after_update :log_update
after_destroy :log_destroy
after_find :convert_serialized_symbols_to_strings
+ before_validation :normalize_collection_uuids
validate :ensure_serialized_attribute_type
- validate :normalize_collection_uuids
validate :ensure_valid_uuids
# Note: This only returns permission links. It does not account for
self.owner_uuid ||= current_user.uuid
end
+ if self.owner_uuid.nil?
+ errors.add :owner_uuid, "cannot be nil"
+ raise PermissionDeniedError
+ end
+
rsc_class = ArvadosModel::resource_class_for_uuid owner_uuid
unless rsc_class == User or rsc_class == Group
errors.add :owner_uuid, "can only be set to User or Group"
include CanBeAnOwner
after_create :invalidate_permissions_cache
after_update :maybe_invalidate_permissions_cache
+ before_create :assign_name
api_accessible :user, extend: :common do |t|
t.add :name
# immediately after being created.
User.invalidate_permissions_cache
end
+
+ def assign_name
+ if self.new_record? and (self.name.nil? or self.name.empty?)
+ self.name = self.uuid
+ end
+ true
+ end
+
end
--- /dev/null
+class AddNotNullConstraintToGroupName < ActiveRecord::Migration
+ def change
+ ActiveRecord::Base.connection.execute("update groups set name=uuid where name is null or name=''")
+ change_column_null :groups, :name, false
+ end
+end
modified_by_client_uuid character varying(255),
modified_by_user_uuid character varying(255),
modified_at timestamp without time zone,
- name character varying(255),
+ name character varying(255) NOT NULL,
description text,
updated_at timestamp without time zone NOT NULL,
group_class character varying(255)
INSERT INTO schema_migrations (version) VALUES ('20140815171049');
-INSERT INTO schema_migrations (version) VALUES ('20140817035914');
\ No newline at end of file
+INSERT INTO schema_migrations (version) VALUES ('20140817035914');
+
+INSERT INTO schema_migrations (version) VALUES ('20140818125735');
\ No newline at end of file
name: Private and Can Read Foofile
description: Another Private Group
-system_owned_group:
- uuid: zzzzz-j7d0g-8ulrifv67tve5sx
- owner_uuid: zzzzz-tpzed-000000000000000
- name: System Private
- description: System-owned Group
-
system_group:
uuid: zzzzz-j7d0g-000000000000000
owner_uuid: zzzzz-tpzed-000000000000000
name: Unrestricted public data
group_class: project
description: An anonymously accessible project
+
+active_user_has_can_manage:
+ uuid: zzzzz-j7d0g-ptt1ou6a9lxrv07
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ name: Active user has can_manage
head_uuid: zzzzz-j7d0g-fffffffffffffff
properties: {}
-active_user_can_manage_system_owned_group:
+active_user_can_manage_group:
uuid: zzzzz-o0j2j-3sa30nd3bqn1msh
owner_uuid: zzzzz-tpzed-000000000000000
created_at: 2014-02-03 15:42:26 -0800
tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
link_class: permission
name: can_manage
- head_uuid: zzzzz-j7d0g-8ulrifv67tve5sx
+ head_uuid: zzzzz-j7d0g-ptt1ou6a9lxrv07
properties: {}
user_agreement_signed_by_active:
assert_equal 'zzzzz-j7d0g-rew6elm53kancon', resp['owner_uuid']
end
+ test "create fails with duplicate name" do
+ permit_unsigned_manifests
+ authorize_with :admin
+ manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
+ post :create, {
+ collection: {
+ owner_uuid: 'zzzzz-tpzed-000000000000000',
+ manifest_text: manifest_text,
+ portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47",
+ name: "foo_file"
+ }
+ }
+ assert_response 422
+ end
+
test "create with owner_uuid set to group i can_manage" do
permit_unsigned_manifests
authorize_with :active
manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
post :create, {
collection: {
- owner_uuid: groups(:system_owned_group).uuid,
+ owner_uuid: groups(:active_user_has_can_manage).uuid,
manifest_text: manifest_text,
portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47"
}
}
assert_response :success
resp = JSON.parse(@response.body)
- assert_equal 'zzzzz-j7d0g-8ulrifv67tve5sx', resp['owner_uuid']
+ assert_equal groups(:active_user_has_can_manage).uuid, resp['owner_uuid']
end
- test "create with owner_uuid fails on group with can_read permission" do
+ test "create with owner_uuid fails on group with only can_read permission" do
permit_unsigned_manifests
authorize_with :active
manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
assert_empty Collection.where('uuid like ?', manifest_uuid+'%'),
"Collection should not exist in database after failed create"
end
+
end
assert_response :success
end
- test "refuse duplicate name" do
- skip "Fix for uniqueness constraints"
- the_name = links(:job_name_in_aproject).name
- the_project = links(:job_name_in_aproject).tail_uuid
- authorize_with :active
- post :create, link: {
- tail_uuid: the_project,
- head_uuid: specimens(:owned_by_active_user).uuid,
- link_class: 'name',
- name: the_name,
- properties: {this_s: "a duplicate name"}
- }
- assert_response 422
- end
-
test "project owner can show a project permission" do
uuid = links(:project_viewer_can_read_project).uuid
authorize_with :active
# Use the group as the owner of a new object
s = Specimen.
create(owner_uuid: groups(:bad_group_has_ownership_cycle_b).uuid)
- assert s.valid?, "ownership should pass validation"
+ puts s.errors.messages
+ assert s.valid?, "ownership should pass validation #{s.errors.messages}"
assert_equal false, s.save, "should not save object with #{g.uuid} as owner"
# Use the group as the new owner of an existing object
test "cannot create a new ownership cycle" do
set_user_from_auth :active_trustedclient
- g_foo = Group.create(name: "foo")
- g_foo.save!
-
- g_bar = Group.create(name: "bar")
- g_bar.save!
+ g_foo = Group.create!(name: "foo")
+ g_bar = Group.create!(name: "bar")
g_foo.owner_uuid = g_bar.uuid
assert g_foo.save, lambda { g_foo.errors.messages }
test "cannot create a single-object ownership cycle" do
set_user_from_auth :active_trustedclient
- g_foo = Group.create(name: "foo")
+ g_foo = Group.create!(name: "foo")
assert g_foo.save
# Ensure I have permission to manage this group even when its owner changes
- perm_link = Link.create(tail_uuid: users(:active).uuid,
+ perm_link = Link.create!(tail_uuid: users(:active).uuid,
head_uuid: g_foo.uuid,
link_class: 'permission',
name: 'can_manage')
Group.all
[User, Group].each do |o_class|
test "create object with legit #{o_class} owner" do
- o = o_class.create
+ o = o_class.create!
i = Specimen.create(owner_uuid: o.uuid)
assert i.valid?, "new item should pass validation"
assert i.uuid, "new item should have an ID"
[User, Group].each do |new_o_class|
test "change owner from legit #{o_class} to legit #{new_o_class} owner" do
- o = o_class.create
- i = Specimen.create(owner_uuid: o.uuid)
- new_o = new_o_class.create
+ o = o_class.create!
+ i = Specimen.create!(owner_uuid: o.uuid)
+ new_o = new_o_class.create!
assert(Specimen.where(uuid: i.uuid).any?,
"new item should really be in DB")
assert(i.update_attributes(owner_uuid: new_o.uuid),
end
test "delete #{o_class} that owns nothing" do
- o = o_class.create
+ o = o_class.create!
assert(o_class.where(uuid: o.uuid).any?,
"new #{o_class} should really be in DB")
assert(o.destroy, "should delete #{o_class} that owns nothing")
test "change uuid of #{o_class} that owns nothing" do
# (we're relying on our admin credentials here)
- o = o_class.create
+ o = o_class.create!
assert(o_class.where(uuid: o.uuid).any?,
"new #{o_class} should really be in DB")
old_uuid = o.uuid
end
test "delete User that owns self" do
- o = User.create
+ o = User.create!
assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
assert_equal(true, o.update_attributes(owner_uuid: o.uuid),
"setting owner to self should work")
end
test "change uuid of User that owns self" do
- o = User.create
+ o = User.create!
assert User.where(uuid: o.uuid).any?, "new User should really be in DB"
assert_equal(true, o.update_attributes(owner_uuid: o.uuid),
"setting owner to self should work")