[ARVADOS] updated: 70a5562caebcf51d6d78be640bee8d02ffde8630
git at public.curoverse.com
git at public.curoverse.com
Fri Apr 4 13:37:35 EDT 2014
Summary of changes:
services/api/app/models/user.rb | 13 ++++++++++
.../functional/arvados/v1/users_controller_test.rb | 26 ++++++++++++++++----
2 files changed, 34 insertions(+), 5 deletions(-)
via 70a5562caebcf51d6d78be640bee8d02ffde8630 (commit)
from fcfc87e95a90cbf869d4a66b5e3e87663ad03fe5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 70a5562caebcf51d6d78be640bee8d02ffde8630
Author: radhika chippada <radhika at radhika.curoverse>
Date: Fri Apr 4 13:36:01 2014 -0400
Need to remove the user's "all users" group read permission during unsetup.
This shortcoming became apparent during testing when "is_invited" flag is checked.
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 6db1d3e..77e9778 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -175,6 +175,19 @@ class User < ArvadosModel
Link.delete perm
end
+ # delete "All users' group read permissions for this user
+ group = Group.where(name: 'All users').select do |g|
+ g[:uuid].match /-f+$/
+ end.first
+ group_perms = Link.where(tail_uuid: self.uuid,
+ head_uuid: group[:uuid],
+ head_kind: 'arvados#group',
+ link_class: 'permission',
+ name: 'can_read')
+ group_perms.each do |perm|
+ Link.delete perm
+ end
+
# delete any signatures by this user
signed_uuids = Link.where(link_class: 'signature',
tail_kind: 'arvados#user',
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index 2a7f686..e62eff8 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -659,7 +659,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
@vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
- verify_link_existence created['uuid'], created['email'], true, true, true, false
+ verify_link_existence created['uuid'], created['email'], true, true, true, true, false
# now unsetup this user
post :unsetup, uuid: created['uuid']
@@ -669,7 +669,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
- verify_link_existence created['uuid'], created['email'], false, false, false, false
+ verify_link_existence created['uuid'], created['email'], false, false, false, false, false
end
test "unsetup active user" do
@@ -679,9 +679,10 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
active_user = JSON.parse(@response.body)
assert_not_nil active_user['uuid'], 'expected uuid for the active user'
assert active_user['is_active'], 'expected is_active for active user'
+ assert active_user['is_invited'], 'expected is_invited for active user'
verify_link_existence active_user['uuid'], active_user['email'],
- false, false, false, true
+ false, false, false, true, true
authorize_with :admin
@@ -693,9 +694,10 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
assert !response_user['is_active'], 'expected user to be inactive'
+ assert !response_user['is_invited'], 'expected user to be uninvited'
verify_link_existence response_user['uuid'], response_user['email'],
- false, false, false, false
+ false, false, false, false, false
end
def verify_num_links (original_links, expected_additional_links)
@@ -760,7 +762,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
end
def verify_link_existence uuid, email, expect_oid_login_perms,
- expect_repo_perms, expect_vm_perms, expect_signatures
+ expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
# verify that all links are deleted for the user
oid_login_perms = Link.where(tail_uuid: email,
head_kind: 'arvados#user',
@@ -792,6 +794,20 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
end
+ group = Group.where(name: 'All users').select do |g|
+ g[:uuid].match /-f+$/
+ end.first
+ group_read_perms = Link.where(tail_uuid: uuid,
+ head_uuid: group[:uuid],
+ head_kind: 'arvados#group',
+ link_class: 'permission',
+ name: 'can_read')
+ if expect_group_perms
+ assert group_read_perms.any?, "expected all users group read perms"
+ else
+ assert !group_read_perms.any?, "expected all users group perm deleted"
+ end
+
signed_uuids = Link.where(link_class: 'signature',
tail_kind: 'arvados#user',
tail_uuid: uuid)
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list