[ARVADOS] created: 1.3.0-2738-g5b3c6d2cf
Git user
git at public.arvados.org
Mon Jun 29 15:07:17 UTC 2020
at 5b3c6d2cfde4f8462fbcbaf6012302cbd3c6c8fa (commit)
commit 5b3c6d2cfde4f8462fbcbaf6012302cbd3c6c8fa
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon Jun 29 11:06:54 2020 -0400
16538: Add test.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/services/api/test/unit/permission_test.rb b/services/api/test/unit/permission_test.rb
index 10664474c..1bb387fc9 100644
--- a/services/api/test/unit/permission_test.rb
+++ b/services/api/test/unit/permission_test.rb
@@ -149,6 +149,23 @@ class PermissionTest < ActiveSupport::TestCase
":spectator missing from writers list")
end
+ # user->all_users_role is read-only, so write permission from
+ # all_users_role->object doesn't give the user write permission.
+ test "writable_by omits requester's uuid if requester has read-only perm via user->all_users_role->object" do
+ set_user_from_auth :admin
+ newcoll = Collection.create!()
+ Link.create!(tail_uuid: groups(:all_users).uuid,
+ head_uuid: newcoll.uuid,
+ link_class: 'permission',
+ name: 'can_write')
+ set_user_from_auth :active
+ coll = Collection.find_by_uuid(newcoll.uuid)
+ assert_raises ArvadosModel::PermissionDeniedError do
+ coll.update_attributes(name: 'update should fail')
+ end
+ refute_includes(coll.writable_by, users(:active).uuid)
+ end
+
test "user owns group, group can_manage object's group, user can add permissions" do
set_user_from_auth :admin
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list