end
def index
- current_user_uuid = current_user.uuid
- act_as_system_user do
- uuids = Link.where(owner_uuid: system_user_uuid,
- link_class: 'signature',
- name: 'require',
- tail_kind: 'arvados#user',
- tail_uuid: system_user_uuid,
- head_kind: 'arvados#collection').
- collect &:head_uuid
- @objects = Collection.where('uuid in (?)', uuids)
+ if not current_user.is_invited
+ # New users cannot see user agreements until/unless invited to
+ # use this installation.
+ @objects = []
+ else
+ current_user_uuid = current_user.uuid
+ act_as_system_user do
+ uuids = Link.where(owner_uuid: system_user_uuid,
+ link_class: 'signature',
+ name: 'require',
+ tail_kind: 'arvados#user',
+ tail_uuid: system_user_uuid,
+ head_kind: 'arvados#collection').
+ collect &:head_uuid
+ @objects = Collection.where('uuid in (?)', uuids)
+ end
end
@response_resource_name = 'collection'
super
def activate
if current_user.andand.is_admin && params[:uuid]
- @user = User.find params[:uuid]
+ @object = User.find params[:uuid]
else
- @user = current_user
+ @object = current_user
end
- if not @user.is_active
- target_user_uuid = @user.uuid
+ if not @object.is_active
+ if not (current_user.is_admin or @object.is_invited)
+ logger.warn "User #{@object.uuid} called users.activate " +
+ "but is not invited"
+ raise ArgumentError.new "Cannot activate without being invited."
+ end
act_as_system_user do
required_uuids = Link.where(owner_uuid: system_user_uuid,
link_class: 'signature',
link_class: 'signature',
name: 'click',
tail_kind: 'arvados#user',
- tail_uuid: target_user_uuid,
+ tail_uuid: @object.uuid,
head_kind: 'arvados#collection',
head_uuid: required_uuids).
collect(&:head_uuid)
todo_uuids = required_uuids - signed_uuids
if todo_uuids == []
- @user.update_attributes is_active: true
- logger.info "User #{@user.uuid} activated"
+ @object.update_attributes is_active: true
+ logger.info "User #{@object.uuid} activated"
else
- logger.warn "User #{@user.uuid} called users.activate " +
+ logger.warn "User #{@object.uuid} called users.activate " +
"before signing agreements #{todo_uuids.inspect}"
raise ArgumentError.new \
"Cannot activate without user agreements #{todo_uuids.inspect}."
end
end
end
- @object = @user
show
end
end
t.add :identity_url
t.add :is_active
t.add :is_admin
+ t.add :is_invited
t.add :prefs
end
"#{first_name} #{last_name}"
end
+ def is_invited
+ (self.is_active ||
+ Rails.configuration.new_users_are_active ||
+ self.groups_i_can(:read).select { |x| x.match /-f+$/ }.first)
+ end
+
def groups_i_can(verb)
self.group_permissions.select { |uuid, mask| mask[verb] }.keys
end
api_token: 5s29oj2hzmcmpq80hx9cta0rl5wuf3xfd6r7disusaptz7h9m0
expires_at: 2038-01-01 00:00:00
+inactive_uninvited:
+ api_client: untrusted
+ user: inactive_uninvited
+ api_token: 62mhllc0otp78v08e3rpa3nsmf8q8ogk47f7u5z4erp5gpj9al
+ expires_at: 2038-01-01 00:00:00
+
inactive_but_signed_user_agreement:
api_client: untrusted
user: inactive_but_signed_user_agreement
owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
name: Public
description: Public Group
+
+all_users:
+ uuid: zzzzz-j7d0g-fffffffffffffff
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ name: All users
head_kind: arvados#collection
head_uuid: b519d9cb706a29fc7ea24dbea2f05851
properties: {}
+
+inactive_user_member_of_all_users_group:
+ uuid: zzzzz-o0j2j-osckxpy5hl5fjk5
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2013-12-26T20:52:21Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ modified_at: 2013-12-26T20:52:21Z
+ updated_at: 2013-12-26T20:52:21Z
+ tail_kind: arvados#user
+ tail_uuid: zzzzz-tpzed-x9kqpd79egh49c7
+ link_class: permission
+ name: can_read
+ head_kind: arvados#group
+ head_uuid: zzzzz-j7d0g-fffffffffffffff
+ properties: {}
+
+inactive_signed_ua_user_member_of_all_users_group:
+ uuid: zzzzz-o0j2j-qkhyjcr6tidk652
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2013-12-26T20:52:21Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ modified_at: 2013-12-26T20:52:21Z
+ updated_at: 2013-12-26T20:52:21Z
+ tail_kind: arvados#user
+ tail_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ link_class: permission
+ name: can_read
+ head_kind: arvados#group
+ head_uuid: zzzzz-j7d0g-fffffffffffffff
+ properties: {}
is_admin: false
prefs: {}
+inactive_uninvited:
+ uuid: zzzzz-tpzed-rf2ec3ryh4vb5ma
+ email: inactive-uninvited-user@arvados.local
+ first_name: Inactive and Uninvited
+ last_name: User
+ identity_url: https://inactive-uninvited-user.openid.local
+ is_active: false
+ is_admin: false
+ prefs: {}
+
inactive:
uuid: zzzzz-tpzed-x9kqpd79egh49c7
email: inactive-user@arvados.local
assert_not_nil agreements_list['items'][0]
end
+ test "uninvited user receives empty list of user agreements" do
+ authorize_with :inactive_uninvited
+ get :index
+ assert_response :success
+ assert_not_nil assigns(:objects)
+ agreements_list = JSON.parse(@response.body)
+ assert_not_nil agreements_list['items']
+ assert_nil agreements_list['items'][0]
+ end
+
end
# Add more helper methods to be used by all tests here...
end
+
+# Ensure permissions are computed from the test fixtures.
+User.invalidate_permissions_cache