[ARVADOS] updated: 2c2212b5cb3b0f09b84dea82102c6e6b33bc7dd1

git at public.curoverse.com git at public.curoverse.com
Thu Nov 6 11:08:43 EST 2014 

Summary of changes:
 docker/arvdock                      |  6 ++-
 services/api/app/models/user.rb     | 14 +++---
 services/api/test/unit/user_test.rb | 88 +++++++++++++++++++++++++++----------
 3 files changed, 76 insertions(+), 32 deletions(-)

       via  2c2212b5cb3b0f09b84dea82102c6e6b33bc7dd1 (commit)
       via  abc28ee28670b901c59c32d91ae6b68a9ff7154a (commit)
       via  d20968afa56dd3723d9833685e232a3081053e69 (commit)
      from  611a3323ea110671c5fa021e14f93b24e4a6d7b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 2c2212b5cb3b0f09b84dea82102c6e6b33bc7dd1
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Nov 6 11:04:36 2014 -0500

    Only try to install .config/arvados/settings.conf if we have a token to
    put in there.
    
    refs #4383

diff --git a/docker/arvdock b/docker/arvdock
index 27b7085..31e405b 100755
--- a/docker/arvdock
+++ b/docker/arvdock
@@ -318,16 +318,18 @@ function do_start {
 
     if [[ $start_api != false ]]
     then
-        if [ -d $HOME/.config/arvados ] || mkdir -p $HOME/.config/arvados
+        if [[ -f "api/generated/superuser_token" ]]
         then
+          if [ -d $HOME/.config/arvados ] || mkdir -p $HOME/.config/arvados
+          then
             cat >$HOME/.config/arvados/settings.conf <<EOF
 ARVADOS_API_HOST=$(ip_address "api_server")
 ARVADOS_API_HOST_INSECURE=yes
 ARVADOS_API_TOKEN=$(cat api/generated/superuser_token)
 EOF
+          fi
         fi
     fi
-
 }
 
 function do_stop {

commit abc28ee28670b901c59c32d91ae6b68a9ff7154a
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Nov 6 10:25:01 2014 -0500

    Add more tests so that we cover all possible combinations of the
    auto_admin_first_user and auto_admin_user configuration settings.
    
    refs #4383

diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb
index 29ba3e4..9bcb011 100644
--- a/services/api/test/unit/user_test.rb
+++ b/services/api/test/unit/user_test.rb
@@ -9,38 +9,80 @@ class UserTest < ActiveSupport::TestCase
     system_user
   end
 
-  test "create_new_user_auto_admin_first_user" do
-    # This test requires no admin users exist (except for the system user)
-    users(:admin).delete
+  [[false, 'foo at example.com', true, nil],
+   [false, 'bar at example.com', nil, true],
+   [true, 'foo at example.com', true, nil],
+   [true, 'bar at example.com', true, true],
+   [false, false, nil, nil],
+   [true, false, true, nil]
+  ].each do |auto_admin_first_user_config, auto_admin_user_config, foo_should_be_admin, bar_should_be_admin|
+    # In each case, 'foo' is created first, then 'bar', then 'bar2', then 'baz'.
+    test "auto admin with auto_admin_first=#{auto_admin_first_user_config} auto_admin=#{auto_admin_user_config}" do
+
+      if auto_admin_first_user_config
+        # This test requires no admin users exist (except for the system user)
+        users(:admin).delete
+        @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true).find(:all)
+        assert_equal 0, @all_users.size, "No admin users should exist (except for the system user)"
+      end
 
-    @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true).find(:all)
+      Rails.configuration.auto_admin_first_user = auto_admin_first_user_config
+      Rails.configuration.auto_admin_user = auto_admin_user_config
 
-    assert_equal 0, @all_users.size, "No admin users should exist (except for the system user)"
+      # See if the foo user has is_admin
+      foo = User.new
+      foo.first_name = 'foo'
+      foo.email = 'foo at example.com'
 
-    Rails.configuration.auto_admin_first_user = true
+      act_as_system_user do
+        foo.save!
+      end
 
-    assert_equal true, Rails.configuration.auto_admin_first_user
-    user = User.new
-    user.first_name = "first_name_for_newly_created_admin_user"
+      foo = User.find(foo.id)   # get the user back
+      assert_equal foo_should_be_admin, foo.is_admin, "is_admin is wrong for user foo"
+      assert_equal 'foo', foo.first_name
 
-    act_as_system_user do
-      user.save!
-    end
+      # See if the bar user has is_admin
+      bar = User.new
+      bar.first_name = 'bar'
+      bar.email = 'bar at example.com'
 
-    user = User.find(user.id)   # get the user back
-    assert user.is_admin, 'is_admin should be set for first new user'
-    assert_equal 'first_name_for_newly_created_admin_user', user.first_name
+      act_as_system_user do
+        bar.save!
+      end
 
-    user = User.new
-    user.first_name = "first_name_for_newly_created_ordinary_user"
+      bar = User.find(bar.id)   # get the user back
+      assert_equal bar_should_be_admin, bar.is_admin, "is_admin is wrong for user bar"
+      assert_equal 'bar', bar.first_name
 
-    act_as_system_user do
-      user.save!
-    end
+      # A subsequent user with the bar at example.com address should never be
+      # elevated to admin
+      bar2 = User.new
+      bar2.first_name = 'bar2'
+      bar2.email = 'bar at example.com'
 
-    user = User.find(user.id)   # get the user back
-    assert !user.is_admin, 'is_admin should not be set for second new user'
-    assert_equal 'first_name_for_newly_created_ordinary_user', user.first_name
+      act_as_system_user do
+        bar2.save!
+      end
+
+      bar2 = User.find(bar2.id)   # get the user back
+      assert !bar2.is_admin, "is_admin is wrong for user bar2"
+      assert_equal 'bar2', bar2.first_name
+
+      # An ordinary new user should not be elevated to admin
+      baz = User.new
+      baz.first_name = 'baz'
+      baz.email = 'baz at example.com'
+
+      act_as_system_user do
+        baz.save!
+      end
+
+      baz = User.find(baz.id)   # get the user back
+      assert !baz.is_admin
+      assert_equal 'baz', baz.first_name
+
+    end
   end
 
   test "check non-admin active user properties" do

commit d20968afa56dd3723d9833685e232a3081053e69
Author: Ward Vandewege <ward at curoverse.com>
Date:   Thu Nov 6 10:23:11 2014 -0500

    Update the behavior of the auto_admin_user configuration field a bit to
    make it more intuitive: the first user created with an e-mail address
    that matches auto_admin_user will now become admin, regardless of the
    presence of other admin users. Any subsequent accounts created with that
    e-mail address will no longer become admin.
    
    refs #4383

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 3b201b5..b939d07 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -234,13 +234,13 @@ class User < ArvadosModel
   end
 
   def check_auto_admin
-    if not self.uuid.end_with?('anonymouspublic') and
-       User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0
-      if (Rails.configuration.auto_admin_user and self.email == Rails.configuration.auto_admin_user) or
-         Rails.configuration.auto_admin_first_user
-        self.is_admin = true
-        self.is_active = true
-      end
+    return if self.uuid.end_with?('anonymouspublic')
+    if (User.where("email = ?",self.email).where(:is_admin => true).count == 0 and
+        Rails.configuration.auto_admin_user and self.email == Rails.configuration.auto_admin_user) or
+       (User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0 and 
+        Rails.configuration.auto_admin_first_user)
+      self.is_admin = true
+      self.is_active = true
     end
   end
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list