[ARVADOS] updated: d8f04c6a53487419fd256e31ec4da3b0a3056b12
git at public.curoverse.com
git at public.curoverse.com
Mon Dec 30 17:36:26 EST 2013
Summary of changes:
...zations.js.coffee => user_agreements.js.coffee} | 0
..._machines.css.scss => user_agreements.css.scss} | 2 +-
.../app/controllers/application_controller.rb | 15 +++++++
.../app/controllers/collections_controller.rb | 38 ++++++++++++++++
.../app/controllers/user_agreements_controller.rb | 18 ++++++++
.../app/helpers/user_agreements_helper.rb | 2 +
apps/workbench/app/models/user.rb | 6 +++
apps/workbench/app/models/user_agreement.rb | 10 ++++
.../app/views/layouts/application.html.erb | 3 +
.../app/views/user_agreements/index.html.erb | 45 ++++++++++++++++++++
apps/workbench/config/routes.rb | 10 ++---
.../functional/user_agreements_controller_test.rb | 4 ++
.../unit/helpers/user_agreements_helper_test.rb | 4 ++
.../unit/{group_test.rb => user_agreement_test.rb} | 2 +-
.../arvados/v1/user_agreements_controller.rb | 29 ++++++++-----
.../app/controllers/arvados/v1/users_controller.rb | 21 +++++----
services/api/app/models/user.rb | 7 +++
.../test/fixtures/api_client_authorizations.yml | 6 +++
services/api/test/fixtures/groups.yml | 5 ++
services/api/test/fixtures/links.yml | 32 ++++++++++++++
services/api/test/fixtures/users.yml | 10 ++++
.../arvados/v1/user_agreements_controller_test.rb | 10 ++++
services/api/test/test_helper.rb | 3 +
23 files changed, 254 insertions(+), 28 deletions(-)
copy apps/workbench/app/assets/javascripts/{api_client_authorizations.js.coffee => user_agreements.js.coffee} (100%)
copy apps/workbench/app/assets/stylesheets/{virtual_machines.css.scss => user_agreements.css.scss} (65%)
create mode 100644 apps/workbench/app/controllers/user_agreements_controller.rb
create mode 100644 apps/workbench/app/helpers/user_agreements_helper.rb
create mode 100644 apps/workbench/app/models/user_agreement.rb
create mode 100644 apps/workbench/app/views/user_agreements/index.html.erb
create mode 100644 apps/workbench/test/functional/user_agreements_controller_test.rb
create mode 100644 apps/workbench/test/unit/helpers/user_agreements_helper_test.rb
copy apps/workbench/test/unit/{group_test.rb => user_agreement_test.rb} (60%)
via d8f04c6a53487419fd256e31ec4da3b0a3056b12 (commit)
via 8cad6cfa7495231768347535835efa96166f8f79 (commit)
via ecdb71755fe9b30efc5aa6a51489210f859165af (commit)
via ac7faac8ededb8df5c708180726686f9780184f6 (commit)
from b588c254853ab654a685669c36b21e05154b6571 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit d8f04c6a53487419fd256e31ec4da3b0a3056b12
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 14:33:29 2013 -0800
Divert processing when user agreements are needed, instead of just
omitting page content from layout.
closes #1699
diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 9afc180..bde1156 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
around_filter :thread_clear
around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
- before_filter :load_required_user_agreements
+ before_filter :check_user_agreements, :except => [:render_exception, :render_not_found]
begin
rescue_from Exception,
@@ -218,8 +218,7 @@ class ApplicationController < ActionController::Base
end
end
- def load_required_user_agreements
- @required_user_agreements = []
+ def check_user_agreements
if current_user && !current_user.is_active && current_user.is_invited
signatures = UserAgreement.signatures
@signed_ua_uuids = UserAgreement.signatures.map &:head_uuid
@@ -228,6 +227,8 @@ class ApplicationController < ActionController::Base
Collection.find(ua.uuid)
end
end
+ render 'user_agreements/index'
end
+ true
end
end
diff --git a/apps/workbench/app/controllers/user_agreements_controller.rb b/apps/workbench/app/controllers/user_agreements_controller.rb
index 8dd34b1..cc0d3c8 100644
--- a/apps/workbench/app/controllers/user_agreements_controller.rb
+++ b/apps/workbench/app/controllers/user_agreements_controller.rb
@@ -1,4 +1,7 @@
class UserAgreementsController < ApplicationController
+ skip_before_filter :check_user_agreements
+ skip_before_filter :find_object_by_uuid
+
def model_class
Collection
end
diff --git a/apps/workbench/app/views/layouts/application.html.erb b/apps/workbench/app/views/layouts/application.html.erb
index 92550c7..4a72b55 100644
--- a/apps/workbench/app/views/layouts/application.html.erb
+++ b/apps/workbench/app/views/layouts/application.html.erb
@@ -102,11 +102,7 @@
<div class="container">
- <% if current_user and @required_user_agreements.andand.any? %>
- <%= render partial: 'application/force_user_agreement' %>
- <% else %>
<%= yield %>
- <% end %>
</div> <!-- /container -->
diff --git a/apps/workbench/app/views/application/_force_user_agreement.html.erb b/apps/workbench/app/views/user_agreements/index.html.erb
similarity index 98%
rename from apps/workbench/app/views/application/_force_user_agreement.html.erb
rename to apps/workbench/app/views/user_agreements/index.html.erb
index 2d80d9f..59d9282 100644
--- a/apps/workbench/app/views/application/_force_user_agreement.html.erb
+++ b/apps/workbench/app/views/user_agreements/index.html.erb
@@ -1,4 +1,4 @@
-<h1>User agreement</h1>
+<h1>User agreements</h1>
<p>You must read and sign all applicable user agreements before continuing.</p>
commit 8cad6cfa7495231768347535835efa96166f8f79
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 06:09:49 2013 -0800
Support user agreement viewing and signing in Workbench.
refs #1699
diff --git a/apps/workbench/app/assets/javascripts/user_agreements.js.coffee b/apps/workbench/app/assets/javascripts/user_agreements.js.coffee
new file mode 100644
index 0000000..7615679
--- /dev/null
+++ b/apps/workbench/app/assets/javascripts/user_agreements.js.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
diff --git a/apps/workbench/app/assets/stylesheets/user_agreements.css.scss b/apps/workbench/app/assets/stylesheets/user_agreements.css.scss
new file mode 100644
index 0000000..98edb29
--- /dev/null
+++ b/apps/workbench/app/assets/stylesheets/user_agreements.css.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the user_agreements controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 57ba0cf..9afc180 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base
around_filter :thread_clear
around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
+ before_filter :load_required_user_agreements
begin
rescue_from Exception,
@@ -216,4 +217,17 @@ class ApplicationController < ActionController::Base
self.render_error status: 401
end
end
+
+ def load_required_user_agreements
+ @required_user_agreements = []
+ if current_user && !current_user.is_active && current_user.is_invited
+ signatures = UserAgreement.signatures
+ @signed_ua_uuids = UserAgreement.signatures.map &:head_uuid
+ @required_user_agreements = UserAgreement.all.map do |ua|
+ if not @signed_ua_uuids.index ua.uuid
+ Collection.find(ua.uuid)
+ end
+ end
+ end
+ end
end
diff --git a/apps/workbench/app/controllers/collections_controller.rb b/apps/workbench/app/controllers/collections_controller.rb
index 71e882c..a5fed9d 100644
--- a/apps/workbench/app/controllers/collections_controller.rb
+++ b/apps/workbench/app/controllers/collections_controller.rb
@@ -41,6 +41,16 @@ class CollectionsController < ApplicationController
end
end
+ def show_file
+ opts = params.merge(arvados_api_token: Thread.current[:arvados_api_token])
+ if r = params[:file].match(/(\.\w+)/)
+ ext = r[1]
+ end
+ self.response.headers['Content-Type'] =
+ Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
+ self.response_body = FileStreamer.new opts
+ end
+
def show
return super if !@object
@provenance = []
@@ -86,4 +96,32 @@ class CollectionsController < ApplicationController
end
end
end
+
+ protected
+ class FileStreamer
+ def initialize(opts={})
+ @opts = opts
+ end
+ def each
+ return unless @opts[:uuid] && @opts[:file]
+ env = Hash[ENV].
+ merge({
+ 'ARVADOS_API_HOST' =>
+ $arvados_api_client.arvados_v1_base.
+ sub(/\/arvados\/v1/, '').
+ sub(/^https?:\/\//, ''),
+ 'ARVADOS_API_TOKEN' =>
+ @opts[:arvados_api_token],
+ 'ARVADOS_API_HOST_INSECURE' =>
+ Rails.configuration.arvados_insecure_https ? 'true' : 'false'
+ })
+ IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"],
+ 'rb') do |io|
+ while buf = io.read(2**20)
+ yield buf
+ end
+ end
+ Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: $?") if $? != 0
+ end
+ end
end
diff --git a/apps/workbench/app/controllers/user_agreements_controller.rb b/apps/workbench/app/controllers/user_agreements_controller.rb
new file mode 100644
index 0000000..8dd34b1
--- /dev/null
+++ b/apps/workbench/app/controllers/user_agreements_controller.rb
@@ -0,0 +1,15 @@
+class UserAgreementsController < ApplicationController
+ def model_class
+ Collection
+ end
+
+ def sign
+ params[:checked].each do |checked|
+ if r = checked.match(/^([0-9a-f]+)/)
+ UserAgreement.sign uuid: r[1]
+ end
+ end
+ current_user.activate
+ redirect_to(params[:return_to] || :back)
+ end
+end
diff --git a/apps/workbench/app/helpers/user_agreements_helper.rb b/apps/workbench/app/helpers/user_agreements_helper.rb
new file mode 100644
index 0000000..ab8d3d3
--- /dev/null
+++ b/apps/workbench/app/helpers/user_agreements_helper.rb
@@ -0,0 +1,2 @@
+module UserAgreementsHelper
+end
diff --git a/apps/workbench/app/models/user.rb b/apps/workbench/app/models/user.rb
index 782385f..bc1f476 100644
--- a/apps/workbench/app/models/user.rb
+++ b/apps/workbench/app/models/user.rb
@@ -21,6 +21,12 @@ class User < ArvadosBase
(self.first_name || "") + " " + (self.last_name || "")
end
+ def activate
+ self.private_reload($arvados_api_client.api(self.class,
+ "/#{self.uuid}/activate",
+ {}))
+ end
+
def attribute_editable?(attr)
(not (self.uuid.andand.match(/000000000000000$/) and self.is_admin)) and super(attr)
end
diff --git a/apps/workbench/app/models/user_agreement.rb b/apps/workbench/app/models/user_agreement.rb
new file mode 100644
index 0000000..63b8452
--- /dev/null
+++ b/apps/workbench/app/models/user_agreement.rb
@@ -0,0 +1,10 @@
+class UserAgreement < ArvadosBase
+ def self.signatures
+ res = $arvados_api_client.api self, '/signatures'
+ $arvados_api_client.unpack_api_response(res)
+ end
+ def self.sign(params)
+ res = $arvados_api_client.api self, '/sign', params
+ $arvados_api_client.unpack_api_response(res)
+ end
+end
diff --git a/apps/workbench/app/views/application/_force_user_agreement.html.erb b/apps/workbench/app/views/application/_force_user_agreement.html.erb
new file mode 100644
index 0000000..2d80d9f
--- /dev/null
+++ b/apps/workbench/app/views/application/_force_user_agreement.html.erb
@@ -0,0 +1,45 @@
+<h1>User agreement</h1>
+
+<p>You must read and sign all applicable user agreements before continuing.</p>
+
+<button data-toggle="modal" href="#open_user_agreement" class="btn btn-primary">Show details</button>
+
+<div id="open_user_agreement" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="uaModalLabel" aria-hidden="true" data-show="true">
+ <%= form_for(@required_user_agreements.first, {url: {action: 'sign', controller: 'user_agreements'}}) do |f| %>
+ <%= hidden_field_tag :return_to, request.url %>
+ <% n_files = @required_user_agreements.collect(&:files).flatten(1).count %>
+ <div class="modal-header">
+ <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
+ <h3 id="uaModalLabel">User agreement<%= 's' if n_files != 1 %></h3>
+ </div>
+ <div class="modal-body">
+ <p>Please check <%= n_files > 1 ? 'each' : 'the' %> box to indicate that you have read and accepted the agreement.</p>
+ <% @required_user_agreements.each do |ua| %>
+ <% ua.files.each do |file| %>
+ <%= f.label 'checked[]', class: 'checkbox inline' do %>
+ <%= check_box_tag 'checked[]', "#{ua.uuid}/#{file[0]}/#{file[1]}", false %>
+ <%= link_to 'view', {controller: 'collections', action: 'show_file', uuid: ua.uuid, file: "#{file[0]}/#{file[1]}"}, {target: '_blank', class: 'label label-info'} %>
+ <%= file[1] %>
+ <% end %>
+ <% end %>
+ <% end %>
+ </div>
+ <div class="modal-footer">
+ <button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
+ <%= f.submit 'Accept', {class: 'btn btn-primary', disabled: true} %>
+ </div>
+ <% end %>
+</div>
+
+<% content_for :footer_js do %>
+$('#open_user_agreement').modal();
+$('#open_user_agreement input[name="checked[]"]').on('click', function() {
+ var dialog = $('#open_user_agreement')[0]
+ $('input[type=submit]', dialog).prop('disabled',false);
+ $('input[name="checked[]"]', dialog).each(function(){
+ if(!this.checked) {
+ $('input[type=submit]', dialog).prop('disabled',true);
+ }
+ });
+});
+<% end %>
diff --git a/apps/workbench/app/views/layouts/application.html.erb b/apps/workbench/app/views/layouts/application.html.erb
index 54c9b94..92550c7 100644
--- a/apps/workbench/app/views/layouts/application.html.erb
+++ b/apps/workbench/app/views/layouts/application.html.erb
@@ -102,10 +102,17 @@
<div class="container">
+ <% if current_user and @required_user_agreements.andand.any? %>
+ <%= render partial: 'application/force_user_agreement' %>
+ <% else %>
<%= yield %>
+ <% end %>
</div> <!-- /container -->
<%= piwik_tracking_tag %>
+ <%= javascript_tag do %>
+ <%= yield :footer_js %>
+ <% end %>
</body>
</html>
diff --git a/apps/workbench/config/routes.rb b/apps/workbench/config/routes.rb
index 9f8486d..409058c 100644
--- a/apps/workbench/config/routes.rb
+++ b/apps/workbench/config/routes.rb
@@ -1,13 +1,10 @@
ArvadosWorkbench::Application.routes.draw do
+ resources :user_agreements
+ post '/user_agreements/sign' => 'user_agreements#sign'
+ get '/user_agreements/signatures' => 'user_agreements#signatures'
resources :nodes
-
-
resources :humans
-
-
resources :traits
-
-
resources :api_client_authorizations
resources :repositories
resources :virtual_machines
@@ -30,6 +27,7 @@ ArvadosWorkbench::Application.routes.draw do
resources :links
match '/collections/graph' => 'collections#graph'
resources :collections
+ get '/collections/:uuid/*file' => 'collections#show_file', :format => false
root :to => 'users#welcome'
# Send unroutable requests to an arbitrary controller
diff --git a/apps/workbench/test/functional/user_agreements_controller_test.rb b/apps/workbench/test/functional/user_agreements_controller_test.rb
new file mode 100644
index 0000000..898ac63
--- /dev/null
+++ b/apps/workbench/test/functional/user_agreements_controller_test.rb
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class UserAgreementsControllerTest < ActionController::TestCase
+end
diff --git a/apps/workbench/test/unit/helpers/user_agreements_helper_test.rb b/apps/workbench/test/unit/helpers/user_agreements_helper_test.rb
new file mode 100644
index 0000000..2577870
--- /dev/null
+++ b/apps/workbench/test/unit/helpers/user_agreements_helper_test.rb
@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class UserAgreementsHelperTest < ActionView::TestCase
+end
diff --git a/apps/workbench/test/unit/user_agreement_test.rb b/apps/workbench/test/unit/user_agreement_test.rb
new file mode 100644
index 0000000..7c0ac65
--- /dev/null
+++ b/apps/workbench/test/unit/user_agreement_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UserAgreementTest < ActiveSupport::TestCase
+ # test "the truth" do
+ # assert true
+ # end
+end
commit ecdb71755fe9b30efc5aa6a51489210f859165af
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Dec 30 13:44:32 2013 -0800
Store correct collection uuid in signature/click link.
closes #1706
diff --git a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
index c79e472..990c1d6 100644
--- a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
+++ b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
@@ -1,5 +1,6 @@
class Arvados::V1::UserAgreementsController < ApplicationController
before_filter :admin_required, except: [:index, :sign, :signatures]
+ skip_before_filter :find_object, only: [:sign, :signatures]
def model_class
Link
@@ -50,7 +51,7 @@ class Arvados::V1::UserAgreementsController < ApplicationController
tail_kind: 'arvados#user',
tail_uuid: current_user_uuid,
head_kind: 'arvados#collection',
- head_uuid: params[:id])
+ head_uuid: params[:uuid])
end
show
end
commit ac7faac8ededb8df5c708180726686f9780184f6
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Dec 27 13:56:34 2013 -0800
Do not self-activate, or show user agreements to, an uninvited user:
i.e., one who is neither invited by default according to site policy,
nor a member of the "All users" group.
refs #1706
diff --git a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
index ac74f3d..c79e472 100644
--- a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
+++ b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
@@ -6,16 +6,22 @@ class Arvados::V1::UserAgreementsController < ApplicationController
end
def index
- current_user_uuid = current_user.uuid
- act_as_system_user do
- uuids = Link.where(owner_uuid: system_user_uuid,
- link_class: 'signature',
- name: 'require',
- tail_kind: 'arvados#user',
- tail_uuid: system_user_uuid,
- head_kind: 'arvados#collection').
- collect &:head_uuid
- @objects = Collection.where('uuid in (?)', uuids)
+ if not current_user.is_invited
+ # New users cannot see user agreements until/unless invited to
+ # use this installation.
+ @objects = []
+ else
+ current_user_uuid = current_user.uuid
+ act_as_system_user do
+ uuids = Link.where(owner_uuid: system_user_uuid,
+ link_class: 'signature',
+ name: 'require',
+ tail_kind: 'arvados#user',
+ tail_uuid: system_user_uuid,
+ head_kind: 'arvados#collection').
+ collect &:head_uuid
+ @objects = Collection.where('uuid in (?)', uuids)
+ end
end
@response_resource_name = 'collection'
super
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 5498619..441db99 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -43,12 +43,16 @@ class Arvados::V1::UsersController < ApplicationController
def activate
if current_user.andand.is_admin && params[:uuid]
- @user = User.find params[:uuid]
+ @object = User.find params[:uuid]
else
- @user = current_user
+ @object = current_user
end
- if not @user.is_active
- target_user_uuid = @user.uuid
+ if not @object.is_active
+ if not (current_user.is_admin or @object.is_invited)
+ logger.warn "User #{@object.uuid} called users.activate " +
+ "but is not invited"
+ raise ArgumentError.new "Cannot activate without being invited."
+ end
act_as_system_user do
required_uuids = Link.where(owner_uuid: system_user_uuid,
link_class: 'signature',
@@ -60,23 +64,22 @@ class Arvados::V1::UsersController < ApplicationController
link_class: 'signature',
name: 'click',
tail_kind: 'arvados#user',
- tail_uuid: target_user_uuid,
+ tail_uuid: @object.uuid,
head_kind: 'arvados#collection',
head_uuid: required_uuids).
collect(&:head_uuid)
todo_uuids = required_uuids - signed_uuids
if todo_uuids == []
- @user.update_attributes is_active: true
- logger.info "User #{@user.uuid} activated"
+ @object.update_attributes is_active: true
+ logger.info "User #{@object.uuid} activated"
else
- logger.warn "User #{@user.uuid} called users.activate " +
+ logger.warn "User #{@object.uuid} called users.activate " +
"before signing agreements #{todo_uuids.inspect}"
raise ArgumentError.new \
"Cannot activate without user agreements #{todo_uuids.inspect}."
end
end
end
- @object = @user
show
end
end
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index e628eda..0364c08 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -19,6 +19,7 @@ class User < ArvadosModel
t.add :identity_url
t.add :is_active
t.add :is_admin
+ t.add :is_invited
t.add :prefs
end
@@ -28,6 +29,12 @@ class User < ArvadosModel
"#{first_name} #{last_name}"
end
+ def is_invited
+ (self.is_active ||
+ Rails.configuration.new_users_are_active ||
+ self.groups_i_can(:read).select { |x| x.match /-f+$/ }.first)
+ end
+
def groups_i_can(verb)
self.group_permissions.select { |uuid, mask| mask[verb] }.keys
end
diff --git a/services/api/test/fixtures/api_client_authorizations.yml b/services/api/test/fixtures/api_client_authorizations.yml
index 7effb2f..94dabf9 100644
--- a/services/api/test/fixtures/api_client_authorizations.yml
+++ b/services/api/test/fixtures/api_client_authorizations.yml
@@ -30,6 +30,12 @@ inactive:
api_token: 5s29oj2hzmcmpq80hx9cta0rl5wuf3xfd6r7disusaptz7h9m0
expires_at: 2038-01-01 00:00:00
+inactive_uninvited:
+ api_client: untrusted
+ user: inactive_uninvited
+ api_token: 62mhllc0otp78v08e3rpa3nsmf8q8ogk47f7u5z4erp5gpj9al
+ expires_at: 2038-01-01 00:00:00
+
inactive_but_signed_user_agreement:
api_client: untrusted
user: inactive_but_signed_user_agreement
diff --git a/services/api/test/fixtures/groups.yml b/services/api/test/fixtures/groups.yml
index ebf2234..c9b52dc 100644
--- a/services/api/test/fixtures/groups.yml
+++ b/services/api/test/fixtures/groups.yml
@@ -3,3 +3,8 @@ public:
owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
name: Public
description: Public Group
+
+all_users:
+ uuid: zzzzz-j7d0g-fffffffffffffff
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ name: All users
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 4d5bfe5..e871c9b 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -45,3 +45,35 @@ user_agreement_signed_by_inactive:
head_kind: arvados#collection
head_uuid: b519d9cb706a29fc7ea24dbea2f05851
properties: {}
+
+inactive_user_member_of_all_users_group:
+ uuid: zzzzz-o0j2j-osckxpy5hl5fjk5
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2013-12-26T20:52:21Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ modified_at: 2013-12-26T20:52:21Z
+ updated_at: 2013-12-26T20:52:21Z
+ tail_kind: arvados#user
+ tail_uuid: zzzzz-tpzed-x9kqpd79egh49c7
+ link_class: permission
+ name: can_read
+ head_kind: arvados#group
+ head_uuid: zzzzz-j7d0g-fffffffffffffff
+ properties: {}
+
+inactive_signed_ua_user_member_of_all_users_group:
+ uuid: zzzzz-o0j2j-qkhyjcr6tidk652
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2013-12-26T20:52:21Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ modified_at: 2013-12-26T20:52:21Z
+ updated_at: 2013-12-26T20:52:21Z
+ tail_kind: arvados#user
+ tail_uuid: zzzzz-tpzed-7sg468ezxwnodxs
+ link_class: permission
+ name: can_read
+ head_kind: arvados#group
+ head_uuid: zzzzz-j7d0g-fffffffffffffff
+ properties: {}
diff --git a/services/api/test/fixtures/users.yml b/services/api/test/fixtures/users.yml
index c6f25d6..ab43907 100644
--- a/services/api/test/fixtures/users.yml
+++ b/services/api/test/fixtures/users.yml
@@ -20,6 +20,16 @@ active:
is_admin: false
prefs: {}
+inactive_uninvited:
+ uuid: zzzzz-tpzed-rf2ec3ryh4vb5ma
+ email: inactive-uninvited-user at arvados.local
+ first_name: Inactive and Uninvited
+ last_name: User
+ identity_url: https://inactive-uninvited-user.openid.local
+ is_active: false
+ is_admin: false
+ prefs: {}
+
inactive:
uuid: zzzzz-tpzed-x9kqpd79egh49c7
email: inactive-user at arvados.local
diff --git a/services/api/test/functional/arvados/v1/user_agreements_controller_test.rb b/services/api/test/functional/arvados/v1/user_agreements_controller_test.rb
index 41c81cb..05bdef5 100644
--- a/services/api/test/functional/arvados/v1/user_agreements_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/user_agreements_controller_test.rb
@@ -33,4 +33,14 @@ class Arvados::V1::UserAgreementsControllerTest < ActionController::TestCase
assert_not_nil agreements_list['items'][0]
end
+ test "uninvited user receives empty list of user agreements" do
+ authorize_with :inactive_uninvited
+ get :index
+ assert_response :success
+ assert_not_nil assigns(:objects)
+ agreements_list = JSON.parse(@response.body)
+ assert_not_nil agreements_list['items']
+ assert_nil agreements_list['items'][0]
+ end
+
end
diff --git a/services/api/test/test_helper.rb b/services/api/test/test_helper.rb
index 9955a35..8c12ffb 100644
--- a/services/api/test/test_helper.rb
+++ b/services/api/test/test_helper.rb
@@ -19,3 +19,6 @@ class ActiveSupport::TestCase
# Add more helper methods to be used by all tests here...
end
+
+# Ensure permissions are computed from the test fixtures.
+User.invalidate_permissions_cache
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list