[ARVADOS] updated: 8d003a7abe0b4d633c6c125dabbf011394fde2e7
git at public.curoverse.com
git at public.curoverse.com
Thu Mar 27 11:09:32 EDT 2014
Summary of changes:
apps/workbench/app/controllers/users_controller.rb | 10 ++-
apps/workbench/app/models/user.rb | 6 +
.../workbench/app/views/users/_show_admin.html.erb | 8 ++
apps/workbench/config/routes.rb | 1 +
.../app/controllers/arvados/v1/users_controller.rb | 20 +++-
services/api/app/models/user.rb | 44 ++++++++
services/api/config/routes.rb | 1 +
.../functional/arvados/v1/users_controller_test.rb | 115 +++++++++++++++++++-
8 files changed, 201 insertions(+), 4 deletions(-)
via 8d003a7abe0b4d633c6c125dabbf011394fde2e7 (commit)
via 31c6426b70e2b277087188dad2b9b346c904f30b (commit)
from df4897f1390e58825dd8afcc053955c6d3894169 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 8d003a7abe0b4d633c6c125dabbf011394fde2e7
Author: radhika chippada <radhika at radhika.curoverse>
Date: Thu Mar 27 11:05:08 2014 -0400
Story #2068: Invoke the user -> unsetup method when an admin user clicks on the deactivate button in workbench
diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb
index 35c9660..a98bb11 100644
--- a/apps/workbench/app/controllers/users_controller.rb
+++ b/apps/workbench/app/controllers/users_controller.rb
@@ -1,7 +1,7 @@
class UsersController < ApplicationController
skip_before_filter :find_object_by_uuid, :only => [:welcome, :activity]
skip_around_filter :thread_with_mandatory_api_token, :only => :welcome
- before_filter :ensure_current_user_is_admin, only: :sudo
+ before_filter :ensure_current_user_is_admin, only: [:sudo, :unsetup]
def welcome
if current_user
@@ -137,4 +137,12 @@ class UsersController < ApplicationController
f.html { render template: 'users/home' }
end
end
+
+ def unsetup
+ if current_user.andand.is_admin
+ @object.unsetup @object
+ end
+ show
+ end
+
end
diff --git a/apps/workbench/app/models/user.rb b/apps/workbench/app/models/user.rb
index cc9b9bb..aee9a03 100644
--- a/apps/workbench/app/models/user.rb
+++ b/apps/workbench/app/models/user.rb
@@ -38,4 +38,10 @@ class User < ArvadosBase
def friendly_link_name
[self.first_name, self.last_name].compact.join ' '
end
+
+ def unsetup user
+ res = $arvados_api_client.api(user.class, "/#{user.uuid}/unsetup", {})
+ $arvados_api_client.unpack_api_response(res)
+ end
+
end
diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb
index 6e60b5d..aa8b07c 100644
--- a/apps/workbench/app/views/users/_show_admin.html.erb
+++ b/apps/workbench/app/views/users/_show_admin.html.erb
@@ -5,3 +5,11 @@ account.</p>
<blockquote>
<%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
</blockquote>
+
+<p>As an admin, you can deactivate this user.</p>
+
+<blockquote>
+<%= link_to "Deactivate #{@object.full_name}", { action: 'unsetup', id: @object.uuid }, { confirm: "Are you sure you want to deactivate #{@object.full_name}?", method: 'get' } %>
+</blockquote>
+
+
diff --git a/apps/workbench/config/routes.rb b/apps/workbench/config/routes.rb
index 0981d2e..5525662 100644
--- a/apps/workbench/config/routes.rb
+++ b/apps/workbench/config/routes.rb
@@ -23,6 +23,7 @@ ArvadosWorkbench::Application.routes.draw do
get 'welcome', :on => :collection
get 'activity', :on => :collection
post 'sudo', :on => :member
+ get 'unsetup', :on => :member
end
resources :logs
resources :factory_jobs
commit 31c6426b70e2b277087188dad2b9b346c904f30b
Author: radhika chippada <radhika at radhika.curoverse>
Date: Thu Mar 27 10:10:00 2014 -0400
Expose user unsetup method from the API server. Added functional tests.
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 5fc8273..a7fa631 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -1,8 +1,8 @@
class Arvados::V1::UsersController < ApplicationController
skip_before_filter :find_object_by_uuid, only:
- [:activate, :event_stream, :current, :system, :setup]
+ [:activate, :event_stream, :current, :system, :setup, :unsetup]
skip_before_filter :render_404_if_no_object, only:
- [:activate, :event_stream, :current, :system, :setup]
+ [:activate, :event_stream, :current, :system, :setup, :unsetup]
def current
@object = current_user
@@ -132,4 +132,20 @@ class Arvados::V1::UsersController < ApplicationController
render json: { kind: "arvados#HashList", items: @response }
end
+ # delete user agreements, vm, repository, login links; set state to inactive
+ def unsetup
+ if current_user.andand.is_admin && params[:uuid]
+ @object = User.find_by_uuid params[:uuid]
+ else
+ @object = current_user
+ end
+
+ if !@object
+ return render_404_if_no_object
+ end
+
+ @object = @object.unsetup
+ show
+ end
+
end
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 563bb07..b86ac6c 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -145,6 +145,50 @@ class User < ArvadosModel
return [repo_perm, vm_login_perm, group_perm, self].compact
end
+ # delete user signatures, login, repo, and vm perms, and mark as inactive
+ def unsetup
+ # delete oid_login_perms for this user
+ oid_login_perms = Link.where(tail_uuid: self.email,
+ head_kind: 'arvados#user',
+ link_class: 'permission',
+ name: 'can_login')
+ oid_login_perms.each do |perm|
+ Link.delete perm
+ end
+
+ # delete repo_perms for this user
+ repo_perms = Link.where(tail_uuid: self.uuid,
+ head_kind: 'arvados#repository',
+ link_class: 'permission',
+ name: 'can_write')
+ repo_perms.each do |perm|
+ Link.delete perm
+ end
+
+ # delete vm_login_perms for this user
+ vm_login_perms = Link.where(tail_uuid: self.uuid,
+ head_kind: 'arvados#virtualMachine',
+ link_class: 'permission',
+ name: 'can_login')
+ vm_login_perms.each do |perm|
+ Link.delete perm
+ end
+
+ # delete any signatures by this user
+ signed_uuids = Link.where(link_class: 'signature',
+ tail_kind: 'arvados#user',
+ tail_uuid: self.uuid)
+ signed_uuids.each do |sign|
+ Link.delete sign
+ end
+
+ # mark the user as inactive
+ self.is_active = false
+ self.save!
+
+ return self
+ end
+
protected
def permission_to_update
diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index 2b92a7b..4bc5de8 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -90,6 +90,7 @@ Server::Application.routes.draw do
match '/users/:uuid/event_stream' => 'users#event_stream'
post '/users/:uuid/activate' => 'users#activate'
post '/users/setup' => 'users#setup'
+ post '/users/:uuid/unsetup' => 'users#unsetup'
match '/virtual_machines/get_all_logins' => 'virtual_machines#get_all_logins'
match '/virtual_machines/:uuid/logins' => 'virtual_machines#logins'
post '/api_client_authorizations/create_system_auth' => 'api_client_authorizations#create_system_auth'
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index f4ee0b6..7085d47 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -546,7 +546,6 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
}
assert_response :success
-
response_items = JSON.parse(@response.body)['items']
created = find_obj_in_resp response_items, 'User', nil
@@ -622,6 +621,76 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
@vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
end
+ test "setup and unsetup user" do
+ authorize_with :admin
+
+ post :setup, {
+ repo_name: 'test_repo',
+ vm_uuid: @vm_uuid,
+ user: {email: 'foo at example.com'},
+ openid_prefix: 'https://www.google.com/accounts/o8/id'
+ }
+
+ assert_response :success
+ response_items = JSON.parse(@response.body)['items']
+ created = find_obj_in_resp response_items, 'User', nil
+ assert_not_nil created['uuid'], 'expected uuid for the new user'
+ assert_equal created['email'], 'foo at example.com', 'expected given email'
+
+ # 4 extra links: login, group, repo and vm
+ verify_num_links @all_links_at_start, 4
+
+ verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+ created['uuid'], created['email'], 'arvados#user', false, 'User'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#repository', true, 'permission', 'can_write',
+ 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
+ @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ verify_link_existence created['uuid'], created['email'], true, true, true, false
+
+ # now unsetup this user
+ post :unsetup, uuid: created['uuid']
+ assert_response :success
+
+ created2 = JSON.parse(@response.body)
+ assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
+ assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
+
+ verify_link_existence created['uuid'], created['email'], false, false, false, false
+ end
+
+ test "unsetup active user" do
+ authorize_with :active
+ get :current
+ assert_response :success
+ active_user = JSON.parse(@response.body)
+ assert_not_nil active_user['uuid'], 'expected uuid for the active user'
+ assert active_user['is_active'], 'expected is_active for active user'
+
+ verify_link_existence active_user['uuid'], active_user['email'],
+ false, false, false, true
+
+ authorize_with :admin
+
+ # now unsetup this user
+ post :unsetup, uuid: active_user['uuid']
+ assert_response :success
+
+ response_user = JSON.parse(@response.body)
+ assert_not_nil response_user['uuid'], 'expected uuid for the upsetup user'
+ assert_equal active_user['uuid'], response_user['uuid'], 'expected uuid not found'
+ assert !response_user['is_active'], 'expected user to be inactive'
+
+ verify_link_existence response_user['uuid'], response_user['email'],
+ false, false, false, false
+ end
+
def verify_num_links (original_links, expected_additional_links)
links_now = Link.all
assert_equal original_links.size+expected_additional_links, Link.all.size,
@@ -683,4 +752,48 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
"did not find expected head_uuid for #{link_object_name}"
end
+ def verify_link_existence uuid, email, expect_oid_login_perms,
+ expect_repo_perms, expect_vm_perms, expect_signatures
+ # verify that all links are deleted for the user
+ oid_login_perms = Link.where(tail_uuid: email,
+ head_kind: 'arvados#user',
+ link_class: 'permission',
+ name: 'can_login')
+ if expect_oid_login_perms
+ assert oid_login_perms.any?, "expected oid_login_perms"
+ else
+ assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
+ end
+
+ repo_perms = Link.where(tail_uuid: uuid,
+ head_kind: 'arvados#repository',
+ link_class: 'permission',
+ name: 'can_write')
+ if expect_repo_perms
+ assert repo_perms.any?, "expected repo_perms"
+ else
+ assert !repo_perms.any?, "expected all repo_perms deleted"
+ end
+
+ vm_login_perms = Link.where(tail_uuid: uuid,
+ head_kind: 'arvados#virtualMachine',
+ link_class: 'permission',
+ name: 'can_login')
+ if expect_vm_perms
+ assert vm_login_perms.any?, "expected vm_login_perms"
+ else
+ assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
+ end
+
+ signed_uuids = Link.where(link_class: 'signature',
+ tail_kind: 'arvados#user',
+ tail_uuid: uuid)
+
+ if expect_signatures
+ assert signed_uuids.any?, "expected singnatures"
+ else
+ assert !signed_uuids.any?, "expected all singnatures deleted"
+ end
+
+ end
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list