[ARVADOS] created: ad02c4a8569b1cbf7336b5d65beb065e17420d56
git at public.curoverse.com
git at public.curoverse.com
Thu Jul 31 22:02:59 EDT 2014
at ad02c4a8569b1cbf7336b5d65beb065e17420d56 (commit)
commit ad02c4a8569b1cbf7336b5d65beb065e17420d56
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date: Thu Jul 31 22:02:50 2014 -0400
Added special case to ArvadosModel#readable_by so that a name link going from a
readable group or user uuid confers permission to read the collection. Added
unit test.
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 5cd0c77..1247e36 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -146,6 +146,12 @@ class ArvadosModel < ActiveRecord::Base
sql_params += [uuid_list]
end
+ if sql_table == "collections" and users_list.any?
+ # There is a 'name' link going from a readable group to the collection.
+ name_links = "(SELECT head_uuid FROM links WHERE link_class='name' AND tail_uuid IN (#{sanitized_uuid_list}))"
+ sql_conds += ["#{sql_table}.uuid IN #{name_links}"]
+ end
+
# Link head points to this row, or to the owner of this row (the thing to be read)
#
# Link tail originates from this user, or a group that is readable by this
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index c221c7f..ebaeb78 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -633,3 +633,19 @@ anonymous_group_can_read_empty_collection:
name: can_read
tail_uuid: zzzzz-j7d0g-anonymouspublic
head_uuid: d41d8cd98f00b204e9800998ecf8427e+0
+
+baz_collection_name_in_asubproject:
+ uuid: zzzzz-o0j2j-bazprojectname2
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ created_at: 2014-04-21 15:37:48 -0400
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ modified_at: 2014-04-21 15:37:48 -0400
+ updated_at: 2014-04-21 15:37:48 -0400
+ tail_uuid: zzzzz-j7d0g-axqo7eu9pwvna1x
+ head_uuid: ea10d51bcf88862dbcc36eb292017dfd+45
+ link_class: name
+ # This should resemble the default name assigned when a
+ # Collection is added to a Project.
+ name: "ea10d51bcf88862dbcc36eb292017dfd+45 added sometime"
+ properties: {}
diff --git a/services/api/test/functional/arvados/v1/groups_controller_test.rb b/services/api/test/functional/arvados/v1/groups_controller_test.rb
index d6ac3ce..d7595ad 100644
--- a/services/api/test/functional/arvados/v1/groups_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/groups_controller_test.rb
@@ -90,6 +90,17 @@ class Arvados::V1::GroupsControllerTest < ActionController::TestCase
check_project_contents_response
end
+ test "user with project read permission can see project collections" do
+ authorize_with :project_viewer
+ get :contents, {
+ id: groups(:asubproject).uuid,
+ format: :json,
+ include_linked: true,
+ }
+ ids = json_response['items'].map { |item| item["uuid"] }
+ assert_includes ids, collections(:baz_file).uuid
+ end
+
test 'list objects across multiple projects' do
authorize_with :project_viewer
get :contents, {
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list