[ARVADOS] updated: 68aa07e5c152fd573e254614b34b71957b50ad8c

git at public.curoverse.com git at public.curoverse.com
Fri Jul 18 17:39:52 EDT 2014 

Summary of changes:
 services/api/app/models/arvados_model.rb  | 20 +++++++++++---------
 services/api/test/unit/permission_test.rb | 14 +++++++++++---
 2 files changed, 22 insertions(+), 12 deletions(-)

       via  68aa07e5c152fd573e254614b34b71957b50ad8c (commit)
       via  3c2d73031843545d70a2d38542c79a99f270d207 (commit)
      from  f38d011a7289e2c1819dd7cbb76a738a24e9c825 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 68aa07e5c152fd573e254614b34b71957b50ad8c
Author: Tom Clegg <tom at curoverse.com>
Date:   Fri Jul 18 17:37:05 2014 -0400

    3214: Readability: rearrange conditionals, and say "old" instead of "existing"

diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 469b0a3..5cd0c77 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -209,15 +209,17 @@ class ArvadosModel < ActiveRecord::Base
     if new_record? and respond_to? :owner_uuid=
       self.owner_uuid ||= current_user.uuid
     end
-    if owner_uuid_changed? and owner_uuid_was
-      # Verify permission to write to existing owner
-      unless current_user.uuid == self.owner_uuid_was or
-          current_user.uuid == self.uuid or
-          current_user.can? write: self.owner_uuid_was
-        logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{uuid} but does not have permission to write existing owner_uuid #{owner_uuid_was}"
-        errors.add :owner_uuid, "cannot be changed without write permission on existing owner"
-        raise PermissionDeniedError
-      end
+    # Verify permission to write to old owner (unless owner_uuid was
+    # nil -- or hasn't changed, in which case the following
+    # "permission to write to new owner" block will take care of us)
+    unless !owner_uuid_changed? or
+        owner_uuid_was.nil? or
+        current_user.uuid == self.owner_uuid_was or
+        current_user.uuid == self.uuid or
+        current_user.can? write: self.owner_uuid_was
+      logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{uuid} but does not have permission to write old owner_uuid #{owner_uuid_was}"
+      errors.add :owner_uuid, "cannot be changed without write permission on old owner"
+      raise PermissionDeniedError
     end
     # Verify permission to write to new owner
     unless current_user == self or current_user.can? write: owner_uuid

commit 3c2d73031843545d70a2d38542c79a99f270d207
Author: Tom Clegg <tom at curoverse.com>
Date:   Fri Jul 18 17:35:05 2014 -0400

    3214: Split independent unit tests into separate test cases.

diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index 7a6e482..1ea1419 100644
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -132,26 +132,34 @@ class PermissionTest < ActiveSupport::TestCase
     end
   end
 
-  test "user cannot use owner_uuid without write permission on new owner" do
+  test "cannot create with owner = unwritable user" do
     set_user_from_auth :rominiadmin
-
     assert_raises ArvadosModel::PermissionDeniedError, "created with owner = unwritable user" do
       Specimen.create!(owner_uuid: users(:active).uuid)
     end
+  end
 
+  test "cannot change owner to unwritable user" do
+    set_user_from_auth :rominiadmin
     ob = Specimen.create!
     assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable user" do
       ob.update_attributes!(owner_uuid: users(:active).uuid)
     end
+  end
 
+  test "cannot create with owner = unwritable group" do
+    set_user_from_auth :rominiadmin
     assert_raises ArvadosModel::PermissionDeniedError, "created with owner = unwritable group" do
       Specimen.create!(owner_uuid: groups(:aproject).uuid)
     end
+  end
 
+  test "cannot change owner to unwritable group" do
+    set_user_from_auth :rominiadmin
     ob = Specimen.create!
     assert_raises ArvadosModel::PermissionDeniedError, "changed owner to unwritable group" do
       ob.update_attributes!(owner_uuid: groups(:aproject).uuid)
     end
-
   end
+
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list