[ARVADOS] updated: 381926c94a3b41d04101f68ec6a33e88fc795254
git at public.curoverse.com
git at public.curoverse.com
Fri Aug 8 17:40:04 EDT 2014
Summary of changes:
.../arvados/v1/repositories_controller.rb | 7 ++---
services/api/test/fixtures/authorized_keys.yml | 16 +++++++++++
.../arvados/v1/repositories_controller_test.rb | 32 ++++++++++++++++++++++
3 files changed, 51 insertions(+), 4 deletions(-)
via 381926c94a3b41d04101f68ec6a33e88fc795254 (commit)
from 6d0b4ad4696fa11a3e940cb731f134a61fc26729 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 381926c94a3b41d04101f68ec6a33e88fc795254
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 8 17:32:03 2014 -0400
Fix repositories.get_all_permissions, add tests. closes #3546
diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 8b45c56..94c172d 100644
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -7,6 +7,7 @@ class Arvados::V1::RepositoriesController < ApplicationController
User.includes(:authorized_keys).all.each do |u|
@users[u.uuid] = u
end
+ admins = @users.select { |k,v| v.is_admin }
@user_aks = {}
@repo_info = {}
@repos = Repository.includes(:permissions).all
@@ -29,10 +30,8 @@ class Arvados::V1::RepositoriesController < ApplicationController
end
end
# Owner of the repository, and all admins, can RW
- ([repo.owner_uuid] + @users.keys).each do |user_uuid|
- %w(can_read can_write).each do |name|
- perms << {name: name, user_uuid: user_uuid}
- end
+ ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+ perms << {name: 'can_write', user_uuid: user_uuid}
end
perms.each do |perm|
user_uuid = perm[:user_uuid]
diff --git a/services/api/test/fixtures/authorized_keys.yml b/services/api/test/fixtures/authorized_keys.yml
index 1e9e158..b0103fa 100644
--- a/services/api/test/fixtures/authorized_keys.yml
+++ b/services/api/test/fixtures/authorized_keys.yml
@@ -13,3 +13,19 @@ admin:
key_type: SSH
name: admin
public_key: ssh-dss AAAAB3NzaC1kc3MAAACBAKy1IDMGwa7/Yjas77vLSShBE3SzpPXqXu6nRMC9zdIoMdctjhfP+GOOyQQP12rMs16NYmfdOxX+sa2t9syI/8NhDxTmNbHVw2jHimC6SL02v8WHDIw2vaBCVN+CHdeYbZsBB/8/M+2PO3uUWbr0TjoXcxrKYScS/aTTjSAWRg4ZAAAAFQDR/xAdrewj1ORNIQs+kWWdjmiO0wAAAIBC+G92r2ZeGaHLCMI0foKnfuQzg9fKp5krEvE6tvRNju7iOqtB9xe1qsAqr6GPZQjfSrNPac6T1pxMoh+an4PfNs5xgBIpvy93oqALd4maQt6483vsIyVCw6nQD7s/8IpIHpwxFEFs5/5moYxzY64eY0ldSXJwvPsrBTruhuUdugAAAIBut96rWQYTnYUdngyUK9EoJzgKn3l7gg0IQoFC4hS96D8vUm0wIdSEQHt01pSc0KR1Nnb4JrnNz/qCH45wOy5oB9msQ/2Pq2brTDZJcIPcN1LbMCps9PetUruz1OjK1NzDuLmvsrP3GBLxJrtmrCoKHLzPZ6QSefW0OymFgaDFGg==
+
+spectator:
+ uuid: zzzzz-fngyi-3uze1ipbnz2c2c2
+ owner_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ authorized_user_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ key_type: SSH
+ name: spectator
+ public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJK4hxmgXzg1gty+91JfkpgikAZxTvFTQoaFUJYTHIygz2V3FgU64NkK3yfwh+bhs7n8YIMftuCHfojKEJTtedbiv/mYpItetzdOwYONCGSEk1VnfipGhnFvL7FZDESTxLN9KNve3ZmZh8HvO6s8fdlTlqTTNKpsdwLiQn2s3W1TWvru/NP504MD5qPeZ4+8jZEh/uiuRaeXqPDAlE9QGPV4FRAA1xo0dBZIrRMwQC8kOttq/i2pLgHq1xW9p4J23oV68O/kkeBb7VwrX3Av/M61kvRsP8tA5gqh+HMKVO2qTP4yG6eGkAobIokQAcyZetPQIDmfVeoB0NzwPfAy4r
+
+project_viewer:
+ uuid: zzzzz-fngyi-5d3av1396niwcej
+ owner_uuid: zzzzz-tpzed-projectviewer1a
+ authorized_user_uuid: zzzzz-tpzed-projectviewer1a
+ key_type: SSH
+ name: project_viewer
+ public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPkOJMQzT9n6RousrLMU7c/KFKTI7I5JifDIEtGJJ1MMZW0GVoxtXALU90HcaRjEOwGPvQPxj7IDYqXs2N9uvm8SUWJMiz6c8NIjhGTkUoOnTFl4E9YTvkkKNs0P+3eT1Y+6zfTcFJHKP3AR4kZX+oiPHowRpCIlnLjXCFxX+E+YI554A7bS4yfOZO9lf6vtiT9I+6EqxC8a0hzZauPC1ZC3d/AFgBnrXJ2fBlAEySznru39quHN1u3v4qHTyaO2pDbG6vdI6O3JDCXCJKRv/B2FLuLTlzB0YesM1FiE6w8QgPxqb42B+uWTZb969UZliH8Pzw/mscOLAjmARDC02z
diff --git a/services/api/test/functional/arvados/v1/repositories_controller_test.rb b/services/api/test/functional/arvados/v1/repositories_controller_test.rb
index 4b1381e..0793d12 100644
--- a/services/api/test/functional/arvados/v1/repositories_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/repositories_controller_test.rb
@@ -42,6 +42,38 @@ class Arvados::V1::RepositoriesControllerTest < ActionController::TestCase
end
end
+ test "get_all_permissions does not give any access to user without permission" do
+ authorize_with :admin
+ get :get_all_permissions
+ assert_response :success
+ assert_equal(authorized_keys(:project_viewer).authorized_user_uuid,
+ users(:project_viewer).uuid,
+ "project_viewer must have an authorized_key for this test to work")
+ json_response['repositories'].each do |repo|
+ assert_equal(false,
+ repo['user_permissions'].has_key?(users(:project_viewer).uuid),
+ "project_viewer user should not have perms for #{repo['uuid']}")
+ end
+ end
+
+ test "get_all_permissions gives gitolite R to user with read-only access" do
+ authorize_with :admin
+ get :get_all_permissions
+ assert_response :success
+ found_it = false
+ assert_equal(authorized_keys(:spectator).authorized_user_uuid,
+ users(:spectator).uuid,
+ "spectator must have an authorized_key for this test to work")
+ json_response['repositories'].each do |repo|
+ next unless repo['uuid'] == repositories(:foo).uuid
+ assert_equal('R',
+ repo['user_permissions'][users(:spectator).uuid]['gitolite_permissions'],
+ "spectator user should have just R access to #{repo['uuid']}")
+ found_it = true
+ end
+ assert_equal true, found_it, "spectator user does not have R on foo repo"
+ end
+
test "get_all_permissions provides admin and active user keys" do
authorize_with :admin
get :get_all_permissions
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list