[ARVADOS] updated: 988726079e8e2f8ce4b49115c10a8a1d22040972

git at public.curoverse.com git at public.curoverse.com
Sat May 3 21:25:09 EDT 2014


Summary of changes:
 services/api/app/models/link.rb           |    2 +-
 services/api/test/test_helper.rb          |   11 +++++++----
 services/api/test/unit/log_test.rb        |    7 -------
 services/api/test/unit/permission_test.rb |   17 +++++++++++++++++
 4 files changed, 25 insertions(+), 12 deletions(-)
 create mode 100644 services/api/test/unit/permission_test.rb

       via  988726079e8e2f8ce4b49115c10a8a1d22040972 (commit)
      from  6c8ba53502c29dc9174291c04f3c7bc84777f9cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 988726079e8e2f8ce4b49115c10a8a1d22040972
Author: Tom Clegg <tom at curoverse.com>
Date:   Sat May 3 21:22:17 2014 -0400

    Fix crashing "grant access to my own object" permission check.

diff --git a/services/api/app/models/link.rb b/services/api/app/models/link.rb
index 26e7183..787088d 100644
--- a/services/api/app/models/link.rb
+++ b/services/api/app/models/link.rb
@@ -51,7 +51,7 @@ class Link < ArvadosModel
 
     # All users can grant permissions on objects they own
     head_obj = self.class.
-      kind_class(self.head_uuid).
+      resource_class_for_uuid(self.head_uuid).
       where('uuid=?',head_uuid).
       first
     if head_obj
diff --git a/services/api/test/test_helper.rb b/services/api/test/test_helper.rb
index 1bd1b51..e1738c3 100644
--- a/services/api/test/test_helper.rb
+++ b/services/api/test/test_helper.rb
@@ -17,10 +17,6 @@ module ArvadosTestSupport
 end
 
 class ActiveSupport::TestCase
-  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
-  #
-  # Note: You'll currently still have to declare fixtures explicitly in integration tests
-  # -- they do not yet inherit this setting
   fixtures :all
 
   include ArvadosTestSupport
@@ -33,6 +29,13 @@ class ActiveSupport::TestCase
     Thread.current[:user] = nil
   end
 
+  def set_user_from_auth(auth_name)
+    client_auth = api_client_authorizations(auth_name)
+    Thread.current[:api_client_authorization] = client_auth
+    Thread.current[:api_client] = client_auth.api_client
+    Thread.current[:user] = client_auth.user
+  end
+
   def expect_json
     self.request.headers["Accept"] = "text/json"
   end
diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index be8498d..4fc273b 100644
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -65,13 +65,6 @@ class LogTest < ActiveSupport::TestCase
     end
   end
 
-  def set_user_from_auth(auth_name)
-    client_auth = api_client_authorizations(auth_name)
-    Thread.current[:api_client_authorization] = client_auth
-    Thread.current[:api_client] = client_auth.api_client
-    Thread.current[:user] = client_auth.user
-  end
-
   test "creating a user makes a log" do
     set_user_from_auth :admin_trustedclient
     u = User.new(first_name: "Log", last_name: "Test")
diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
new file mode 100644
index 0000000..c8e00bb
--- /dev/null
+++ b/services/api/test/unit/permission_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class PermissionTest < ActiveSupport::TestCase
+  test "Grant permissions on an object I own" do
+    set_user_from_auth :active_trustedclient
+
+    ob = Specimen.create
+    assert ob.save
+
+    # Ensure I have permission to manage this group even when its owner changes
+    perm_link = Link.create(tail_uuid: users(:active).uuid,
+                            head_uuid: ob.uuid,
+                            link_class: 'permission',
+                            name: 'can_manage')
+    assert perm_link.save, "should give myself permission on my own object"
+  end
+end

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list