3072: add an empty collection in db seeds

Added empty collection (owned by the anonymous group) to test fixtures
and to db/seeds.rb.

API integration tests: in permissions_test.rb, test that the active user
can read objects in the anonymous group, even when there are no explicit
permission links on that group or objects in it.

Workbench integration tests: added a test to confirm that a non-admin
user can get the empty collection.

Cleanup code: User.can? now takes either a uuid or an object for the target.

Refs #3072.

diff --git a/apps/workbench/test/integration/collections_test.rb b/apps/workbench/test/integration/collections_test.rb
index 8ac8fe4fb360c1a95683de09bbe8f621879fd301..8657aaa0e492308075f891e89f89aece2df7a6b3 100644 (file)
--- a/apps/workbench/test/integration/collections_test.rb
+++ b/apps/workbench/test/integration/collections_test.rb
@@ -74,4 +74,10 @@ class CollectionsTest < ActionDispatch::IntegrationTest
     assert_equal(['foo'], hrefs.compact.sort,
                  "download page did provide strictly file links")
   end
+
+  test "can view empty collection" do
+    uuid = 'd41d8cd98f00b204e9800998ecf8427e+0'
+    visit page_with_token('active', "/collections/#{uuid}")
+    assert page.has_text?('This collection is empty')
+  end
 end

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index e79c485f17493cde51cb7bec59c212bb5dc7857e..65475853f2810e3a355c8f11085e5abec36d1571 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -51,9 +51,13 @@ class User < ArvadosModel
   def can?(actions)
     return true if is_admin
     actions.each do |action, target|
-      target_uuid = target
-      if target.respond_to? :uuid
-        target_uuid = target.uuid
+      unless target.nil?
+        if target.respond_to? :uuid
+          target_uuid = target.uuid
+        else
+          target_uuid = target
+          target = ArvadosModel.find_by_uuid(target_uuid)
+        end
       end
       next if target_uuid == self.uuid
       next if (group_permissions[target_uuid] and

diff --git a/services/api/db/migrate/20140714184006_empty_collection.rb b/services/api/db/migrate/20140714184006_empty_collection.rb
new file mode 100644 (file)
index 0000000..2afd582
--- /dev/null
+++ b/services/api/db/migrate/20140714184006_empty_collection.rb
@@ -0,0 +1,13 @@
+class EmptyCollection < ActiveRecord::Migration
+  include CurrentApiClient
+
+  def up
+    empty_collection
+  end
+
+  def down
+    act_as_system_user do
+      empty_collection.destroy
+    end
+  end
+end

diff --git a/services/api/db/seeds.rb b/services/api/db/seeds.rb
index abd325c724267c76a5a4e11e696bdc62c60ee483..d397b91bfd516af3e325476d0eb12c3fecdb5302 100644 (file)
--- a/services/api/db/seeds.rb
+++ b/services/api/db/seeds.rb
@@ -9,3 +9,4 @@ system_user
 system_group
 anonymous_group
 anonymous_user
+empty_collection

diff --git a/services/api/db/structure.sql b/services/api/db/structure.sql
index 850a89e8eee921709bcaa445db5c802ed1a2f385..61433a665fef774e0eaaebbe92ed7ffb09c816cb 100644 (file)
--- a/services/api/db/structure.sql
+++ b/services/api/db/structure.sql
@@ -1971,4 +1971,6 @@ INSERT INTO schema_migrations (version) VALUES ('20140611173003');
 
 INSERT INTO schema_migrations (version) VALUES ('20140627210837');
 
-INSERT INTO schema_migrations (version) VALUES ('20140709172343');
\ No newline at end of file
+INSERT INTO schema_migrations (version) VALUES ('20140709172343');
+
+INSERT INTO schema_migrations (version) VALUES ('20140714184006');
\ No newline at end of file

diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 94bd2b56a887999fa73b6603944a45136cef4bd9..7100f3a9ebcc5c1b48bce9409c600a7c2f9e71dd 100644 (file)
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -158,4 +158,19 @@ module CurrentApiClient
     $anonymous_user
   end
 
+  def empty_collection_uuid
+    'd41d8cd98f00b204e9800998ecf8427e+0'
+  end
+
+  def empty_collection
+    if not $empty_collection
+      act_as_system_user do
+        $empty_collection = Collection.
+          where(uuid: empty_collection_uuid).
+          first_or_create!(owner_uuid: anonymous_group_uuid,
+                           manifest_text: '')
+      end
+    end
+    $empty_collection
+  end
 end

diff --git a/services/api/test/fixtures/collections.yml b/services/api/test/fixtures/collections.yml
index bce7df13ddb25caf3846b3517f2b5bb9af325d3f..73ec920acc63401938a0cd3dba5aba99277d15a5 100644 (file)
--- a/services/api/test/fixtures/collections.yml
+++ b/services/api/test/fixtures/collections.yml
@@ -69,3 +69,26 @@ docker_image:
   modified_at: 2014-06-11T17:22:54Z
   updated_at: 2014-06-11T17:22:54Z
   manifest_text: ". d21353cfe035e3e384563ee55eadbb2f+67108864 5c77a43e329b9838cbec18ff42790e57+55605760 0:122714624:d8309758b8fe2c81034ffc8a10c36460b77db7bc5e7b448c4e5b684f9d95a678.tar\n"
+
+anonymous:
+  # Collection owned by the anonymous group
+  # (should be readable by all users)
+  uuid: 39e4ec5e67d7c6c8dcb549d7593180af+32
+  owner_uuid: zzzzz-j7d0g-anonymouspublic
+  created_at: 2014-06-11T17:22:54Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-06-11T17:22:54Z
+  updated_at: 2014-06-11T17:22:54Z
+  manifest_text: ". anonymous-collection-file.txt\n"
+
+empty:
+  # Empty collection owned by anonymous_group is added with rake db:seed.
+  uuid: d41d8cd98f00b204e9800998ecf8427e+0
+  owner_uuid: zzzzz-j7d0g-anonymouspublic
+  created_at: 2014-06-11T17:22:54Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-06-11T17:22:54Z
+  updated_at: 2014-06-11T17:22:54Z
+  manifest_text: ""

diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb
index 274e8f166bd911f863edec56a6f6fdefcc093459..26a0f02e8f1b41a6dc36c4fcbfe725e660a8a7d7 100644 (file)
--- a/services/api/test/integration/permissions_test.rb
+++ b/services/api/test/integration/permissions_test.rb
@@ -1,6 +1,7 @@
 require 'test_helper'
 
 class PermissionsTest < ActionDispatch::IntegrationTest
+  include CurrentApiClient  # for empty_collection
   fixtures :users, :groups, :api_client_authorizations, :collections
 
   test "adding and removing direct can_read links" do
@@ -360,4 +361,34 @@ class PermissionsTest < ActionDispatch::IntegrationTest
     get "/arvados/v1/permissions/#{groups(:public).uuid}", nil, auth(:active)
     assert_response 403
   end
+
+  test "active user can read an object in the anonymous group" do
+    # make sure there is no link explicitly granting permission to
+    # the anonymous collection or its owner
+    get("/arvados/v1/permissions/#{collections(:anonymous).owner_uuid}",
+        { :format => :json },
+        auth(:admin))
+    assert_response :success
+    assert_empty json_response['items']
+
+    get("/arvados/v1/permissions/#{collections(:anonymous).uuid}",
+        { :format => :json },
+        auth(:admin))
+    assert_response :success
+    assert_empty json_response['items']
+
+    # the active user should still be able to read the anonymous collection.
+    get("/arvados/v1/collections/#{collections(:anonymous).uuid}",
+        { :format => :json },
+        auth(:active))
+    assert_response :success
+    assert_equal json_response['manifest_text'], collections(:anonymous).manifest_text
+
+    # the active user should be able to read the empty collection
+    get("/arvados/v1/collections/#{empty_collection_uuid}",
+        { :format => :json },
+        auth(:active))
+    assert_response :success
+    assert_empty json_response['manifest_text'], "empty collection manifest_text is not empty"
+  end
 end