table(table table-bordered table-condensed).
|_. Argument |_. Type |_. Description |_. Location |_. Example |
{background:#ccffcc}.|uuid|string|The UUID of the group in question.|path||
-|include_indirect|boolean|If true, results will include items on which the given group has _can_manage_ permission, although they are owned by different users/groups.|path|{white-space:nowrap}. @false@ (default)
+|include_linked|boolean|If true, results will also include items on which the given group has _can_manage_ permission, even if they are owned by different users/groups.|path|{white-space:nowrap}. @false@ (default)
@true@|
h2. show
table(table table-bordered table-condensed).
|_. Argument |_. Type |_. Description |_. Location |_. Example |
{background:#ccffcc}.|uuid|string|The UUID of the user in question.|path||
-|include_indirect|boolean|If true, results will include items on which the given user has _can_manage_ permission, although they are owned by different users/groups.|path|{white-space:nowrap}. @false@ (default)
+|include_linked|boolean|If true, results will also include items on which the given user has _can_manage_ permission, even if they are owned by different users/groups.|path|{white-space:nowrap}. @false@ (default)
@true@|
h2. show
table(table table-bordered table-condensed).
|_. Attribute|_. Type|_. Description|_. Example|
|name|string|||
-|group_class|string|Type of group. This does not affect behavior, but determines how the group is presented in the user interface.|@folder@|
+|group_class|string|Type of group. This does not affect behavior, but determines how the group is presented in the user interface. For example, @folder@ indicates that the group should be displayed by Workbench and arv-mount as a folder for organizing and naming objects.|@"folder"@
+null|
|description|text|||
|updated_at|datetime|||
|_. tail_type→head_type|_. name→head_uuid {properties}|_. Notes|
|User→Group |{white-space:nowrap}. can_manage → _group uuid_|The User can read, write, and control permissions on the Group itself, every object owned by the Group, and every object on which the Group has _can_manage_ permission.|
|User→Group |can_read → _group uuid_ |The User can retrieve the Group itself and every object that is readable by the Group.|
-|User→Job|can_write → _job uuid_ |The User can read and update the Job. (This works for all object types, not just jobs.)|
-|User→Job|can_manage → _job uuid_ |The User can read, update, and change permissions for the Job. (This works for all object types, not just jobs.)|
-|Group→Job|can_manage → _job uuid_ |Anyone with _can_manage_ permission on the Group can also read, update, and change permissions for the Job. Anyone with _can_read_ permission on the Group can read the Job. (This works for all object types, not just jobs.)|
+|User→Job|can_write → _job uuid_ |The User can read and update the Job. (This works for all objects, not just jobs.)|
+|User→Job|can_manage → _job uuid_ |The User can read, update, and change permissions for the Job. (This works for all objects, not just jobs.)|
+|Group→Job|can_manage → _job uuid_ |Anyone with _can_manage_ permission on the Group can also read, update, and change permissions for the Job. Anyone with _can_read_ permission on the Group can read the Job. (This works for all objects, not just jobs.)|
h3. resources
def self._owned_items_requires_parameters
_index_requires_parameters.
merge({
- include_indirect: {
+ include_linked: {
type: 'boolean', required: false, default: false
},
})
all_objects = []
all_available = 0
- # We stuffed params[:uuid] into @where in find_object_by_uuid,
- # but we don't want it there any more.
- @where = {}
-
# Trick apply_where_limit_order_params into applying suitable
# per-table values. *_all are the real ones we'll apply to the
# aggregate set.
@objects = klass.readable_by(current_user)
cond_sql = "#{klass.table_name}.owner_uuid = ?"
cond_params = [@object.uuid]
- if params[:include_indirect]
+ if params[:include_linked]
@objects = @objects.
joins("LEFT JOIN links mng_links"\
" ON mng_links.link_class=#{klass.sanitize 'permission'}"\
def load_limit_offset_order_params
if params[:limit]
- begin
- @limit = params[:limit].to_i
- rescue
+ unless params[:limit].to_s.match(/^\d+$/)
raise ArgumentError.new("Invalid value for limit parameter")
end
+ @limit = params[:limit].to_i
else
@limit = DEFAULT_LIMIT
end
if params[:offset]
- begin
- @offset = params[:offset].to_i
- rescue
+ unless params[:offset].to_s.match(/^\d+$/)
raise ArgumentError.new("Invalid value for offset parameter")
end
+ @offset = params[:offset].to_i
else
@offset = 0
end
assert_equal 'folder', group['group_class']
group_uuids << group['uuid']
end
- assert_not_nil group_uuids.index groups(:afolder).uuid
- assert_not_nil group_uuids.index groups(:asubfolder).uuid
+ assert_includes group_uuids, groups(:afolder).uuid
+ assert_includes group_uuids, groups(:asubfolder).uuid
+ assert_not_includes group_uuids, groups(:system_group).uuid
+ assert_not_includes group_uuids, groups(:private).uuid
+ end
+
+ test "get list of groups that are not folders" do
+ authorize_with :active
+ get :index, filters: [['group_class', '=', nil]], format: :json
+ assert_response :success
+ group_uuids = []
+ jresponse['items'].each do |group|
+ assert_equal nil, group['group_class']
+ group_uuids << group['uuid']
+ end
+ assert_not_includes group_uuids, groups(:afolder).uuid
+ assert_not_includes group_uuids, groups(:asubfolder).uuid
+ assert_includes group_uuids, groups(:private).uuid
+ end
+
+ test "get list of groups with bogus group_class" do
+ authorize_with :active
+ get :index, {
+ filters: [['group_class', '=', 'nogrouphasthislittleclass']],
+ format: :json,
+ }
+ assert_response :success
+ assert_equal [], jresponse['items']
+ assert_equal 0, jresponse['items_available']
end
test 'get group-owned objects' do
assert_equal 0, jresponse['items_available']
end
- test 'get group-owned objects without include_indirect' do
+ test 'get group-owned objects without include_linked' do
unexpected_uuid = specimens(:in_afolder_linked_from_asubfolder).uuid
authorize_with :active
get :owned_items, {
assert_equal nil, uuids.index(unexpected_uuid)
end
- test 'get group-owned objects with include_indirect' do
+ test 'get group-owned objects with include_linked' do
expected_uuid = specimens(:in_afolder_linked_from_asubfolder).uuid
authorize_with :active
get :owned_items, {
id: groups(:asubfolder).uuid,
- include_indirect: true,
+ include_linked: true,
format: :json,
}
assert_response :success
end
[false, true].each do |inc_ind|
- test "get all pages of user-owned #{'and -indirect ' if inc_ind}objects" do
+ test "get all pages of user-owned #{'and -linked ' if inc_ind}objects" do
authorize_with :active
limit = 5
offset = 0
@jresponse = nil
get :owned_items, {
id: users(:active).uuid,
- include_indirect: inc_ind,
+ include_linked: inc_ind,
limit: limit,
offset: offset,
format: :json,
end
if inc_ind
assert_operator 0, :<, (jresponse.keys - [users(:active).uuid]).count,
- "Set include_indirect=true but did not receive any indirect items"
+ "Set include_linked=true but did not receive any non-owned items"
+ end
+ end
+ end
+
+ %w(offset limit).each do |arg|
+ ['foo', '', '1234five', '0x10', '-8'].each do |val|
+ test "Raise error on bogus #{arg} parameter #{val.inspect}" do
+ authorize_with :active
+ get :owned_items, {
+ :id => users(:active).uuid,
+ :format => :json,
+ arg => val,
+ }
+ assert_response 422
end
end
end
projects / arvados.git / commitdiff