From 31c6426b70e2b277087188dad2b9b346c904f30b Mon Sep 17 00:00:00 2001
From: radhika chippada <radhika@radhika.curoverse>
Date: Thu, 27 Mar 2014 10:10:00 -0400
Subject: [PATCH] Expose user unsetup method from the API server. Added
 functional tests.

---
 .../arvados/v1/users_controller.rb            |  20 ++-
 services/api/app/models/user.rb               |  44 +++++++
 services/api/config/routes.rb                 |   1 +
 .../arvados/v1/users_controller_test.rb       | 115 +++++++++++++++++-
 4 files changed, 177 insertions(+), 3 deletions(-)

diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 5fc827352b..a7fa631612 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -1,8 +1,8 @@
 class Arvados::V1::UsersController < ApplicationController
   skip_before_filter :find_object_by_uuid, only:
-    [:activate, :event_stream, :current, :system, :setup]
+    [:activate, :event_stream, :current, :system, :setup, :unsetup]
   skip_before_filter :render_404_if_no_object, only:
-    [:activate, :event_stream, :current, :system, :setup]
+    [:activate, :event_stream, :current, :system, :setup, :unsetup]
 
   def current
     @object = current_user
@@ -132,4 +132,20 @@ class Arvados::V1::UsersController < ApplicationController
     render json: { kind: "arvados#HashList", items: @response }
   end
 
+  # delete user agreements, vm, repository, login links; set state to inactive
+  def unsetup
+    if current_user.andand.is_admin && params[:uuid]
+      @object = User.find_by_uuid params[:uuid]
+    else
+      @object = current_user
+    end
+
+    if !@object
+      return render_404_if_no_object
+    end
+
+    @object = @object.unsetup
+    show
+  end
+
 end
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 563bb07170..b86ac6c975 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -145,6 +145,50 @@ class User < ArvadosModel
     return [repo_perm, vm_login_perm, group_perm, self].compact
   end 
 
+  # delete user signatures, login, repo, and vm perms, and mark as inactive
+  def unsetup
+    # delete oid_login_perms for this user
+    oid_login_perms = Link.where(tail_uuid: self.email,
+                                 head_kind: 'arvados#user',
+                                 link_class: 'permission',
+                                 name: 'can_login')
+    oid_login_perms.each do |perm|
+      Link.delete perm
+    end
+
+    # delete repo_perms for this user
+    repo_perms = Link.where(tail_uuid: self.uuid,
+                            head_kind: 'arvados#repository',
+                            link_class: 'permission',
+                            name: 'can_write')
+    repo_perms.each do |perm|
+      Link.delete perm
+    end
+
+    # delete vm_login_perms for this user
+    vm_login_perms = Link.where(tail_uuid: self.uuid,
+                                head_kind: 'arvados#virtualMachine',
+                                link_class: 'permission',
+                                name: 'can_login')
+    vm_login_perms.each do |perm|
+      Link.delete perm
+    end
+
+    # delete any signatures by this user
+    signed_uuids = Link.where(link_class: 'signature',
+                              tail_kind: 'arvados#user',
+                              tail_uuid: self.uuid)
+    signed_uuids.each do |sign|
+      Link.delete sign
+    end
+
+    # mark the user as inactive
+    self.is_active = false
+    self.save!
+
+    return self
+  end 
+
   protected
 
   def permission_to_update
diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index 2b92a7b481..4bc5de8c84 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -90,6 +90,7 @@ Server::Application.routes.draw do
       match '/users/:uuid/event_stream' => 'users#event_stream'
       post '/users/:uuid/activate' => 'users#activate'
       post '/users/setup' => 'users#setup'
+      post '/users/:uuid/unsetup' => 'users#unsetup'
       match '/virtual_machines/get_all_logins' => 'virtual_machines#get_all_logins'
       match '/virtual_machines/:uuid/logins' => 'virtual_machines#logins'
       post '/api_client_authorizations/create_system_auth' => 'api_client_authorizations#create_system_auth'
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index f4ee0b64a2..7085d47bed 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -546,7 +546,6 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
     }
 
     assert_response :success
-
     response_items = JSON.parse(@response.body)['items']
     created = find_obj_in_resp response_items, 'User', nil
 
@@ -622,6 +621,76 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
         @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
   end
 
+  test "setup and unsetup user" do
+    authorize_with :admin
+
+    post :setup, {
+      repo_name: 'test_repo',
+      vm_uuid: @vm_uuid,
+      user: {email: 'foo@example.com'},
+      openid_prefix: 'https://www.google.com/accounts/o8/id'
+    }
+
+    assert_response :success
+    response_items = JSON.parse(@response.body)['items']
+    created = find_obj_in_resp response_items, 'User', nil
+    assert_not_nil created['uuid'], 'expected uuid for the new user'
+    assert_equal created['email'], 'foo@example.com', 'expected given email'
+
+    # 4 extra links: login, group, repo and vm
+    verify_num_links @all_links_at_start, 4
+
+    verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+        created['uuid'], created['email'], 'arvados#user', false, 'User'
+
+    verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+        'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+    verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
+        'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+    verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
+        @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+    verify_link_existence created['uuid'], created['email'], true, true, true, false
+
+    # now unsetup this user
+    post :unsetup, uuid: created['uuid']
+    assert_response :success
+
+    created2 = JSON.parse(@response.body)
+    assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
+    assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
+    
+    verify_link_existence created['uuid'], created['email'], false, false, false, false
+  end
+
+  test "unsetup active user" do
+    authorize_with :active
+    get :current
+    assert_response :success
+    active_user = JSON.parse(@response.body)
+    assert_not_nil active_user['uuid'], 'expected uuid for the active user'
+    assert active_user['is_active'], 'expected is_active for active user'
+
+    verify_link_existence active_user['uuid'], active_user['email'],
+          false, false, false, true
+
+    authorize_with :admin
+
+    # now unsetup this user
+    post :unsetup, uuid: active_user['uuid']
+    assert_response :success
+
+    response_user = JSON.parse(@response.body)
+    assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
+    assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
+    assert !response_user['is_active'], 'expected user to be inactive'
+
+    verify_link_existence response_user['uuid'], response_user['email'],
+          false, false, false, false
+  end
+
   def verify_num_links (original_links, expected_additional_links)
     links_now = Link.all
     assert_equal original_links.size+expected_additional_links, Link.all.size,
@@ -683,4 +752,48 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
         "did not find expected head_uuid for #{link_object_name}"
   end
 
+  def verify_link_existence uuid, email, expect_oid_login_perms,
+        expect_repo_perms, expect_vm_perms, expect_signatures
+    # verify that all links are deleted for the user
+    oid_login_perms = Link.where(tail_uuid: email,
+                                 head_kind: 'arvados#user',
+                                 link_class: 'permission',
+                                 name: 'can_login')
+    if expect_oid_login_perms
+      assert oid_login_perms.any?, "expected oid_login_perms"
+    else
+      assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
+    end
+
+    repo_perms = Link.where(tail_uuid: uuid,
+                              head_kind: 'arvados#repository',
+                              link_class: 'permission',
+                              name: 'can_write')
+    if expect_repo_perms
+      assert repo_perms.any?, "expected repo_perms"
+    else
+      assert !repo_perms.any?, "expected all repo_perms deleted"
+    end
+
+    vm_login_perms = Link.where(tail_uuid: uuid,
+                              head_kind: 'arvados#virtualMachine',
+                              link_class: 'permission',
+                              name: 'can_login')
+    if expect_vm_perms
+      assert vm_login_perms.any?, "expected vm_login_perms"
+    else
+      assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
+    end
+
+    signed_uuids = Link.where(link_class: 'signature',
+                                  tail_kind: 'arvados#user',
+                                  tail_uuid: uuid)
+          
+    if expect_signatures
+      assert signed_uuids.any?, "expected singnatures"
+    else
+      assert !signed_uuids.any?, "expected all singnatures deleted"
+    end
+
+  end
 end
-- 
2.30.2