[ARVADOS] updated: 65a085e1a2812e48a6f4b21d5229430549fb8791

Fri Mar 21 16:38:15 EDT 2014

Summary of changes:
 .../functional/arvados/v1/users_controller_test.rb |   28 ++++++++++++++++++++
 1 files changed, 28 insertions(+), 0 deletions(-)

       via  65a085e1a2812e48a6f4b21d5229430549fb8791 (commit)
      from  2d2e5e107fc258c2d6c864f61cb0b03b901c2088 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 65a085e1a2812e48a6f4b21d5229430549fb8791
Author: radhika chippada <radhika at radhika.curoverse>
Date:   Fri Mar 21 16:36:47 2014 -0400

    Add negative functional tests where a non-admin user invokes create or setup actions

diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index 1177f17..d74f8e7 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -296,6 +296,34 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
         @vm_uuid, created['uuid'], 'arvados#virtualMachine', false
   end
 
+  test "try to create user as non admin user" do
+    authorize_with :active
+
+    post :create, {
+      user: {email: 'abc at xyz.com'}
+    }
+
+    response_body = JSON.parse(@response.body)
+    response_errors = response_body['errors']
+    assert_not_nil response_errors, 'Expected error in response'
+    assert (response_errors.first.include? 'PermissionDenied'), 
+          'Expected PermissionDeniedError'
+  end
+
+  test "try to setup user as non admin user" do
+    authorize_with :active
+
+    post :setup, {
+      user: {email: 'abc at xyz.com'}
+    }
+
+    response_body = JSON.parse(@response.body)
+    response_errors = response_body['errors']
+    assert_not_nil response_errors, 'Expected error in response'
+    assert (response_errors.first.include? 'PermissionDenied'), 
+          'Expected PermissionDeniedError'
+  end
+
   def verify_num_links (original_links, expected_additional_links)
     links_now = Link.all
     assert_equal original_links.size+expected_additional_links, Link.all.size,

-----------------------------------------------------------------------


hooks/post-receive
-- 


