Users are activated if they were active on their original cluster.
Update check script part of federation-migrate test to check
is_active.
Also add assertions to permission test "users with bidirectional read
permission in group can see each other" to explictly check that the
other user appears in user's user listing.
no issue #
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>
return None
print("(%s) No user listed with same email to migrate %s to %s, will create new user with username '%s'" % (email, old_user_uuid, userhome, username))
if not args.dry_run:
return None
print("(%s) No user listed with same email to migrate %s to %s, will create new user with username '%s'" % (email, old_user_uuid, userhome, username))
if not args.dry_run:
+ oldhomecluster = old_user_uuid[0:5]
+ oldhomearv = clusters[oldhomecluster]
newhomecluster = userhome[0:5]
homearv = clusters[userhome]
user = None
try:
newhomecluster = userhome[0:5]
homearv = clusters[userhome]
user = None
try:
+ olduser = oldhomearv.users().get(uuid=old_user_uuid).execute()
conflicts = homearv.users().list(filters=[["username", "=", username]]).execute()
if conflicts["items"]:
homearv.users().update(uuid=conflicts["items"][0]["uuid"], body={"user": {"username": username+"migrate"}}).execute()
conflicts = homearv.users().list(filters=[["username", "=", username]]).execute()
if conflicts["items"]:
homearv.users().update(uuid=conflicts["items"][0]["uuid"], body={"user": {"username": username+"migrate"}}).execute()
- user = homearv.users().create(body={"user": {"email": email, "username": username}}).execute()
+ user = homearv.users().create(body={"user": {"email": email, "username": username, "is_active": olduser["is_active"]}}).execute()
except arvados.errors.ApiError as e:
print("(%s) Could not create user: %s" % (email, str(e)))
return None
except arvados.errors.ApiError as e:
print("(%s) Could not create user: %s" % (email, str(e)))
return None
apiB = arvados.api(host=j["arvados_api_hosts"][1], token=j["superuser_tokens"][1], insecure=True)
apiC = arvados.api(host=j["arvados_api_hosts"][2], token=j["superuser_tokens"][2], insecure=True)
apiB = arvados.api(host=j["arvados_api_hosts"][1], token=j["superuser_tokens"][1], insecure=True)
apiC = arvados.api(host=j["arvados_api_hosts"][2], token=j["superuser_tokens"][2], insecure=True)
+###
+### Check users on API server "A" (the LoginCluster) ###
+###
+
users = apiA.users().list().execute()
assert len(users["items"]) == 11
users = apiA.users().list().execute()
assert len(users["items"]) == 11
by_username[u["username"]] = u["uuid"]
assert found
by_username[u["username"]] = u["uuid"]
assert found
+# Should be active
+for i in (1, 2, 3, 4, 5, 6, 7, 8):
+ found = False
+ for u in users["items"]:
+ if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["is_active"] is True:
+ found = True
+ assert found, "Not found case%i" % i
+
+# case9 should not be active
found = False
for u in users["items"]:
if (u["username"] == "case9" and u["email"] == "case9@test" and
found = False
for u in users["items"]:
if (u["username"] == "case9" and u["email"] == "case9@test" and
found = True
assert found
found = True
assert found
+
+###
+### Check users on API server "B" (federation member) ###
+###
users = apiB.users().list().execute()
assert len(users["items"]) == 11
users = apiB.users().list().execute()
assert len(users["items"]) == 11
found = False
for u in users["items"]:
found = False
for u in users["items"]:
- if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
+ if (u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is True):
+ assert found, "Not found case%i" % i
+
+found = False
+for u in users["items"]:
+ if (u["username"] == "case9" and u["email"] == "case9@test" and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is False):
+ found = True
+assert found
+
+###
+### Check users on API server "C" (federation member) ###
+###
users = apiC.users().list().execute()
assert len(users["items"]) == 8
for i in (2, 4, 6, 7, 8):
found = False
for u in users["items"]:
users = apiC.users().list().execute()
assert len(users["items"]) == 8
for i in (2, 4, 6, 7, 8):
found = False
for u in users["items"]:
- if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
+ if (u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is True):
found = True
assert found
found = True
assert found
for i in (3, 5, 9):
found = False
for u in users["items"]:
for i in (3, 5, 9):
found = False
for u in users["items"]:
- if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
+ if (u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is True):
found = True
assert not found
found = True
assert not found
a = create :active_user, first_name: "A"
b = create :active_user, first_name: "B"
other = create :active_user, first_name: "OTHER"
a = create :active_user, first_name: "A"
b = create :active_user, first_name: "B"
other = create :active_user, first_name: "OTHER"
+
+ assert_empty(User.readable_by(b).where(uuid: a.uuid),
+ "#{b.first_name} should not be able to see 'a' in the user list")
+ assert_empty(User.readable_by(a).where(uuid: b.uuid),
+ "#{a.first_name} should not be able to see 'b' in the user list")
+
act_as_system_user do
g = create :group
[a,b].each do |u|
act_as_system_user do
g = create :group
[a,b].each do |u|
name: 'can_read', head_uuid: u.uuid, tail_uuid: g.uuid)
end
end
name: 'can_read', head_uuid: u.uuid, tail_uuid: g.uuid)
end
end
+
+ assert_not_empty(User.readable_by(b).where(uuid: a.uuid),
+ "#{b.first_name} should be able to see 'a' in the user list")
+ assert_not_empty(User.readable_by(a).where(uuid: b.uuid),
+ "#{a.first_name} should be able to see 'b' in the user list")
+
a_specimen = act_as_user a do
Specimen.create!
end
a_specimen = act_as_user a do
Specimen.create!
end