Tim Pierce [Wed, 2 Jul 2014 12:59:58 +0000 (08:59 -0400)]
2873: changes for code review
Incorporating code review comments:
* @Link#get_permissions@ uses @Link.where@ instead of @find_objects_for_index@; @find_object_for_uuid@ just populates @@object@ with the head_uuid object and leaves @@objects@ alone.
* @ArvadosModel.lookup_by_uuid@ renamed @ArvadosModel.find_by_uuid@ and punts to the superclass if called as a subclass method.
* Test @get_permissions_returns_list@ checks that the :active user can get permissions. Also uses the group fixtures for testing permissions instead of collections (because can_manage permissions only work so far on users and groups.
Tim Pierce [Thu, 26 Jun 2014 18:17:48 +0000 (14:17 -0400)]
2873: add /permissions API method
The /permissions/:uuid method will return a list of all permissions that
the current user is allowed to see on the given uuid.
* New method LinksController::get_permissions, with a route from
/arvados/v1/permissions.
* LinksController overrides find_object_by_uuid to permit looking up a
uuid in any class, when called by get_permissions.
* Moved link permission checking to Link.ensure_owner_uuid_is_permitted.
* Use current_user.can? to check the user's permission on head_uuid.
Removed unnecessary owns? and can_manage? code.
* Unit tests:
* test/integration/permissions_test.rb: added tests:
* "get_permissions returns list"
* "get_permissions returns 404 for nonexistent uuid"
* "get_permissions returns 403 if user lacks manage permission"
* test/unit/link.rb: test that only permission and name links have
their ownership changed upon save.
* test/unit/permission_test.rb: test the following scenario: when user
"active" owns a group G which can_manage another group H, then
active user is permitted to create permission links directly on
objects in group H.
Tim Pierce [Fri, 13 Jun 2014 21:11:22 +0000 (17:11 -0400)]
2873: permission links are owned by root
Permission links are themselves "owned" by root. (Technically, the
owner_uuid on permission links will be ignored when determining a user's
permission to modify an object -- ensuring that it is always root
provides consistency, and helps to flush out any permission edge cases
early in testing.)
ArvadosModel.ensure_owner_uuid_is_permitted and
Link.permission_to_attach_to_objects grant permission to modify
permission links based on the user's relationship to the link's head.
New methods:
* User.owns? determines ownership of an object.
* User.can_manage? determines whether a user has permission to manage an object.
* ArvadosModel.has_permission? determines whether an object has been
granted a particular permission on a specified target.
Brett Smith [Fri, 20 Jun 2014 14:40:02 +0000 (10:40 -0400)]
3031: Improve "Docker image not found" error message.
Rails automatically adds the column name to rendered error message, so
the old version was coming out as "Docker image locator Docker image
not found." This version reads better. Refs #3031.
Brett Smith [Thu, 19 Jun 2014 19:14:07 +0000 (15:14 -0400)]
2937: Make sure Collection share links end with /.
This is necessary to prevent wget from saving a plain HTML file with
the name of the reader token. With a file there, it's not possible to
make a directory tree for recursive downloads.
Tim Pierce [Tue, 17 Jun 2014 19:03:07 +0000 (15:03 -0400)]
2936: fix job progress bars
Add edge case settings for when a crunch job could not be started, or
when no tasks were ever created.
Calculate percent_total_tasks as a float, to ensure that it will be
nonzero even if there are more than 100 tasks altogether. Calculate
percentages of individual task progress with .ceil to ensure that there
will be at least 1% shown for each nonzero task status.
Tim Pierce [Tue, 17 Jun 2014 13:57:00 +0000 (09:57 -0400)]
2936: improve progress bar for failed jobs
Ensure that:
* All job progress bars reflect at least one task. If a job has no
tasks at all (done, failed, finished, or todo) that should be
considered a failed job, so render a progress bar as though one task
ran and failed.
* A failed job (j[:success] == false) always shows at least one failed
task. If a job is marked as failed but has no failed tasks, then
pretend there was one failed task so at least some red will appear in
the progress bar.
Peter Amstutz [Tue, 17 Jun 2014 13:43:48 +0000 (09:43 -0400)]
Ajax load of tab panels now includes any query parameters the page was
originally loaded with. Also fixed related problem where the 'compare' route
of pipeline_instances controller wasn't aware of tab partials. closes #3013
Brett Smith [Wed, 11 Jun 2014 21:43:27 +0000 (17:43 -0400)]
2879: API server maps Job Docker image constraints to Collections.
Doing this translation in the API server helps ensure that one piece
of software makes one consistent decision about which Docker image
should be used to run the Job.
Tim Pierce [Mon, 16 Jun 2014 17:19:32 +0000 (13:19 -0400)]
2934: document stderr messages for commit tests
Some unit tests for the Commit models issue alarming but expected git
error messages on stderr. Added comments documenting these in
commits_controller_test.rb.
Tim Pierce [Fri, 13 Jun 2014 19:08:48 +0000 (15:08 -0400)]
2934: add "bar" repository to test fixture
Add the "bar" repository to test/fixtures/repositories.yml so
CrunchDispatchTest may create a job using a commit from that
repository. (Change lost in a bad rebase.)
projects / arvados.git / log