From 0e560c4a9b3f1d46edcbd3fbc595beffc6efca47 Mon Sep 17 00:00:00 2001 From: radhika chippada Date: Mon, 24 Mar 2014 14:17:39 -0400 Subject: [PATCH] Include first link of a given type even on reruns of the setup method. --- services/api/app/models/user.rb | 20 ++-- .../arvados/v1/users_controller_test.rb | 98 ++++++++++++++++++- 2 files changed, 108 insertions(+), 10 deletions(-) diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 54ea3e5d05..4858a9b57c 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -127,13 +127,13 @@ class User < ArvadosModel user = found end - # Check opd_login_perm - oid_login_perm = Link.where(tail_uuid: user[:email], + # Check oid_login_perm + oid_login_perms = Link.where(tail_uuid: user[:email], head_kind: 'arvados#user', link_class: 'permission', name: 'can_login') - if !oid_login_perm.any? + if !oid_login_perms.any? # create openid login permission oid_login_perm = Link.create(link_class: 'permission', name: 'can_login', @@ -144,6 +144,8 @@ class User < ArvadosModel properties: login_perm_props ) logger.info { "openid login permission: " + oid_login_perm[:uuid] } + else + oid_login_perm = oid_login_perms.first end # create repo, vm, and group links @@ -299,12 +301,12 @@ class User < ArvadosModel logger.info { "vm uuid: " + vm[:uuid] } - login_perm = Link.where(tail_uuid: self.uuid, + login_perms = Link.where(tail_uuid: self.uuid, head_uuid: vm[:uuid], head_kind: 'arvados#virtualMachine', link_class: 'permission', name: 'can_login') - if !login_perm.any? + if !login_perms.any? login_perm = Link.create(tail_kind: 'arvados#user', tail_uuid: self.uuid, head_kind: 'arvados#virtualMachine', @@ -313,6 +315,8 @@ class User < ArvadosModel name: 'can_login', properties: {username: repo_name}) logger.info { "login permission: " + login_perm[:uuid] } + else + login_perm = login_perms.first end return login_perm @@ -332,13 +336,13 @@ class User < ArvadosModel else logger.info { "\"All users\" group uuid: " + group[:uuid] } - group_perm = Link.where(tail_uuid: self.uuid, + group_perms = Link.where(tail_uuid: self.uuid, head_uuid: group[:uuid], head_kind: 'arvados#group', link_class: 'permission', name: 'can_read') - if !group_perm.any? + if !group_perms.any? group_perm = Link.create(tail_kind: 'arvados#user', tail_uuid: self.uuid, head_kind: 'arvados#group', @@ -346,6 +350,8 @@ class User < ArvadosModel link_class: 'permission', name: 'can_read') logger.info { "group permission: " + group_perm[:uuid] } + else + group_perm = group_perms.first end return group_perm diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb index fa4676b0eb..c364613060 100644 --- a/services/api/test/functional/arvados/v1/users_controller_test.rb +++ b/services/api/test/functional/arvados/v1/users_controller_test.rb @@ -501,6 +501,99 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase 'Expected PermissionDeniedError' end + test "setup user in multiple steps and verify response" do + authorize_with :admin + + post :setup, { + openid_prefix: 'http://www.xyz.com/account', + user: { + email: "test@abc.com" + } + } + + assert_response :success + + response_items = JSON.parse(@response.body)['items'] + created = response_items['user'] + + assert_not_nil created['uuid'], 'expected uuid for new user' + assert_not_nil created['email'], 'expected non-nil email' + assert_equal created['email'], 'test@abc.com', 'expected input email' + + # verify links; 2 new links: oid_login_perm, and 'All users' group. + verify_num_links @all_links_at_start, 2 + + verify_link response_items, 'oid_login_perm', true, 'permission', 'can_login', + created['uuid'], created['email'], 'arvados#user', false, 'User' + + verify_link response_items, 'group_perm', true, 'permission', 'can_read', + 'All users', created['uuid'], 'arvados#group', true, 'Group' + + verify_link response_items, 'repo_perm', false, 'permission', 'can_write', + 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository' + + verify_link response_items, 'vm_login_perm', false, 'permission', 'can_login', + nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine' + + # invoke setup with a repository + post :setup, { + openid_prefix: 'http://www.xyz.com/account', + repo_name: 'new_repo', + uuid: created['uuid'] + } + + assert_response :success + + response_items = JSON.parse(@response.body)['items'] + created = response_items['user'] + + assert_equal 'test@abc.com', created['email'], 'expected input email' + + # verify links + verify_link response_items, 'oid_login_perm', true, 'permission', 'can_login', + created['uuid'], created['email'], 'arvados#user', false, 'User' + + verify_link response_items, 'group_perm', true, 'permission', 'can_read', + 'All users', created['uuid'], 'arvados#group', true, 'Group' + + verify_link response_items, 'repo_perm', true, 'permission', 'can_write', + 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository' + + verify_link response_items, 'vm_login_perm', false, 'permission', 'can_login', + nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine' + + # invoke setup with a vm_uuid + post :setup, { + vm_uuid: @vm_uuid, + openid_prefix: 'http://www.xyz.com/account', + user: { + email: 'junk_email' + }, + uuid: created['uuid'] + } + + assert_response :success + + response_items = JSON.parse(@response.body)['items'] + created = response_items['user'] + + assert_equal created['email'], 'test@abc.com', 'expected original email' + + # verify links + verify_link response_items, 'oid_login_perm', true, 'permission', 'can_login', + created['uuid'], created['email'], 'arvados#user', false, 'User' + + verify_link response_items, 'group_perm', true, 'permission', 'can_read', + 'All users', created['uuid'], 'arvados#group', true, 'Group' + + # since no repo name in input, we won't get any; even though user has one + verify_link response_items, 'repo_perm', false, 'permission', 'can_write', + 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository' + + verify_link response_items, 'vm_login_perm', true, 'permission', 'can_login', + @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine' + end + def verify_num_links (original_links, expected_additional_links) links_now = Link.all assert_equal original_links.size+expected_additional_links, Link.all.size, @@ -512,18 +605,17 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase link = response_items[link_object_name] if !expect_link - assert_nil link + assert_nil link, "Expected no link for #{link_object_name}" return end - assert_not_nil link + assert_not_nil link, "Expected link for #{link_object_name}" if fetch_object object = Object.const_get(class_name).where(name: head_uuid) assert [] != object, "expected #{class_name} with name #{head_uuid}" head_uuid = object.first[:uuid] end - assert_equal link['link_class'], link_class, "did not find expected link_class for #{link_object_name}" -- 2.39.5