[ARVADOS] updated: 35145ba13db4a7db0e4ed9c37ef4cc41569b8821
Git user
git at public.curoverse.com
Mon Aug 29 23:30:29 EDT 2016
Summary of changes:
apps/workbench/test/integration/websockets_test.rb | 176 +++++++++------------
sdk/cwl/tests/test_submit.py | 10 +-
sdk/python/arvados/arvfile.py | 13 +-
sdk/python/arvados/collection.py | 36 ++++-
sdk/python/tests/test_arvfile.py | 31 ++--
sdk/python/tests/test_collections.py | 42 +++++
services/api/app/models/log.rb | 1 +
7 files changed, 187 insertions(+), 122 deletions(-)
discards a3cda5ea4f4b7822eb4be95f82937e17b37bd366 (commit)
discards c8fd30d6353b88061deee66516515bbdc7f8652d (commit)
discards c623dcdbc673cdb08bcc1460f0450a17bf412f69 (commit)
discards 59a0fd6d150b06b64263052fc0a8ded14ea8f287 (commit)
discards f7138c7c158383f35f54ec9cef0cb2ab580f75ea (commit)
discards fbb6cc64c687a92ef3598c2cce9ef7a2d54e777f (commit)
discards c668c6b1204c4a388f6250c8ecc71679ae984145 (commit)
discards f06b652091ba857dc844c63fc55745d2117c2577 (commit)
discards 0574ef526196c291dc7dd9f9c8a6d6ac31008126 (commit)
discards 845c28dcd5b6bf60875af12037887e7d7f1838ab (commit)
discards 5664fc03a410be5abad40afbcb27450719499950 (commit)
discards ca8cd8c34d7feea9a81c4baca470f2fe0d6a1853 (commit)
via 35145ba13db4a7db0e4ed9c37ef4cc41569b8821 (commit)
via f781ecb0151d9200107c3a37b9e2922d486ac2b9 (commit)
via e93a93410ab375602dec81827d7020dbdc8e6c55 (commit)
via 99a4c1a02a23d3fbf809fb0b686b12b648f5b96e (commit)
via 3c85d746e3f7f0ef1af6a0380e42c7adbadd2618 (commit)
via 2bd7d60ffc5f21bca981ffd2e7698402f3935653 (commit)
via c65b67ceeaea069eb37a57cefadf0ab71795df26 (commit)
via 238090391a898a698ee0d5ef89c295e8e4c84570 (commit)
via 4fc5864e97750decf4eb90e5fedb3e4f1733651a (commit)
via bdab775e99fbdb4cc4d2903d83be3878829e9193 (commit)
via 696c59aac3835675d7fe411c0850d3223e8db538 (commit)
via 712cb4bf514215f38b796a54d1fc72cb3a70d207 (commit)
via a502437e2c0833b0fde616e2f8f0e87f4686b953 (commit)
via a4cbf619dba93de29140ddc1ead992e88bd28b3a (commit)
via 9b98829c565a2aa487d21ecd7f9429c23d0cec20 (commit)
via 63f93d45b8e96c709906fbb242ad7078f1f66968 (commit)
via b02e3cf1ccf3c9f50252c416b84932377270ddab (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (a3cda5ea4f4b7822eb4be95f82937e17b37bd366)
\
N -- N -- N (35145ba13db4a7db0e4ed9c37ef4cc41569b8821)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 35145ba13db4a7db0e4ed9c37ef4cc41569b8821
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Aug 29 23:29:57 2016 -0400
9799: Use more realistic log entries in Workbench live-logging tests. Remove redundant test.
diff --git a/apps/workbench/test/integration/websockets_test.rb b/apps/workbench/test/integration/websockets_test.rb
index e302a39..3cfd792 100644
--- a/apps/workbench/test/integration/websockets_test.rb
+++ b/apps/workbench/test/integration/websockets_test.rb
@@ -3,6 +3,13 @@ require 'integration_helper'
class WebsocketTest < ActionDispatch::IntegrationTest
setup do
need_selenium "to make websockets work"
+ @dispatch_client = ArvadosApiClient.new
+ end
+
+ def dispatch_log body
+ use_token :dispatch1 do
+ @dispatch_client.api('logs', '', log: body)
+ end
end
test "test page" do
@@ -12,58 +19,39 @@ class WebsocketTest < ActionDispatch::IntegrationTest
assert_text '"status":400'
end
- test "test live logging" do
- visit(page_with_token("active", "/pipeline_instances/zzzzz-d1hrv-9fm8l10i9z2kqc6"))
- click_link("Log")
- assert_no_text '123 hello'
-
- api = ArvadosApiClient.new
-
- use_token :active
- api.api("logs", "", {log: {
- object_uuid: "zzzzz-d1hrv-9fm8l10i9z2kqc6",
- event_type: "stderr",
- properties: {"text" => "123 hello"}}})
- assert_text '123 hello'
- end
-
[
- ["pipeline_instances", api_fixture("pipeline_instances")['pipeline_with_newer_template']['uuid']],
- ["jobs", api_fixture("jobs")['running']['uuid']],
- ["containers", api_fixture("containers")['running']['uuid']],
- ["container_requests", api_fixture("container_requests")['running']['uuid'], api_fixture("containers")['running']['uuid']],
- ].each do |controller, uuid, log_uuid|
- log_uuid = log_uuid || uuid
+ ['pipeline_instances', 'pipeline_in_running_state', api_fixture('jobs')['running']],
+ ['jobs', 'running'],
+ ['containers', 'running'],
+ ['container_requests', 'running', api_fixture('containers')['running']],
+ ].each do |controller, view_fixture_name, log_target_fixture|
+ view_fixture = api_fixture(controller)[view_fixture_name]
+ log_target_fixture ||= view_fixture
- test "test live logging scrolling for #{controller}" do
+ test "test live logging and scrolling for #{controller}" do
- visit(page_with_token("active", "/#{controller}/#{uuid}"))
- click_link("Log")
+ visit(page_with_token("active", "/#{controller}/#{view_fixture['uuid']}\#Log"))
assert_no_text '123 hello'
- api = ArvadosApiClient.new
-
text = ""
(1..1000).each do |i|
text << "#{i} hello\n"
end
- use_token :dispatch1 do
- api.api("logs", "", {log: {
- object_uuid: log_uuid,
- event_type: "stderr",
- properties: {"text" => text}}})
- end
+ dispatch_log(owner_uuid: log_target_fixture['owner_uuid'],
+ object_uuid: log_target_fixture['uuid'],
+ event_type: "stderr",
+ properties: {"text" => text})
assert_text '1000 hello'
# First test that when we're already at the bottom of the page, it scrolls down
# when a new line is added.
old_top = page.evaluate_script("$('#event_log_div').scrollTop()")
- api.api("logs", "", {log: {
- object_uuid: log_uuid,
- event_type: "stderr",
- properties: {"text" => "1001 hello\n"}}})
+ dispatch_log(owner_uuid: log_target_fixture['owner_uuid'],
+ object_uuid: log_target_fixture['uuid'],
+ event_type: "dispatch",
+ properties: {"text" => "1001 hello\n"})
assert_text '1001 hello'
# Check that new value of scrollTop is greater than the old one
@@ -74,10 +62,10 @@ class WebsocketTest < ActionDispatch::IntegrationTest
page.execute_script "$('#event_log_div').scrollTop(30)"
assert_equal 30, page.evaluate_script("$('#event_log_div').scrollTop()")
- api.api("logs", "", {log: {
- object_uuid: log_uuid,
- event_type: "stderr",
- properties: {"text" => "1002 hello\n"}}})
+ dispatch_log(owner_uuid: log_target_fixture['owner_uuid'],
+ object_uuid: log_target_fixture['uuid'],
+ event_type: "stdout",
+ properties: {"text" => "1002 hello\n"})
assert_text '1002 hello'
# Check that we haven't changed scroll position
@@ -86,17 +74,16 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "pipeline instance arv-refresh-on-log-event" do
- use_token :active
# Do something and check that the pane reloads.
- p = PipelineInstance.create({state: "RunningOnServer",
- components: {
- c1: {
- script: "test_hash.py",
- script_version: "1de84a854e2b440dc53bf42f8548afa4c17da332"
- }
- }
- })
-
+ p = use_token :active do
+ PipelineInstance.create(state: "RunningOnServer",
+ components: {
+ c1: {
+ script: "test_hash.py",
+ script_version: "1de84a854e2b440dc53bf42f8548afa4c17da332"
+ }
+ })
+ end
visit(page_with_token("active", "/pipeline_instances/#{p.uuid}"))
assert_text 'Active'
@@ -104,9 +91,8 @@ class WebsocketTest < ActionDispatch::IntegrationTest
assert_no_text 'Complete'
assert page.has_no_link? 'Re-run with latest'
- use_token :admin do
- p.state = "Complete"
- p.save!
+ use_token :dispatch1 do
+ p.update_attributes!(state: 'Complete')
end
assert_no_text 'Active'
@@ -116,18 +102,15 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "job arv-refresh-on-log-event" do
- use_token :active
# Do something and check that the pane reloads.
- p = Job.where(uuid: api_fixture('jobs')['running_will_be_completed']['uuid']).results.first
-
- visit(page_with_token("active", "/jobs/#{p.uuid}"))
+ uuid = api_fixture('jobs')['running_will_be_completed']['uuid']
+ visit(page_with_token("active", "/jobs/#{uuid}"))
assert_no_text 'complete'
assert_no_text 'Re-run job'
- use_token :admin do
- p.state = "Complete"
- p.save!
+ use_token :dispatch1 do
+ Job.find(uuid).update_attributes!(state: 'Complete')
end
assert_text 'complete'
@@ -135,18 +118,18 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "dashboard arv-refresh-on-log-event" do
- use_token :active
-
visit(page_with_token("active", "/"))
assert_no_text 'test dashboard arv-refresh-on-log-event'
# Do something and check that the pane reloads.
- p = PipelineInstance.create({state: "RunningOnServer",
- name: "test dashboard arv-refresh-on-log-event",
- components: {
- }
- })
+ use_token :active do
+ p = PipelineInstance.create({state: "RunningOnServer",
+ name: "test dashboard arv-refresh-on-log-event",
+ components: {
+ }
+ })
+ end
assert_text 'test dashboard arv-refresh-on-log-event'
end
@@ -182,13 +165,10 @@ class WebsocketTest < ActionDispatch::IntegrationTest
text = "2014-11-07_23:33:51 #{uuid} 31708 1 stderr crunchstat: cpu 1970.8200 user 60.2700 sys 8 cpus -- interval 10.0002 seconds 35.3900 user 0.8600 sys"
assert_triggers_dom_event 'arv-log-event' do
- use_token :active do
- api = ArvadosApiClient.new
- api.api("logs", "", {log: {
- object_uuid: uuid,
- event_type: "stderr",
- properties: {"text" => text}}})
- end
+ dispatch_log(owner_uuid: api_fixture('jobs')['running']['owner_uuid'],
+ object_uuid: uuid,
+ event_type: "stderr",
+ properties: {"text" => text})
end
# Graph should have appeared (even if it hadn't above). It's
@@ -220,17 +200,14 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "test running job with just a few previous log records" do
- use_token :active
- job = Job.where(uuid: api_fixture("jobs")['running']['uuid']).results.first
- visit page_with_token("active", "/jobs/#{job.uuid}")
-
- api = ArvadosApiClient.new
+ job = api_fixture("jobs")['running']
+ visit page_with_token("active", "/jobs/#{job['uuid']}")
# Create just one old log record
- api.api("logs", "", {log: {
- object_uuid: job.uuid,
- event_type: "stderr",
- properties: {"text" => "Historic log message"}}})
+ dispatch_log(owner_uuid: job['owner_uuid'],
+ object_uuid: job['uuid'],
+ event_type: "stderr",
+ properties: {"text" => "Historic log message"})
click_link("Log")
@@ -239,29 +216,25 @@ class WebsocketTest < ActionDispatch::IntegrationTest
assert_text 'Historic log message'
# Create new log record and expect it to show up in log tab
- api.api("logs", "", {log: {
- object_uuid: job.uuid,
- event_type: "stderr",
- properties: {"text" => "Log message after subscription"}}})
+ dispatch_log(owner_uuid: job['owner_uuid'],
+ object_uuid: job['uuid'],
+ event_type: "stderr",
+ properties: {"text" => "Log message after subscription"})
assert_text 'Log message after subscription'
end
test "test running job with too many previous log records" do
Rails.configuration.running_job_log_records_to_fetch = 5
- use_token :active
- job = Job.where(uuid: api_fixture("jobs")['running']['uuid']).results.first
-
- visit page_with_token("active", "/jobs/#{job.uuid}")
-
- api = ArvadosApiClient.new
+ job = api_fixture("jobs")['running']
+ visit page_with_token("active", "/jobs/#{job['uuid']}")
# Create Rails.configuration.running_job_log_records_to_fetch + 1 log records
(0..Rails.configuration.running_job_log_records_to_fetch).each do |count|
- api.api("logs", "", {log: {
- object_uuid: job.uuid,
- event_type: "stderr",
- properties: {"text" => "Old log message #{count}"}}})
+ dispatch_log(owner_uuid: job['owner_uuid'],
+ object_uuid: job['uuid'],
+ event_type: "stderr",
+ properties: {"text" => "Old log message #{count}"})
end
# Go to log tab, which results in subscribing to websockets
@@ -275,10 +248,11 @@ class WebsocketTest < ActionDispatch::IntegrationTest
assert_no_text 'Old log message 0'
# Create one more log record after subscription
- api.api("logs", "", {log: {
- object_uuid: job.uuid,
- event_type: "stderr",
- properties: {"text" => "Life goes on!"}}})
+ dispatch_log(owner_uuid: job['owner_uuid'],
+ object_uuid: job['uuid'],
+ event_type: "stderr",
+ properties: {"text" => "Life goes on!"})
+
# Expect it to show up in log tab
assert_text 'Life goes on!'
end
commit f781ecb0151d9200107c3a37b9e2922d486ac2b9
Author: Tom Clegg <tom at curoverse.com>
Date: Sat Aug 27 23:31:37 2016 -0400
9799: Add missing container request, so container fixture is visible to test user.
diff --git a/services/api/test/fixtures/container_requests.yml b/services/api/test/fixtures/container_requests.yml
index a2660b7..8130d69 100644
--- a/services/api/test/fixtures/container_requests.yml
+++ b/services/api/test/fixtures/container_requests.yml
@@ -93,6 +93,25 @@ completed-older:
vcpus: 1
ram: 123
+requester:
+ uuid: zzzzz-xvhdp-9zacv3o1xw6sxz5
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ name: requester
+ state: Committed
+ priority: 1
+ created_at: 2016-01-11 11:11:11.111111111 Z
+ updated_at: 2016-01-11 11:11:11.111111111 Z
+ modified_at: 2016-01-11 11:11:11.111111111 Z
+ modified_by_user_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ container_image: test
+ cwd: /
+ output_path: /output
+ command: ["request-another-container", "echo", "hello"]
+ container_uuid: zzzzz-dz642-requestingcntnr
+ runtime_constraints:
+ vcpus: 1
+ ram: 123
+
cr_for_requester:
uuid: zzzzz-xvhdp-cr4requestercnt
owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
commit e93a93410ab375602dec81827d7020dbdc8e6c55
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 23:34:14 2016 -0400
9799: Clean up permission code and comments.
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index a001677..b5ffe98 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -185,44 +185,42 @@ class ArvadosModel < ActiveRecord::Base
return self
end
- # Collect the uuids for each user and any groups readable by each user.
+ # Collect the UUIDs of the authorized users.
user_uuids = users_list.map { |u| u.uuid }
+
+ # Collect the UUIDs of all groups readable by any of the
+ # authorized users. If one of these (or the UUID of one of the
+ # authorized users themselves) is an object's owner_uuid, that
+ # object is readable.
owner_uuids = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+
sql_conds = []
sql_table = kwargs.fetch(:table_name, table_name)
- or_object_uuid = ''
-
- # This row is owned by a member of users_list, or owned by a group
- # readable by a member of users_list
- # or
- # This row uuid is the uuid of a member of users_list
- # or
- # A permission link exists ('write' and 'manage' implicitly include
- # 'read') from a member of users_list, or a group readable by users_list,
- # to this row, or to the owner of this row (see join() below).
+
+ # Match any object (evidently a group or user) whose UUID is
+ # listed explicitly in owner_uuids.
sql_conds += ["#{sql_table}.uuid in (:owner_uuids)"]
- if owner_uuids.any?
- permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:owner_uuids))"
- sql_conds += ["#{sql_table}.owner_uuid IN (:owner_uuids)",
- "#{sql_table}.uuid IN #{permitted}"]
- end
+ # Match any object whose owner is listed explicitly in
+ # owner_uuids.
+ sql_conds += ["#{sql_table}.owner_uuid IN (:owner_uuids)"]
+
+ # Match the head of any permission link whose tail is listed
+ # explicitly in owner_uuids.
+ sql_conds += ["#{sql_table}.uuid IN (SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:owner_uuids))"]
- if sql_table == "links" and user_uuids.any?
- # This row is a 'permission' or 'resources' link whose head or
- # tail _is_ the acting user.
- sql_conds += ["(#{sql_table}.link_class in (#{sanitize 'permission'}, #{sanitize 'resources'}) AND (#{sql_table}.head_uuid IN (:user_uuids) OR #{sql_table}.tail_uuid IN (:user_uuids)))"]
+ if sql_table == "links"
+ # Match any permission link that gives one of the authorized
+ # users some permission _or_ gives anyone else permission to
+ # view one of the authorized users.
+ sql_conds += ["(#{sql_table}.link_class in (:permission_link_classes) AND "+
+ "(#{sql_table}.head_uuid IN (:user_uuids) OR #{sql_table}.tail_uuid IN (:user_uuids)))"]
end
- # Link head points to this row, or to the owner of this row (the
- # thing to be read)
- #
- # Link tail originates from this user, or a group that is readable
- # by this user (the identity with authorization to read)
- #
- # Link class is 'permission' ('write' and 'manage' implicitly
- # include 'read')
- where(sql_conds.join(' OR '), owner_uuids: owner_uuids, user_uuids: user_uuids)
+ where(sql_conds.join(' OR '),
+ owner_uuids: owner_uuids,
+ user_uuids: user_uuids,
+ permission_link_classes: ['permission', 'resources'])
end
def logged_attributes
commit 99a4c1a02a23d3fbf809fb0b686b12b648f5b96e
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 23:16:15 2016 -0400
9799: Fix test order dependency.
diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb
index 723aa1b..e4db862 100644
--- a/services/api/test/integration/permissions_test.rb
+++ b/services/api/test/integration/permissions_test.rb
@@ -1,9 +1,14 @@
require 'test_helper'
class PermissionsTest < ActionDispatch::IntegrationTest
+ include DbCurrentTime
include CurrentApiClient # for empty_collection
fixtures :users, :groups, :api_client_authorizations, :collections
+ teardown do
+ User.invalidate_permissions_cache db_current_time.to_i
+ end
+
test "adding and removing direct can_read links" do
# try to read collection as spectator
get "/arvados/v1/collections/#{collections(:foo_file).uuid}", {:format => :json}, auth(:spectator)
commit 3c85d746e3f7f0ef1af6a0380e42c7adbadd2618
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 23:06:11 2016 -0400
9799: Remove redundant test.
diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb
index 44b5e6e..723aa1b 100644
--- a/services/api/test/integration/permissions_test.rb
+++ b/services/api/test/integration/permissions_test.rb
@@ -341,11 +341,6 @@ class PermissionsTest < ActionDispatch::IntegrationTest
assert_response 404
end
- test "get_permissions returns 404 for unreadable uuid" do
- get "/arvados/v1/permissions/#{groups(:public).uuid}", nil, auth(:active)
- assert_response 404
- end
-
test "get_permissions returns 403 if user can read but not manage" do
post "/arvados/v1/links", {
:link => {
commit 2bd7d60ffc5f21bca981ffd2e7698402f3935653
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Aug 29 23:11:34 2016 -0400
9799: Restore permission on Log entries via owner_uuid.
diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 5a58a55..5b3f544 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -65,6 +65,7 @@ class Log < ArvadosModel
"container_requests.uuid IN (:uuids) OR "+
"container_requests.owner_uuid IN (:uuids) OR "+
"logs.object_uuid IN (:uuids) OR "+
+ "logs.owner_uuid IN (:uuids) OR "+
"logs.object_owner_uuid IN (:uuids)",
uuids: uuid_list)
end
commit c65b67ceeaea069eb37a57cefadf0ab71795df26
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 23:06:01 2016 -0400
9799: Dry up SQL statements using named bind parameters.
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 012d99b..a001677 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -187,9 +187,8 @@ class ArvadosModel < ActiveRecord::Base
# Collect the uuids for each user and any groups readable by each user.
user_uuids = users_list.map { |u| u.uuid }
- uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+ owner_uuids = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
sql_conds = []
- sql_params = []
sql_table = kwargs.fetch(:table_name, table_name)
or_object_uuid = ''
@@ -201,25 +200,18 @@ class ArvadosModel < ActiveRecord::Base
# A permission link exists ('write' and 'manage' implicitly include
# 'read') from a member of users_list, or a group readable by users_list,
# to this row, or to the owner of this row (see join() below).
- sql_conds += ["#{sql_table}.uuid in (?)"]
- sql_params += [user_uuids]
+ sql_conds += ["#{sql_table}.uuid in (:owner_uuids)"]
- if uuid_list.any?
- sql_conds += ["#{sql_table}.owner_uuid in (?)"]
- sql_params += [uuid_list]
-
- sanitized_uuid_list = uuid_list.
- collect { |uuid| sanitize(uuid) }.join(', ')
- permitted_uuids = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (#{sanitized_uuid_list}))"
- sql_conds += ["#{sql_table}.uuid IN #{permitted_uuids}"]
+ if owner_uuids.any?
+ permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:owner_uuids))"
+ sql_conds += ["#{sql_table}.owner_uuid IN (:owner_uuids)",
+ "#{sql_table}.uuid IN #{permitted}"]
end
- if sql_table == "links" and users_list.any?
- # This row is a 'permission' or 'resources' link class
- # The uuid for a member of users_list is referenced in either the head
- # or tail of the link
- sql_conds += ["(#{sql_table}.link_class in (#{sanitize 'permission'}, #{sanitize 'resources'}) AND (#{sql_table}.head_uuid IN (?) OR #{sql_table}.tail_uuid IN (?)))"]
- sql_params += [user_uuids, user_uuids]
+ if sql_table == "links" and user_uuids.any?
+ # This row is a 'permission' or 'resources' link whose head or
+ # tail _is_ the acting user.
+ sql_conds += ["(#{sql_table}.link_class in (#{sanitize 'permission'}, #{sanitize 'resources'}) AND (#{sql_table}.head_uuid IN (:user_uuids) OR #{sql_table}.tail_uuid IN (:user_uuids)))"]
end
# Link head points to this row, or to the owner of this row (the
@@ -230,7 +222,7 @@ class ArvadosModel < ActiveRecord::Base
#
# Link class is 'permission' ('write' and 'manage' implicitly
# include 'read')
- where(sql_conds.join(' OR '), *sql_params)
+ where(sql_conds.join(' OR '), owner_uuids: owner_uuids, user_uuids: user_uuids)
end
def logged_attributes
diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb
index ae4d983..f73c8b7 100644
--- a/services/api/app/models/container.rb
+++ b/services/api/app/models/container.rb
@@ -82,9 +82,11 @@ class Container < ArvadosModel
end
user_uuids = users_list.map { |u| u.uuid }
uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
- permitted_uuids = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (?))"
- joins(:container_requests).where("container_requests.uuid IN #{permitted_uuids} OR container_requests.owner_uuid IN (?)",
- uuid_list, uuid_list)
+ permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
+ joins(:container_requests).
+ where("container_requests.uuid IN #{permitted} OR "+
+ "container_requests.owner_uuid IN (:uuids)",
+ uuids: uuid_list)
end
protected
diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 7a8b50a..5a58a55 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -59,10 +59,14 @@ class Log < ArvadosModel
end
user_uuids = users_list.map { |u| u.uuid }
uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
- permitted_uuids = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (?))"
+ permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
- where("logs.object_uuid IN #{permitted_uuids} OR container_requests.uuid IN (?) OR container_requests.owner_uuid IN (?) OR logs.object_uuid IN (?) OR logs.object_owner_uuid IN (?)",
- uuid_list, uuid_list, uuid_list, uuid_list, uuid_list)
+ where("logs.object_uuid IN #{permitted} OR "+
+ "container_requests.uuid IN (:uuids) OR "+
+ "container_requests.owner_uuid IN (:uuids) OR "+
+ "logs.object_uuid IN (:uuids) OR "+
+ "logs.object_owner_uuid IN (:uuids)",
+ uuids: uuid_list)
end
protected
commit 238090391a898a698ee0d5ef89c295e8e4c84570
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 21:46:10 2016 -0400
9799: Update test: "spectator" user is now allowed to read log entries about itself.
diff --git a/services/api/test/fixtures/logs.yml b/services/api/test/fixtures/logs.yml
index 9179e6d..2f45d69 100644
--- a/services/api/test/fixtures/logs.yml
+++ b/services/api/test/fixtures/logs.yml
@@ -1,7 +1,9 @@
-noop:
+noop: # nothing happened ...to the 'spectator' user
id: 1
uuid: zzzzz-xxxxx-pshmckwoma9plh7
+ owner_uuid: zzzzz-tpzed-000000000000000
object_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ object_owner_uuid: zzzzz-tpzed-000000000000000
event_at: <%= 1.minute.ago.to_s(:db) %>
admin_changes_repository2: # admin changes repository2, which is owned by active user
diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index fd71576..632271e 100644
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -253,7 +253,8 @@ class LogTest < ActiveSupport::TestCase
:crunchstat_for_running_job] # log & job owned by active
c = Log.readable_by(users(:spectator)).order("id asc").each.to_a
- assert_log_result c, known_logs, [:admin_changes_specimen, # owned by spectator
+ assert_log_result c, known_logs, [:noop, # object_uuid is spectator
+ :admin_changes_specimen, # object_uuid is a specimen owned by spectator
:system_adds_baz] # readable via 'all users' group
end
commit 4fc5864e97750decf4eb90e5fedb3e4f1733651a
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 21:45:17 2016 -0400
9799: Permit read access to containers via container requests. Move Log- and Container-specific permission queries to log.rb and container.rb.
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index c663d21..012d99b 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -222,15 +222,6 @@ class ArvadosModel < ActiveRecord::Base
sql_params += [user_uuids, user_uuids]
end
- if sql_table == "logs" and users_list.any?
- # Link head points to the object described by this row
- sql_conds += ["#{sql_table}.object_uuid IN #{permitted_uuids}"]
-
- # This object described by this row is owned by this user, or owned by a group readable by this user
- sql_conds += ["#{sql_table}.object_owner_uuid in (?)"]
- sql_params += [uuid_list]
- end
-
# Link head points to this row, or to the owner of this row (the
# thing to be read)
#
diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb
index 4c77008..ae4d983 100644
--- a/services/api/app/models/container.rb
+++ b/services/api/app/models/container.rb
@@ -76,6 +76,17 @@ class Container < ArvadosModel
end
end
+ def self.readable_by *users_list
+ if users_list.select { |u| u.is_admin }.any?
+ return self
+ end
+ user_uuids = users_list.map { |u| u.uuid }
+ uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+ permitted_uuids = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (?))"
+ joins(:container_requests).where("container_requests.uuid IN #{permitted_uuids} OR container_requests.owner_uuid IN (?)",
+ uuid_list, uuid_list)
+ end
+
protected
def fill_field_defaults
diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index b10a491..7a8b50a 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -53,6 +53,18 @@ class Log < ArvadosModel
self
end
+ def self.readable_by *users_list
+ if users_list.select { |u| u.is_admin }.any?
+ return self
+ end
+ user_uuids = users_list.map { |u| u.uuid }
+ uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+ permitted_uuids = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (?))"
+ joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
+ where("logs.object_uuid IN #{permitted_uuids} OR container_requests.uuid IN (?) OR container_requests.owner_uuid IN (?) OR logs.object_uuid IN (?) OR logs.object_owner_uuid IN (?)",
+ uuid_list, uuid_list, uuid_list, uuid_list, uuid_list)
+ end
+
protected
def permission_to_create
diff --git a/services/api/lib/eventbus.rb b/services/api/lib/eventbus.rb
index e7f2bb1..16bb030 100644
--- a/services/api/lib/eventbus.rb
+++ b/services/api/lib/eventbus.rb
@@ -143,7 +143,7 @@ class EventBus
#
# Note: find_each implies order('id asc'), which is what we
# want.
- logs.select(:id).find_each do |l|
+ logs.select('logs.id').find_each do |l|
if not ws.sent_ids.include?(l.id)
# only send if not a duplicate
ws.send(Log.find(l.id).as_api_response.to_json)
commit bdab775e99fbdb4cc4d2903d83be3878829e9193
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 21:03:57 2016 -0400
9799: Add tests for container permissions.
diff --git a/services/api/test/unit/container_request_test.rb b/services/api/test/unit/container_request_test.rb
index b0c55c1..a4b060b 100644
--- a/services/api/test/unit/container_request_test.rb
+++ b/services/api/test/unit/container_request_test.rb
@@ -389,4 +389,10 @@ class ContainerRequestTest < ActiveSupport::TestCase
end
end
end
+
+ test "requestor can retrieve container owned by dispatch" do
+ assert_not_empty Container.readable_by(users(:admin)).where(uuid: containers(:running).uuid)
+ assert_not_empty Container.readable_by(users(:active)).where(uuid: containers(:running).uuid)
+ assert_empty Container.readable_by(users(:spectator)).where(uuid: containers(:running).uuid)
+ end
end
commit 696c59aac3835675d7fe411c0850d3223e8db538
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 17:34:25 2016 -0400
9799: Add tests for container log permissions.
diff --git a/services/api/test/fixtures/container_requests.yml b/services/api/test/fixtures/container_requests.yml
index de41ff0..a2660b7 100644
--- a/services/api/test/fixtures/container_requests.yml
+++ b/services/api/test/fixtures/container_requests.yml
@@ -36,7 +36,7 @@ running:
vcpus: 1
ram: 123
-running-older:
+running_older:
uuid: zzzzz-xvhdp-cr4runningcntn2
owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
name: running
diff --git a/services/api/test/fixtures/containers.yml b/services/api/test/fixtures/containers.yml
index 4201d11..d1358fc 100644
--- a/services/api/test/fixtures/containers.yml
+++ b/services/api/test/fixtures/containers.yml
@@ -31,7 +31,7 @@ running:
vcpus: 4
auth_uuid: zzzzz-gj3su-077z32aux8dg2s1
-running-older:
+running_older:
uuid: zzzzz-dz642-runningcontain2
owner_uuid: zzzzz-tpzed-000000000000000
state: Running
diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index 4a6ddc6..5bc296a 100644
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -353,4 +353,27 @@ class PermissionTest < ActiveSupport::TestCase
ob.update_attributes!(owner_uuid: groups(:aproject).uuid)
end
end
+
+ def container_logs container, user
+ Log.readable_by(users(user)).
+ where(object_uuid: containers(container).uuid, event_type: "test")
+ end
+
+ test "container logs created by dispatch are visible to container requestor" do
+ set_user_from_auth :dispatch1
+ Log.create!(object_uuid: containers(:running).uuid,
+ event_type: "test")
+
+ assert_not_empty container_logs(:running, :admin)
+ assert_not_empty container_logs(:running, :active)
+ assert_empty container_logs(:running, :spectator)
+ end
+
+ test "container logs created by dispatch are public if container request is public" do
+ set_user_from_auth :dispatch1
+ Log.create!(object_uuid: containers(:running_older).uuid,
+ event_type: "test")
+
+ assert_not_empty container_logs(:running_older, :anonymous)
+ end
end
commit 712cb4bf514215f38b796a54d1fc72cb3a70d207
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 26 17:09:42 2016 -0400
9799: Fix container fixture owner_uuid attributes to look like real-life containers.
diff --git a/services/api/test/fixtures/containers.yml b/services/api/test/fixtures/containers.yml
index 79e472b..4201d11 100644
--- a/services/api/test/fixtures/containers.yml
+++ b/services/api/test/fixtures/containers.yml
@@ -1,6 +1,6 @@
queued:
uuid: zzzzz-dz642-queuedcontainer
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Queued
priority: 1
created_at: 2016-01-11 11:11:11.111111111 Z
@@ -16,8 +16,7 @@ queued:
running:
uuid: zzzzz-dz642-runningcontainr
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
- state: Running
+ owner_uuid: zzzzz-tpzed-000000000000000
priority: 1
created_at: <%= 1.minute.ago.to_s(:db) %>
updated_at: <%= 1.minute.ago.to_s(:db) %>
@@ -34,7 +33,7 @@ running:
running-older:
uuid: zzzzz-dz642-runningcontain2
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Running
priority: 1
created_at: <%= 2.minute.ago.to_s(:db) %>
@@ -51,7 +50,7 @@ running-older:
locked:
uuid: zzzzz-dz642-lockedcontainer
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Locked
priority: 2
created_at: <%= 2.minute.ago.to_s(:db) %>
@@ -67,7 +66,7 @@ locked:
completed:
uuid: zzzzz-dz642-compltcontainer
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Complete
priority: 1
created_at: 2016-01-11 11:11:11.111111111 Z
@@ -86,7 +85,7 @@ completed:
completed_older:
uuid: zzzzz-dz642-compltcontainr2
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Complete
priority: 1
created_at: 2016-01-11 11:11:11.111111111 Z
@@ -104,7 +103,7 @@ completed_older:
requester:
uuid: zzzzz-dz642-requestingcntnr
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Complete
priority: 1
created_at: 2016-01-11 11:11:11.111111111 Z
@@ -120,7 +119,7 @@ requester:
requester_container:
uuid: zzzzz-dz642-requestercntnr1
- owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ owner_uuid: zzzzz-tpzed-000000000000000
state: Complete
priority: 1
created_at: 2016-01-11 11:11:11.111111111 Z
commit a502437e2c0833b0fde616e2f8f0e87f4686b953
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 19 11:14:03 2016 -0400
9799: Use regular (non-admin) user in Workbench websocket tests.
diff --git a/apps/workbench/test/integration/websockets_test.rb b/apps/workbench/test/integration/websockets_test.rb
index e9f5a79..e302a39 100644
--- a/apps/workbench/test/integration/websockets_test.rb
+++ b/apps/workbench/test/integration/websockets_test.rb
@@ -6,20 +6,20 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "test page" do
- visit(page_with_token("admin", "/websockets"))
+ visit(page_with_token("active", "/websockets"))
fill_in("websocket-message-content", :with => "Stuff")
click_button("Send")
assert_text '"status":400'
end
test "test live logging" do
- visit(page_with_token("admin", "/pipeline_instances/zzzzz-d1hrv-9fm8l10i9z2kqc6"))
+ visit(page_with_token("active", "/pipeline_instances/zzzzz-d1hrv-9fm8l10i9z2kqc6"))
click_link("Log")
assert_no_text '123 hello'
api = ArvadosApiClient.new
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
api.api("logs", "", {log: {
object_uuid: "zzzzz-d1hrv-9fm8l10i9z2kqc6",
event_type: "stderr",
@@ -32,14 +32,12 @@ class WebsocketTest < ActionDispatch::IntegrationTest
["jobs", api_fixture("jobs")['running']['uuid']],
["containers", api_fixture("containers")['running']['uuid']],
["container_requests", api_fixture("container_requests")['running']['uuid'], api_fixture("containers")['running']['uuid']],
- ].each do |c|
- test "test live logging scrolling #{c[0]}" do
+ ].each do |controller, uuid, log_uuid|
+ log_uuid = log_uuid || uuid
- controller = c[0]
- uuid = c[1]
- log_uuid = c[2] || c[1]
+ test "test live logging scrolling for #{controller}" do
- visit(page_with_token("admin", "/#{controller}/#{uuid}"))
+ visit(page_with_token("active", "/#{controller}/#{uuid}"))
click_link("Log")
assert_no_text '123 hello'
@@ -50,11 +48,12 @@ class WebsocketTest < ActionDispatch::IntegrationTest
text << "#{i} hello\n"
end
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
- api.api("logs", "", {log: {
- object_uuid: log_uuid,
- event_type: "stderr",
- properties: {"text" => text}}})
+ use_token :dispatch1 do
+ api.api("logs", "", {log: {
+ object_uuid: log_uuid,
+ event_type: "stderr",
+ properties: {"text" => text}}})
+ end
assert_text '1000 hello'
# First test that when we're already at the bottom of the page, it scrolls down
@@ -87,7 +86,7 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "pipeline instance arv-refresh-on-log-event" do
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
# Do something and check that the pane reloads.
p = PipelineInstance.create({state: "RunningOnServer",
components: {
@@ -98,15 +97,17 @@ class WebsocketTest < ActionDispatch::IntegrationTest
}
})
- visit(page_with_token("admin", "/pipeline_instances/#{p.uuid}"))
+ visit(page_with_token("active", "/pipeline_instances/#{p.uuid}"))
assert_text 'Active'
assert page.has_link? 'Pause'
assert_no_text 'Complete'
assert page.has_no_link? 'Re-run with latest'
- p.state = "Complete"
- p.save!
+ use_token :admin do
+ p.state = "Complete"
+ p.save!
+ end
assert_no_text 'Active'
assert page.has_no_link? 'Pause'
@@ -115,26 +116,28 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "job arv-refresh-on-log-event" do
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
# Do something and check that the pane reloads.
p = Job.where(uuid: api_fixture('jobs')['running_will_be_completed']['uuid']).results.first
- visit(page_with_token("admin", "/jobs/#{p.uuid}"))
+ visit(page_with_token("active", "/jobs/#{p.uuid}"))
assert_no_text 'complete'
assert_no_text 'Re-run job'
- p.state = "Complete"
- p.save!
+ use_token :admin do
+ p.state = "Complete"
+ p.save!
+ end
assert_text 'complete'
assert_text 'Re-run job'
end
test "dashboard arv-refresh-on-log-event" do
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
- visit(page_with_token("admin", "/"))
+ visit(page_with_token("active", "/"))
assert_no_text 'test dashboard arv-refresh-on-log-event'
@@ -217,9 +220,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
end
test "test running job with just a few previous log records" do
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
job = Job.where(uuid: api_fixture("jobs")['running']['uuid']).results.first
- visit page_with_token("admin", "/jobs/#{job.uuid}")
+ visit page_with_token("active", "/jobs/#{job.uuid}")
api = ArvadosApiClient.new
@@ -246,10 +249,10 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "test running job with too many previous log records" do
Rails.configuration.running_job_log_records_to_fetch = 5
- Thread.current[:arvados_api_token] = @@API_AUTHS["admin"]['api_token']
+ use_token :active
job = Job.where(uuid: api_fixture("jobs")['running']['uuid']).results.first
- visit page_with_token("admin", "/jobs/#{job.uuid}")
+ visit page_with_token("active", "/jobs/#{job.uuid}")
api = ArvadosApiClient.new
commit a4cbf619dba93de29140ddc1ead992e88bd28b3a
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Aug 19 09:29:58 2016 -0400
9799: Use regular (non-admin) user in websocket integration tests.
diff --git a/services/api/test/integration/websocket_test.rb b/services/api/test/integration/websocket_test.rb
index 0c99fcc..99ca7ac 100644
--- a/services/api/test/integration/websocket_test.rb
+++ b/services/api/test/integration/websocket_test.rb
@@ -69,7 +69,7 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connect, subscribe and get response" do
status = nil
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe'}.to_json)
end
@@ -89,9 +89,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
spec = nil
ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe'}.to_json)
end
@@ -126,9 +126,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
spec_ev_uuid = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe'}.to_json)
end
@@ -166,9 +166,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
human = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe', filters: [['object_uuid', 'is_a', 'arvados#human']]}.to_json)
end
@@ -204,9 +204,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
spec_ev_uuid = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe', filters: [['object_uuid', 'is_a', 'arvados#human']]}.to_json)
ws.send ({method: 'subscribe', filters: [['object_uuid', 'is_a', 'arvados#specimen']]}.to_json)
@@ -249,9 +249,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
state = 1
t1 = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe', filters: [['object_uuid', 'is_a', 'arvados#trait'], ['event_type', '=', 'update']]}.to_json)
end
@@ -285,13 +285,13 @@ class WebsocketTest < ActionDispatch::IntegrationTest
human = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
lastid = logs(:admin_changes_specimen).id
l1 = nil
l2 = nil
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe', last_log_id: lastid}.to_json)
end
@@ -329,9 +329,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
spec_ev_uuid = nil
filter_id = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin, false do |ws|
+ ws_helper :active, false do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe'}.to_json)
EM::Timer.new 3 do
@@ -378,9 +378,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
spec = nil
spec_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin, false do |ws|
+ ws_helper :active, false do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe', filters: [['object_uuid', 'is_a', 'arvados#human']]}.to_json)
EM::Timer.new 6 do
@@ -430,9 +430,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
human = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'subscribe'}.to_json)
end
@@ -477,9 +477,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connected, not subscribed, no event" do
slow_test
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin, false do |ws|
+ ws_helper :active, false do |ws|
ws.on :open do |event|
EM::Timer.new 1 do
Specimen.create
@@ -530,7 +530,7 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connect, try bogus method" do
status = nil
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({method: 'frobnabble'}.to_json)
end
@@ -548,7 +548,7 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connect, missing method" do
status = nil
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send ({fizzbuzz: 'frobnabble'}.to_json)
end
@@ -566,7 +566,7 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connect, send malformed request" do
status = nil
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
ws.send '<XML4EVER></XML4EVER>'
end
@@ -585,9 +585,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
test "connect, try subscribe too many filters" do
state = 1
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
(1..17).each do |i|
ws.send ({method: 'subscribe', filters: [['object_uuid', '=', i]]}.to_json)
@@ -618,9 +618,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
event_count = 0
log_start = Log.order(:id).last.id
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin, false do |ws|
+ ws_helper :active, false do |ws|
EM::Timer.new 45 do
# Needs a longer timeout than the default
ws.close
@@ -661,9 +661,9 @@ class WebsocketTest < ActionDispatch::IntegrationTest
human = nil
human_ev_uuid = nil
- authorize_with :admin
+ authorize_with :active
- ws_helper :admin do |ws|
+ ws_helper :active do |ws|
ws.on :open do |event|
# test that #6451 is fixed (invalid filter crashes websockets)
ws.send ({method: 'subscribe', filters: [['object_blarg', 'is_a', 'arvados#human']]}.to_json)
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list