[ARVADOS] updated: 2e66bcd03991218292328f09c5520876862eb5e1

git at public.curoverse.com git at public.curoverse.com
Fri Jul 18 17:15:33 EDT 2014


Summary of changes:
 apps/workbench/app/helpers/application_helper.rb   |  4 ++++
 .../db/migrate/20140714184006_empty_collection.rb  |  9 ++++----
 services/api/lib/current_api_client.rb             | 13 ++++++++----
 services/api/test/fixtures/collections.yml         | 14 +------------
 services/api/test/fixtures/links.yml               | 16 +++++++++++++++
 services/api/test/integration/permissions_test.rb  | 24 ++--------------------
 6 files changed, 37 insertions(+), 43 deletions(-)

       via  2e66bcd03991218292328f09c5520876862eb5e1 (commit)
      from  a96adab2a4758c7a969156621c0ed4fe710b98c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 2e66bcd03991218292328f09c5520876862eb5e1
Author: Tim Pierce <twp at curoverse.com>
Date:   Thu Jul 17 14:41:12 2014 -0400

    3072: anonymous group can_read empty collection
    
    empty_collection is owned by the system user, like all other
    collections. When it is created, a permission link is also created
    giving the anonymous group permission to read it.
    
    Added test fixtures for the empty collection and its associated
    permission link.
    
    Workbench renders links to the empty collection as "Empty Collection".
    
    The unit test and integration tests focus just on the empty
    collection (other collection ownership/readability issues will be
    addressed elsewhere).

diff --git a/apps/workbench/app/helpers/application_helper.rb b/apps/workbench/app/helpers/application_helper.rb
index d1bac0c..5b5034f 100644
--- a/apps/workbench/app/helpers/application_helper.rb
+++ b/apps/workbench/app/helpers/application_helper.rb
@@ -90,6 +90,10 @@ module ApplicationHelper
       if !link_name
         link_name = object.andand.default_name || resource_class.default_name
 
+        if resource_class == Collection && Collection.is_empty_blob_locator?(link_uuid)
+          link_name = "Empty Collection"
+        end
+
         if opts[:friendly_name]
           if attrvalue.respond_to? :friendly_link_name
             link_name = attrvalue.friendly_link_name
diff --git a/services/api/db/migrate/20140714184006_empty_collection.rb b/services/api/db/migrate/20140714184006_empty_collection.rb
index 2afd582..deb6bf0 100644
--- a/services/api/db/migrate/20140714184006_empty_collection.rb
+++ b/services/api/db/migrate/20140714184006_empty_collection.rb
@@ -2,12 +2,13 @@ class EmptyCollection < ActiveRecord::Migration
   include CurrentApiClient
 
   def up
-    empty_collection
+    act_as_system_user do
+      empty_collection
+    end
   end
 
   def down
-    act_as_system_user do
-      empty_collection.destroy
-    end
+    # do nothing when migrating down (having the empty collection
+    # and a permission link for it is harmless)
   end
 end
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 7100f3a..b4e6bbc 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -165,10 +165,15 @@ module CurrentApiClient
   def empty_collection
     if not $empty_collection
       act_as_system_user do
-        $empty_collection = Collection.
-          where(uuid: empty_collection_uuid).
-          first_or_create!(owner_uuid: anonymous_group_uuid,
-                           manifest_text: '')
+        ActiveRecord::Base.transaction do
+          $empty_collection = Collection.
+            where(uuid: empty_collection_uuid).
+            first_or_create!(manifest_text: '')
+          Link.where(tail_uuid: anonymous_group_uuid,
+                     head_uuid: empty_collection_uuid,
+                     link_class: 'permission',
+                     name: 'can_read').first_or_create!
+        end
       end
     end
     $empty_collection
diff --git a/services/api/test/fixtures/collections.yml b/services/api/test/fixtures/collections.yml
index 73ec920..8a11803 100644
--- a/services/api/test/fixtures/collections.yml
+++ b/services/api/test/fixtures/collections.yml
@@ -70,22 +70,10 @@ docker_image:
   updated_at: 2014-06-11T17:22:54Z
   manifest_text: ". d21353cfe035e3e384563ee55eadbb2f+67108864 5c77a43e329b9838cbec18ff42790e57+55605760 0:122714624:d8309758b8fe2c81034ffc8a10c36460b77db7bc5e7b448c4e5b684f9d95a678.tar\n"
 
-anonymous:
-  # Collection owned by the anonymous group
-  # (should be readable by all users)
-  uuid: 39e4ec5e67d7c6c8dcb549d7593180af+32
-  owner_uuid: zzzzz-j7d0g-anonymouspublic
-  created_at: 2014-06-11T17:22:54Z
-  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
-  modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
-  modified_at: 2014-06-11T17:22:54Z
-  updated_at: 2014-06-11T17:22:54Z
-  manifest_text: ". anonymous-collection-file.txt\n"
-
 empty:
   # Empty collection owned by anonymous_group is added with rake db:seed.
   uuid: d41d8cd98f00b204e9800998ecf8427e+0
-  owner_uuid: zzzzz-j7d0g-anonymouspublic
+  owner_uuid: zzzzz-tpzed-000000000000000
   created_at: 2014-06-11T17:22:54Z
   modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
   modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 313db7f..8c968b6 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -600,3 +600,19 @@ ancient_docker_image_collection_hash:
   head_uuid: b519d9cb706a29fc7ea24dbea2f05851+249025
   properties:
     image_timestamp: "2010-06-10T14:30:00.184019565Z"
+
+anonymous_group_can_read_empty_collection:
+  # Permission link giving anonymous_group permission to read the
+  # empty collection. This link is added in production by the
+  # empty_collection helper.
+  uuid: zzzzz-o0j2j-emptycollection
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-06-13 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-tpzed-000000000000000
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-06-13 20:42:26 -0800
+  updated_at: 2014-06-13 20:42:26 -0800
+  link_class: permission
+  name: can_read
+  tail_uuid: zzzzz-j7d0g-anonymouspublic
+  head_uuid: d41d8cd98f00b204e9800998ecf8427e+0
diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb
index 26a0f02..44b5e6e 100644
--- a/services/api/test/integration/permissions_test.rb
+++ b/services/api/test/integration/permissions_test.rb
@@ -362,29 +362,9 @@ class PermissionsTest < ActionDispatch::IntegrationTest
     assert_response 403
   end
 
-  test "active user can read an object in the anonymous group" do
-    # make sure there is no link explicitly granting permission to
-    # the anonymous collection or its owner
-    get("/arvados/v1/permissions/#{collections(:anonymous).owner_uuid}",
-        { :format => :json },
-        auth(:admin))
-    assert_response :success
-    assert_empty json_response['items']
-
-    get("/arvados/v1/permissions/#{collections(:anonymous).uuid}",
-        { :format => :json },
-        auth(:admin))
-    assert_response :success
-    assert_empty json_response['items']
-
-    # the active user should still be able to read the anonymous collection.
-    get("/arvados/v1/collections/#{collections(:anonymous).uuid}",
-        { :format => :json },
-        auth(:active))
-    assert_response :success
-    assert_equal json_response['manifest_text'], collections(:anonymous).manifest_text
+  test "active user can read the empty collection" do
+    # The active user should be able to read the empty collection.
 
-    # the active user should be able to read the empty collection
     get("/arvados/v1/collections/#{empty_collection_uuid}",
         { :format => :json },
         auth(:active))

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list