api: Let admin users delete logs.

diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 08038db553307fb129fae27b63ff56b7a9f826b5..17d6ec42db6ce331ed71f99cd5474eb3148ecc4f 100644 (file)
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -57,12 +57,10 @@ class Log < ArvadosModel
   end
 
   def permission_to_update
-    false
+    current_user.andand.is_admin
   end
 
-  def permission_to_destroy
-    false
-  end
+  alias_method :permission_to_delete, :permission_to_update
 
   def set_default_event_at
     self.event_at ||= Time.now

diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index 0d55e4333abd7c6a00f7333eced82e6b84c226c3..8879dfad1bc70890248bae19434c4e3cb8aa91c6 100644 (file)
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -147,4 +147,22 @@ class LogTest < ActiveSupport::TestCase
     log.save!
     assert_equal(0, get_logs_about(log).size, "made a Log about a Log")
   end
+
+  test "non-admins can't modify or delete logs" do
+    set_user_from_auth :active_trustedclient
+    log = Log.new(summary: "immutable log test")
+    assert_nothing_raised { log.save! }
+    log.summary = "log mutation test should fail"
+    assert_raise(ArvadosModel::PermissionDeniedError) { log.save! }
+    assert_raise(ArvadosModel::PermissionDeniedError) { log.destroy }
+  end
+
+  test "admins can modify and delete logs" do
+    set_user_from_auth :admin_trustedclient
+    log = Log.new(summary: "admin log mutation test")
+    assert_nothing_raised { log.save! }
+    log.summary = "admin mutated log test"
+    assert_nothing_raised { log.save! }
+    assert_nothing_raised { log.destroy }
+  end
 end