[ARVADOS] updated: 3c98bafafb83a5ab76251472ed3f65aa291f3e9d

git at public.curoverse.com git at public.curoverse.com
Mon Feb 3 21:02:35 EST 2014 

Summary of changes:
 .../test/fixtures/api_client_authorizations.yml    |    6 +
 services/api/test/fixtures/collections.yml         |   30 ++++++
 services/api/test/fixtures/jobs.yml                |   48 ++++++++++
 services/api/test/fixtures/links.yml               |   97 ++++++++++++++++++++
 services/api/test/fixtures/users.yml               |   10 ++
 .../arvados/v1/collections_controller_test.rb      |   32 +++++++
 6 files changed, 223 insertions(+), 0 deletions(-)

       via  3c98bafafb83a5ab76251472ed3f65aa291f3e9d (commit)
      from  2129d0fd84fa62a5498d9860f3307cd64dc2a704 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 3c98bafafb83a5ab76251472ed3f65aa291f3e9d
Author: Tom Clegg <tom at curoverse.com>
Date:   Mon Feb 3 17:49:20 2014 -0800

    Add tests for permissions enforcement in collections.provenance.
    
    refs #2037
    refs #1977

diff --git a/services/api/test/fixtures/api_client_authorizations.yml b/services/api/test/fixtures/api_client_authorizations.yml
index 94dabf9..60e9fbd 100644
--- a/services/api/test/fixtures/api_client_authorizations.yml
+++ b/services/api/test/fixtures/api_client_authorizations.yml
@@ -24,6 +24,12 @@ active_trustedclient:
   api_token: 27bnddk6x2nmq00a1e3gq43n9tsl5v87a3faqar2ijj8tud5en
   expires_at: 2038-01-01 00:00:00
 
+spectator:
+  api_client: untrusted
+  user: spectator
+  api_token: zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu
+  expires_at: 2038-01-01 00:00:00
+
 inactive:
   api_client: untrusted
   user: inactive
diff --git a/services/api/test/fixtures/collections.yml b/services/api/test/fixtures/collections.yml
index 8cbaea5..85b02ae 100644
--- a/services/api/test/fixtures/collections.yml
+++ b/services/api/test/fixtures/collections.yml
@@ -7,3 +7,33 @@ user_agreement:
   modified_at: 2013-12-26T19:22:54Z
   updated_at: 2013-12-26T19:22:54Z
   manifest_text: ". 6a4ff0499484c6c79c95cd8c566bd25f+249025 0:249025:GNU_General_Public_License,_version_3.pdf\n"
+
+foo_file:
+  uuid: 1f4b0bc7583c2a7f9102c395f4ffc5e3+45
+  owner_uuid: qr1hi-tpzed-000000000000000
+  created_at: 2014-02-03T17:22:54Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-02-03T17:22:54Z
+  updated_at: 2014-02-03T17:22:54Z
+  manifest_text: ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo\n"
+
+bar_file:
+  uuid: fa7aeb5140e2848d39b416daeef4ffc5+45
+  owner_uuid: qr1hi-tpzed-000000000000000
+  created_at: 2014-02-03T17:22:54Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-02-03T17:22:54Z
+  updated_at: 2014-02-03T17:22:54Z
+  manifest_text: ". 37b51d194a7513e45b56f6524f2d51f2+3 0:3:bar\n"
+
+baz_file:
+  uuid: ea10d51bcf88862dbcc36eb292017dfd+45
+  owner_uuid: qr1hi-tpzed-000000000000000
+  created_at: 2014-02-03T17:22:54Z
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-02-03T17:22:54Z
+  updated_at: 2014-02-03T17:22:54Z
+  manifest_text: ". 73feffa4b7f6bb68e44cf984c85f6e88+3 0:3:baz\n"
diff --git a/services/api/test/fixtures/jobs.yml b/services/api/test/fixtures/jobs.yml
index 39900ee..4adf985 100644
--- a/services/api/test/fixtures/jobs.yml
+++ b/services/api/test/fixtures/jobs.yml
@@ -61,3 +61,51 @@ uses_nonexistent_script_version:
     running: 0
     done: 1
   runtime_constraints: {}
+
+foobar:
+  uuid: zzzzz-8i9sb-aceg2bnq7jt7kon
+  owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  cancelled_at: ~
+  cancelled_by_user_uuid: ~
+  cancelled_by_client_uuid: ~
+  script_version: 7def43a4d3f20789dda4700f703b5514cc3ed250
+  script_parameters:
+    input: 1f4b0bc7583c2a7f9102c395f4ffc5e3+45
+  started_at: <%= 3.minute.ago.to_s(:db) %>
+  finished_at: <%= 2.minute.ago.to_s(:db) %>
+  running: false
+  success: true
+  output: fa7aeb5140e2848d39b416daeef4ffc5+45
+  priority: ~
+  log: d41d8cd98f00b204e9800998ecf8427e+0
+  is_locked_by_uuid: ~
+  tasks_summary:
+    failed: 0
+    todo: 0
+    running: 0
+    done: 1
+  runtime_constraints: {}
+
+barbaz:
+  uuid: zzzzz-8i9sb-cjs4pklxxjykyuq
+  owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  cancelled_at: ~
+  cancelled_by_user_uuid: ~
+  cancelled_by_client_uuid: ~
+  script_version: 7def43a4d3f20789dda4700f703b5514cc3ed250
+  script_parameters:
+    input: fa7aeb5140e2848d39b416daeef4ffc5+45
+  started_at: <%= 3.minute.ago.to_s(:db) %>
+  finished_at: <%= 2.minute.ago.to_s(:db) %>
+  running: false
+  success: true
+  output: ea10d51bcf88862dbcc36eb292017dfd+45
+  priority: ~
+  log: d41d8cd98f00b204e9800998ecf8427e+0
+  is_locked_by_uuid: ~
+  tasks_summary:
+    failed: 0
+    todo: 0
+    running: 0
+    done: 1
+  runtime_constraints: {}
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 24b76c6..da5b144 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -78,6 +78,22 @@ user_agreement_signed_by_inactive:
   head_uuid: b519d9cb706a29fc7ea24dbea2f05851
   properties: {}
 
+spectator_user_member_of_all_users_group:
+  uuid: zzzzz-o0j2j-0s8ql1redzf8kvn
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#user
+  tail_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+  link_class: permission
+  name: can_read
+  head_kind: arvados#group
+  head_uuid: zzzzz-j7d0g-fffffffffffffff
+  properties: {}
+
 inactive_user_member_of_all_users_group:
   uuid: zzzzz-o0j2j-osckxpy5hl5fjk5
   owner_uuid: zzzzz-tpzed-000000000000000
@@ -109,3 +125,84 @@ inactive_signed_ua_user_member_of_all_users_group:
   head_kind: arvados#group
   head_uuid: zzzzz-j7d0g-fffffffffffffff
   properties: {}
+
+foo_file_readable_by_active:
+  uuid: zzzzz-o0j2j-dp1d8395ldqw22r
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#user
+  tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  link_class: permission
+  name: can_read
+  head_kind: arvados#collection
+  head_uuid: 1f4b0bc7583c2a7f9102c395f4ffc5e3+45
+  properties: {}
+
+bar_file_readable_by_active:
+  uuid: zzzzz-o0j2j-8hppiuduf8eqdng
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#user
+  tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  link_class: permission
+  name: can_read
+  head_kind: arvados#collection
+  head_uuid: fa7aeb5140e2848d39b416daeef4ffc5+45
+  properties: {}
+
+bar_file_readable_by_spectator:
+  uuid: zzzzz-o0j2j-0mhldkqozsltcli
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#user
+  tail_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+  link_class: permission
+  name: can_read
+  head_kind: arvados#collection
+  head_uuid: fa7aeb5140e2848d39b416daeef4ffc5+45
+  properties: {}
+
+baz_file_publicly_readable:
+  uuid: zzzzz-o0j2j-132ne3lk954vtoc
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#group
+  tail_uuid: zzzzz-j7d0g-fffffffffffffff
+  link_class: permission
+  name: can_read
+  head_kind: arvados#collection
+  head_uuid: ea10d51bcf88862dbcc36eb292017dfd+45
+  properties: {}
+
+barbaz_job_readable_by_spectator:
+  uuid: zzzzz-o0j2j-cpy7p41hpk531e1
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_kind: arvados#user
+  tail_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+  link_class: permission
+  name: can_read
+  head_kind: arvados#job
+  head_uuid: zzzzz-8i9sb-aceg2bnq7jt7kon
+  properties: {}
+
diff --git a/services/api/test/fixtures/users.yml b/services/api/test/fixtures/users.yml
index ab43907..fd2d6bc 100644
--- a/services/api/test/fixtures/users.yml
+++ b/services/api/test/fixtures/users.yml
@@ -20,6 +20,16 @@ active:
   is_admin: false
   prefs: {}
 
+spectator:
+  uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+  email: spectator at arvados.local
+  first_name: Spect
+  last_name: Ator
+  identity_url: https://spectator.openid.local
+  is_active: true
+  is_admin: false
+  prefs: {}
+
 inactive_uninvited:
   uuid: zzzzz-tpzed-rf2ec3ryh4vb5ma
   email: inactive-uninvited-user at arvados.local
diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb
index 4f33d0b..ad6027c 100644
--- a/services/api/test/functional/arvados/v1/collections_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb
@@ -47,4 +47,36 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase
     assert_response 422
   end
 
+  test "get full provenance for baz file" do
+    authorize_with :active
+    get :provenance, uuid: 'ea10d51bcf88862dbcc36eb292017dfd+45'
+    assert_response :success
+    resp = JSON.parse(@response.body)
+    assert_not_nil resp['ea10d51bcf88862dbcc36eb292017dfd+45'] # baz
+    assert_not_nil resp['fa7aeb5140e2848d39b416daeef4ffc5+45'] # bar
+    assert_not_nil resp['1f4b0bc7583c2a7f9102c395f4ffc5e3+45'] # foo
+    assert_not_nil resp['zzzzz-8i9sb-cjs4pklxxjykyuq'] # bar->baz
+    assert_not_nil resp['zzzzz-8i9sb-aceg2bnq7jt7kon'] # foo->bar
+  end
+
+  test "get no provenance for foo file" do
+    # spectator user cannot even see baz collection
+    authorize_with :spectator
+    get :provenance, uuid: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
+    assert_response 404
+  end
+
+  test "get partial provenance for baz file" do
+    # spectator user can see bar->baz job, but not foo->bar job
+    authorize_with :spectator
+    get :provenance, uuid: 'ea10d51bcf88862dbcc36eb292017dfd+45'
+    assert_response :success
+    resp = JSON.parse(@response.body)
+    assert_not_nil resp['ea10d51bcf88862dbcc36eb292017dfd+45'] # baz
+    assert_not_nil resp['fa7aeb5140e2848d39b416daeef4ffc5+45'] # bar
+    assert_not_nil resp['zzzzz-8i9sb-cjs4pklxxjykyuq']     # bar->baz
+    assert_nil resp['zzzzz-8i9sb-aceg2bnq7jt7kon']         # foo->bar
+    assert_nil resp['1f4b0bc7583c2a7f9102c395f4ffc5e3+45'] # foo
+  end
+
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list