[ARVADOS] created: ad02c4a8569b1cbf7336b5d65beb065e17420d56

git at public.curoverse.com git at public.curoverse.com
Thu Jul 31 22:02:59 EDT 2014


        at  ad02c4a8569b1cbf7336b5d65beb065e17420d56 (commit)


commit ad02c4a8569b1cbf7336b5d65beb065e17420d56
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Thu Jul 31 22:02:50 2014 -0400

    Added special case to ArvadosModel#readable_by so that a name link going from a
    readable group or user uuid confers permission to read the collection.  Added
    unit test.

diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 5cd0c77..1247e36 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -146,6 +146,12 @@ class ArvadosModel < ActiveRecord::Base
         sql_params += [uuid_list]
       end
 
+      if sql_table == "collections" and users_list.any?
+        # There is a 'name' link going from a readable group to the collection.
+        name_links = "(SELECT head_uuid FROM links WHERE link_class='name' AND tail_uuid IN (#{sanitized_uuid_list}))"
+        sql_conds += ["#{sql_table}.uuid IN #{name_links}"]
+      end
+
       # Link head points to this row, or to the owner of this row (the thing to be read)
       #
       # Link tail originates from this user, or a group that is readable by this
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index c221c7f..ebaeb78 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -633,3 +633,19 @@ anonymous_group_can_read_empty_collection:
   name: can_read
   tail_uuid: zzzzz-j7d0g-anonymouspublic
   head_uuid: d41d8cd98f00b204e9800998ecf8427e+0
+
+baz_collection_name_in_asubproject:
+  uuid: zzzzz-o0j2j-bazprojectname2
+  owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  created_at: 2014-04-21 15:37:48 -0400
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  modified_at: 2014-04-21 15:37:48 -0400
+  updated_at: 2014-04-21 15:37:48 -0400
+  tail_uuid: zzzzz-j7d0g-axqo7eu9pwvna1x
+  head_uuid: ea10d51bcf88862dbcc36eb292017dfd+45
+  link_class: name
+  # This should resemble the default name assigned when a
+  # Collection is added to a Project.
+  name: "ea10d51bcf88862dbcc36eb292017dfd+45 added sometime"
+  properties: {}
diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb
index d6ac3ce..d7595ad 100644
--- a/services/api/test/functional/arvados/v1/groups_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb
@@ -90,6 +90,17 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase
     check_project_contents_response
   end
 
+  test "user with project read permission can see project collections" do
+    authorize_with :project_viewer
+    get :contents, {
+      id: groups(:asubproject).uuid,
+      format: :json,
+      include_linked: true,
+    }
+    ids = json_response['items'].map { |item| item["uuid"] }
+    assert_includes ids, collections(:baz_file).uuid
+  end
+
   test 'list objects across multiple projects' do
     authorize_with :project_viewer
     get :contents, {

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list