonely_group:
   uuid: zzzzz-j7d0g-jtp06ulmvsezgyu
   owner_uuid: zzzzz-tpzed-000000000000000
diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index 10664474c68bf219a4cfb521a0431e97a21c5fdc..123031b35feb90b0fc874b0461fff896ca531702 100644 (file)
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -579,4 +579,24 @@ class PermissionTest < ActiveSupport::TestCase
     assert users(:active).can?(write: prj.uuid)
     assert users(:active).can?(manage: prj.uuid)
   end
+
+  [system_user_uuid, anonymous_user_uuid].each do |u|
+    test "cannot delete system user #{u}" do
+      act_as_system_user do
+        assert_raises ArvadosModel::PermissionDeniedError do
+          User.find_by_uuid(u).destroy
+        end
+      end
+    end
+  end
+
+  [system_group_uuid, anonymous_group_uuid, public_project_uuid].each do |g|
+    test "cannot delete system group #{g}" do
+      act_as_system_user do
+        assert_raises ArvadosModel::PermissionDeniedError do
+          Group.find_by_uuid(g).destroy
+        end
+      end
+    end
+  end
 end