From a96adab2a4758c7a969156621c0ed4fe710b98c2 Mon Sep 17 00:00:00 2001 From: Tim Pierce Date: Mon, 14 Jul 2014 14:01:28 -0400 Subject: [PATCH] 3072: add an empty collection in db seeds Added empty collection (owned by the anonymous group) to test fixtures and to db/seeds.rb. API integration tests: in permissions_test.rb, test that the active user can read objects in the anonymous group, even when there are no explicit permission links on that group or objects in it. Workbench integration tests: added a test to confirm that a non-admin user can get the empty collection. Cleanup code: User.can? now takes either a uuid or an object for the target. Refs #3072. --- .../test/integration/collections_test.rb | 6 ++++ services/api/app/models/user.rb | 10 ++++-- .../20140714184006_empty_collection.rb | 13 ++++++++ services/api/db/seeds.rb | 1 + services/api/db/structure.sql | 4 ++- services/api/lib/current_api_client.rb | 15 +++++++++ services/api/test/fixtures/collections.yml | 23 ++++++++++++++ .../api/test/integration/permissions_test.rb | 31 +++++++++++++++++++ 8 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 services/api/db/migrate/20140714184006_empty_collection.rb diff --git a/apps/workbench/test/integration/collections_test.rb b/apps/workbench/test/integration/collections_test.rb index 8ac8fe4fb3..8657aaa0e4 100644 --- a/apps/workbench/test/integration/collections_test.rb +++ b/apps/workbench/test/integration/collections_test.rb @@ -74,4 +74,10 @@ class CollectionsTest < ActionDispatch::IntegrationTest assert_equal(['foo'], hrefs.compact.sort, "download page did provide strictly file links") end + + test "can view empty collection" do + uuid = 'd41d8cd98f00b204e9800998ecf8427e+0' + visit page_with_token('active', "/collections/#{uuid}") + assert page.has_text?('This collection is empty') + end end diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index e79c485f17..65475853f2 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -51,9 +51,13 @@ class User < ArvadosModel def can?(actions) return true if is_admin actions.each do |action, target| - target_uuid = target - if target.respond_to? :uuid - target_uuid = target.uuid + unless target.nil? + if target.respond_to? :uuid + target_uuid = target.uuid + else + target_uuid = target + target = ArvadosModel.find_by_uuid(target_uuid) + end end next if target_uuid == self.uuid next if (group_permissions[target_uuid] and diff --git a/services/api/db/migrate/20140714184006_empty_collection.rb b/services/api/db/migrate/20140714184006_empty_collection.rb new file mode 100644 index 0000000000..2afd582245 --- /dev/null +++ b/services/api/db/migrate/20140714184006_empty_collection.rb @@ -0,0 +1,13 @@ +class EmptyCollection < ActiveRecord::Migration + include CurrentApiClient + + def up + empty_collection + end + + def down + act_as_system_user do + empty_collection.destroy + end + end +end diff --git a/services/api/db/seeds.rb b/services/api/db/seeds.rb index abd325c724..d397b91bfd 100644 --- a/services/api/db/seeds.rb +++ b/services/api/db/seeds.rb @@ -9,3 +9,4 @@ system_user system_group anonymous_group anonymous_user +empty_collection diff --git a/services/api/db/structure.sql b/services/api/db/structure.sql index 850a89e8ee..61433a665f 100644 --- a/services/api/db/structure.sql +++ b/services/api/db/structure.sql @@ -1971,4 +1971,6 @@ INSERT INTO schema_migrations (version) VALUES ('20140611173003'); INSERT INTO schema_migrations (version) VALUES ('20140627210837'); -INSERT INTO schema_migrations (version) VALUES ('20140709172343'); \ No newline at end of file +INSERT INTO schema_migrations (version) VALUES ('20140709172343'); + +INSERT INTO schema_migrations (version) VALUES ('20140714184006'); \ No newline at end of file diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb index 94bd2b56a8..7100f3a9eb 100644 --- a/services/api/lib/current_api_client.rb +++ b/services/api/lib/current_api_client.rb @@ -158,4 +158,19 @@ module CurrentApiClient $anonymous_user end + def empty_collection_uuid + 'd41d8cd98f00b204e9800998ecf8427e+0' + end + + def empty_collection + if not $empty_collection + act_as_system_user do + $empty_collection = Collection. + where(uuid: empty_collection_uuid). + first_or_create!(owner_uuid: anonymous_group_uuid, + manifest_text: '') + end + end + $empty_collection + end end diff --git a/services/api/test/fixtures/collections.yml b/services/api/test/fixtures/collections.yml index bce7df13dd..73ec920acc 100644 --- a/services/api/test/fixtures/collections.yml +++ b/services/api/test/fixtures/collections.yml @@ -69,3 +69,26 @@ docker_image: modified_at: 2014-06-11T17:22:54Z updated_at: 2014-06-11T17:22:54Z manifest_text: ". d21353cfe035e3e384563ee55eadbb2f+67108864 5c77a43e329b9838cbec18ff42790e57+55605760 0:122714624:d8309758b8fe2c81034ffc8a10c36460b77db7bc5e7b448c4e5b684f9d95a678.tar\n" + +anonymous: + # Collection owned by the anonymous group + # (should be readable by all users) + uuid: 39e4ec5e67d7c6c8dcb549d7593180af+32 + owner_uuid: zzzzz-j7d0g-anonymouspublic + created_at: 2014-06-11T17:22:54Z + modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr + modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f + modified_at: 2014-06-11T17:22:54Z + updated_at: 2014-06-11T17:22:54Z + manifest_text: ". anonymous-collection-file.txt\n" + +empty: + # Empty collection owned by anonymous_group is added with rake db:seed. + uuid: d41d8cd98f00b204e9800998ecf8427e+0 + owner_uuid: zzzzz-j7d0g-anonymouspublic + created_at: 2014-06-11T17:22:54Z + modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr + modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f + modified_at: 2014-06-11T17:22:54Z + updated_at: 2014-06-11T17:22:54Z + manifest_text: "" diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb index 274e8f166b..26a0f02e8f 100644 --- a/services/api/test/integration/permissions_test.rb +++ b/services/api/test/integration/permissions_test.rb @@ -1,6 +1,7 @@ require 'test_helper' class PermissionsTest < ActionDispatch::IntegrationTest + include CurrentApiClient # for empty_collection fixtures :users, :groups, :api_client_authorizations, :collections test "adding and removing direct can_read links" do @@ -360,4 +361,34 @@ class PermissionsTest < ActionDispatch::IntegrationTest get "/arvados/v1/permissions/#{groups(:public).uuid}", nil, auth(:active) assert_response 403 end + + test "active user can read an object in the anonymous group" do + # make sure there is no link explicitly granting permission to + # the anonymous collection or its owner + get("/arvados/v1/permissions/#{collections(:anonymous).owner_uuid}", + { :format => :json }, + auth(:admin)) + assert_response :success + assert_empty json_response['items'] + + get("/arvados/v1/permissions/#{collections(:anonymous).uuid}", + { :format => :json }, + auth(:admin)) + assert_response :success + assert_empty json_response['items'] + + # the active user should still be able to read the anonymous collection. + get("/arvados/v1/collections/#{collections(:anonymous).uuid}", + { :format => :json }, + auth(:active)) + assert_response :success + assert_equal json_response['manifest_text'], collections(:anonymous).manifest_text + + # the active user should be able to read the empty collection + get("/arvados/v1/collections/#{empty_collection_uuid}", + { :format => :json }, + auth(:active)) + assert_response :success + assert_empty json_response['manifest_text'], "empty collection manifest_text is not empty" + end end -- 2.30.2