[ARVADOS] updated: 5da718633e3663073a624db78274cd69e5dfe6e0

git at public.curoverse.com git at public.curoverse.com
Mon May 19 12:22:17 EDT 2014


Summary of changes:
 services/api/lib/has_uuid.rb                 |  5 +++-
 services/api/test/unit/arvados_model_test.rb | 34 ++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 services/api/test/unit/arvados_model_test.rb

       via  5da718633e3663073a624db78274cd69e5dfe6e0 (commit)
      from  90744f405977dcfac40d5dea3dbe79391080b80d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5da718633e3663073a624db78274cd69e5dfe6e0
Author: Tom Clegg <tom at curoverse.com>
Date:   Mon May 19 12:21:56 2014 -0400

    Prevent admin from creating an object with empty string as UUID.

diff --git a/services/api/lib/has_uuid.rb b/services/api/lib/has_uuid.rb
index d9c8198..3bd330e 100644
--- a/services/api/lib/has_uuid.rb
+++ b/services/api/lib/has_uuid.rb
@@ -28,7 +28,10 @@ module HasUuid
 
   def assign_uuid
     return true if !self.respond_to_uuid?
-    return true if uuid and current_user and current_user.is_admin
+    if (uuid.is_a?(String) and uuid.length>0 and
+        current_user and current_user.is_admin)
+      return true
+    end
     self.uuid = self.class.generate_uuid
   end
 
diff --git a/services/api/test/unit/arvados_model_test.rb b/services/api/test/unit/arvados_model_test.rb
new file mode 100644
index 0000000..e9e872f
--- /dev/null
+++ b/services/api/test/unit/arvados_model_test.rb
@@ -0,0 +1,34 @@
+require 'test_helper'
+
+class ArvadosModelTest < ActiveSupport::TestCase
+  fixtures :all
+
+  def create_with_attrs attrs
+    a = Specimen.create({material: 'caloric'}.merge(attrs))
+    a if a.valid?
+  end
+
+  test 'non-admin cannot assign uuid' do
+    set_user_from_auth :active_trustedclient
+    want_uuid = Specimen.generate_uuid
+    a = create_with_attrs(uuid: want_uuid)
+    assert_not_equal want_uuid, a.uuid, "Non-admin should not assign uuid."
+    assert a.uuid.length==27, "Auto assigned uuid length is wrong."
+  end
+
+  test 'admin can assign valid uuid' do
+    set_user_from_auth :admin_trustedclient
+    want_uuid = Specimen.generate_uuid
+    a = create_with_attrs(uuid: want_uuid)
+    assert_equal want_uuid, a.uuid, "Admin should assign valid uuid."
+    assert a.uuid.length==27, "Auto assigned uuid length is wrong."
+  end
+
+  test 'admin cannot assign empty uuid' do
+    set_user_from_auth :admin_trustedclient
+    a = create_with_attrs(uuid: "")
+    assert_not_equal "", a.uuid, "Admin should not assign empty uuid."
+    assert a.uuid.length==27, "Auto assigned uuid length is wrong."
+  end
+
+end

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list