From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Thu, 14 Jul 2022 13:59:41 +0000 (-0300)
Subject: 19139: Adds tests related to user creation.
X-Git-Tag: 2.5.0~119^2~2
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/0873efcdab481d9f77f477f4adbf56ee3380f2f9

19139: Adds tests related to user creation.

* Confirms that non-admin users cannot create user records.
* Exposes bug where user's owner_uuid fields were populated with the UUID of
  the creating admin user instead of using the system root user's UUID.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---

diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb
index 3660d35bad..369e3a2efa 100644
--- a/services/api/test/integration/users_test.rb
+++ b/services/api/test/integration/users_test.rb
@@ -493,4 +493,31 @@ class UsersTest < ActionDispatch::IntegrationTest
       headers: auth(:admin))
     assert_response 422
   end
+
+  test "creating users only accepted for admins" do
+    assert_equal false, users(:active).is_admin
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:active)
+    assert_response 403
+  end
+
+  test "create users assigns the system root user as their owner" do
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:admin)
+    assert_response :success
+    assert_not_nil json_response["uuid"]
+    assert_equal users(:system_user).uuid, json_response["owner_uuid"]
+  end
 end