[ARVADOS] updated: 2832018a959557515bfad1f763bf8d4b72182fd6

git at public.curoverse.com git at public.curoverse.com
Tue Sep 23 16:33:30 EDT 2014 

Summary of changes:
 apps/workbench/app/controllers/users_controller.rb | 22 ++++++++++++----------
 .../app/views/users/_manage_repositories.html.erb  |  5 +++--
 .../test/functional/users_controller_test.rb       | 11 +++++++++++
 services/api/test/fixtures/links.yml               | 14 ++++++++++++++
 services/api/test/fixtures/repositories.yml        |  5 +++++
 services/api/test/unit/permission_test.rb          | 13 +++++++++++++
 6 files changed, 58 insertions(+), 12 deletions(-)

       via  2832018a959557515bfad1f763bf8d4b72182fd6 (commit)
      from  1513d62bc0716698b71789f7affbf78e675cbff8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 2832018a959557515bfad1f763bf8d4b72182fd6
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Sep 23 16:32:57 2014 -0400

    3960: Fix readonly/writable flag on repo list. Add tests.

diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb
index 27f13b7..86e9823 100644
--- a/apps/workbench/app/controllers/users_controller.rb
+++ b/apps/workbench/app/controllers/users_controller.rb
@@ -236,16 +236,18 @@ class UsersController < ApplicationController
 
   def manage_account
     # repositories current user can read / write
-    repo_links = []
-    Link.filter([['head_uuid', 'is_a', 'arvados#repository'],
-                 ['tail_uuid', '=', current_user.uuid],
-                 ['link_class', '=', 'permission'],
-                 ['name', 'in', ['can_write', 'can_read']],
-               ]).
-          each do |perm_link|
-            repo_links << perm_link[:head_uuid]
-          end
-    @my_repositories = Repository.where(uuid: repo_links)
+    repo_links = Link.
+      filter([['head_uuid', 'is_a', 'arvados#repository'],
+              ['tail_uuid', '=', current_user.uuid],
+              ['link_class', '=', 'permission'],
+             ])
+    @my_repositories = Repository.where uuid: repo_links.collect(&:head_uuid)
+    @repo_writable = {}
+    repo_links.each do |link|
+      if link.name.in? ['can_write', 'can_manage']
+        @repo_writable[link.head_uuid] = true
+      end
+    end
 
     # virtual machines the current user can login into
     @my_vm_logins = {}
diff --git a/apps/workbench/app/views/users/_manage_repositories.html.erb b/apps/workbench/app/views/users/_manage_repositories.html.erb
index 4f22ae9..d20498f 100644
--- a/apps/workbench/app/views/users/_manage_repositories.html.erb
+++ b/apps/workbench/app/views/users/_manage_repositories.html.erb
@@ -22,15 +22,16 @@
       </thead>
       <tbody>
         <% @my_repositories.andand.each do |repo| %>
+          <% writable = @repo_writable[repo.uuid] %>
           <tr>
             <td style="word-break:break-all;">
               <%= repo[:name] %>
             </td>
             <td>
-              <%= repo[:push_url] ? 'writable' : 'read-only' %>
+              <%= writable ? 'writable' : 'read-only' %>
             </td>
             <td style="word-break:break-all;">
-              <code><%= repo[:fetch_url] %></code>
+              <code><%= writable ? repo[:push_url] : repo[:fetch_url] %></code>
             </td>
           </tr>
         <% end %>
diff --git a/apps/workbench/test/functional/users_controller_test.rb b/apps/workbench/test/functional/users_controller_test.rb
index e8ee10f..a734391 100644
--- a/apps/workbench/test/functional/users_controller_test.rb
+++ b/apps/workbench/test/functional/users_controller_test.rb
@@ -29,4 +29,15 @@ class UsersControllerTest < ActionController::TestCase
     assert_response :redirect
     assert_match /\/users\/welcome/, @response.redirect_url
   end
+
+  test "show repositories with read, write, or manage permission" do
+    get :manage_account, {}, session_for(:active)
+    assert_response :success
+    repos = assigns(:my_repositories)
+    assert repos
+    assert_not_empty repos, "my_repositories should not be empty"
+    editables = repos.collect { |r| !!assigns(:repo_writable)[r.uuid] }
+    assert_includes editables, true, "should have a writable repository"
+    assert_includes editables, false, "should have a readonly repository"
+  end
 end
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 28dbf01..07aaf3a 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -264,6 +264,20 @@ foo_repository_manageable_by_active:
   head_uuid: zzzzz-s0uqq-382brsig8rp3666
   properties: {}
 
+repository3_readable_by_active:
+  uuid: zzzzz-o0j2j-43iem9bdtefa76g
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-09-23 13:52:46 -0400
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-09-23 13:52:46 -0400
+  updated_at: 2014-09-23 13:52:46 -0400
+  tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  link_class: permission
+  name: can_read
+  head_uuid: zzzzz-s0uqq-38orljkqpyo1j61
+  properties: {}
+
 miniadmin_user_is_a_testusergroup_admin:
   uuid: zzzzz-o0j2j-38vvkciz7qc12j9
   owner_uuid: zzzzz-tpzed-000000000000000
diff --git a/services/api/test/fixtures/repositories.yml b/services/api/test/fixtures/repositories.yml
index d32152d..e173bf5 100644
--- a/services/api/test/fixtures/repositories.yml
+++ b/services/api/test/fixtures/repositories.yml
@@ -13,6 +13,11 @@ repository2:
   owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz # active user
   name: foo2
 
+repository3:
+  uuid: zzzzz-s0uqq-38orljkqpyo1j61
+  owner_uuid: zzzzz-tpzed-d9tiejq69daie8f # admin user
+  name: foo3
+
 auto_setup_repository:
   uuid: zzzzz-s0uqq-382brabc8rp3667
   owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz # active user
diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index c1b8943..20cffda 100644
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -354,4 +354,17 @@ class PermissionTest < ActiveSupport::TestCase
     end
   end
 
+  test "active user cannot write admin's repo" do
+    set_user_from_auth :active
+    assert_raises ArvadosModel::PermissionDeniedError, "pwned" do
+      repositories(:repository3).update_attributes(name: "kilroy")
+    end
+  end
+
+  test "active user cannot change repo name via can_manage permission" do
+    set_user_from_auth :active
+    assert_raises ArvadosModel::PermissionDeniedError, "pwned" do
+      repositories(:foo).update_attributes(name: "arvados")
+    end
+  end
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list