sql_params += [uuid_list, user_uuids]
if sql_table == "links" and users_list.any?
- # This row is a 'permission' or 'resources' link class
- # The uuid for a member of users_list is referenced in either the head
- # or tail of the link
+ # This row is a 'permission' or 'resources' link class that
+ # references a member of users_list or a group readable by
+ # those users.
sql_conds += ["(#{sql_table}.link_class in (#{sanitize 'permission'}, #{sanitize 'resources'}) AND (#{sql_table}.head_uuid IN (?) OR #{sql_table}.tail_uuid IN (?)))"]
- sql_params += [user_uuids, user_uuids]
+ sql_params += [uuid_list, uuid_list]
end
if sql_table == "logs" and users_list.any?
name: test
properties: {}
+admin_can_write_aproject:
+ # Yes, this permission is effectively redundant.
+ # We use it to test that other project admins can see
+ # all the project's sharing.
+ uuid: zzzzz-o0j2j-adminmgsproject
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2014-01-24 20:42:26 -0800
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ modified_at: 2014-01-24 20:42:26 -0800
+ updated_at: 2014-01-24 20:42:26 -0800
+ tail_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ link_class: permission
+ name: can_write
+ head_uuid: zzzzz-j7d0g-v955i6s2oi1cbso
+ properties: {}
+
project_viewer_can_read_project:
uuid: zzzzz-o0j2j-projviewerreadp
owner_uuid: zzzzz-tpzed-000000000000000
}
assert_response 422
end
+
+ test "project owner sees project's permission links" do
+ authorize_with :active
+ get :index, filters: [['head_uuid', '=', groups(:aproject).uuid]]
+ uuid_list = assigns(:objects).andand.map(&:uuid)
+ assert_not_nil(uuid_list, "no index objects assigned")
+ [:admin_can_write_aproject, :project_viewer_can_read_project].each do |lsym|
+ assert_includes(uuid_list, links(lsym).uuid,
+ "#{lsym} missing from project permission index")
+ end
+ end
end
projects / arvados.git / commitdiff