From 0873efcdab481d9f77f477f4adbf56ee3380f2f9 Mon Sep 17 00:00:00 2001
From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Thu, 14 Jul 2022 10:59:41 -0300
Subject: [PATCH] 19139: Adds tests related to user creation.

* Confirms that non-admin users cannot create user records.
* Exposes bug where user's owner_uuid fields were populated with the UUID of
  the creating admin user instead of using the system root user's UUID.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---
 services/api/test/integration/users_test.rb | 27 +++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb
index 3660d35bad..369e3a2efa 100644
--- a/services/api/test/integration/users_test.rb
+++ b/services/api/test/integration/users_test.rb
@@ -493,4 +493,31 @@ class UsersTest < ActionDispatch::IntegrationTest
       headers: auth(:admin))
     assert_response 422
   end
+
+  test "creating users only accepted for admins" do
+    assert_equal false, users(:active).is_admin
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:active)
+    assert_response 403
+  end
+
+  test "create users assigns the system root user as their owner" do
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo@example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:admin)
+    assert_response :success
+    assert_not_nil json_response["uuid"]
+    assert_equal users(:system_user).uuid, json_response["owner_uuid"]
+  end
 end
-- 
2.30.2