[ARVADOS] created: 1.3.0-2541-g95e9d44b5
Git user
git at public.arvados.org
Mon May 4 14:54:00 UTC 2020
at 95e9d44b567a92664939f0f89bd45eedd6db67ab (commit)
commit 95e9d44b567a92664939f0f89bd45eedd6db67ab
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon May 4 10:53:21 2020 -0400
16387: Allow batch update to set is_active=false for a remote user.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index d9ab5556f..62da35ae8 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -54,7 +54,10 @@ class Arvados::V1::UsersController < ApplicationController
@object = current_user
end
if not @object.is_active
- if not (current_user.is_admin or @object.is_invited)
+ if @object.uuid[0..4] != Rails.configuration.ClusterID
+ logger.warn "Remote user #{@object.uuid} called users.activate"
+ raise ArgumentError.new "cannot activate remote account"
+ elsif not (current_user.is_admin or @object.is_invited)
logger.warn "User #{@object.uuid} called users.activate " +
"but is not invited"
raise ArgumentError.new "Cannot activate without being invited."
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index dd447ca51..ba451eb18 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -239,8 +239,9 @@ class User < ArvadosModel
def must_unsetup_to_deactivate
if self.is_active_changed? &&
- self.is_active_was == true &&
- !self.is_active
+ self.is_active_was &&
+ !self.is_active &&
+ self.uuid[0..4] == Rails.configuration.ClusterID
group = Group.where(name: 'All users').select do |g|
g[:uuid].match(/-f+$/)
commit bdc069a04fd98529f5c79c6b8a7164fb9119723d
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon May 4 10:51:57 2020 -0400
16387: Test updating cache after deactivating user.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index 4939b116b..3bf64771d 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -309,6 +309,7 @@ func (s *IntegrationSuite) TestListUsers(c *check.C) {
rootctx1, _, _ := s.rootClients("z1111")
conn1 := s.conn("z1111")
conn3 := s.conn("z3333")
+ userctx1, _, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
// Make sure LoginCluster is properly configured
for cls := range s.testClusters {
@@ -318,7 +319,9 @@ func (s *IntegrationSuite) TestListUsers(c *check.C) {
check.Commentf("incorrect LoginCluster config on cluster %q", cls))
}
// Make sure z1111 has users with NULL usernames
- lst, err := conn1.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ lst, err := conn1.UserList(rootctx1, arvados.ListOptions{
+ Limit: math.MaxInt64, // check that large limit works (see #16263)
+ })
nullUsername := false
c.Assert(err, check.IsNil)
c.Assert(len(lst.Items), check.Not(check.Equals), 0)
@@ -328,27 +331,45 @@ func (s *IntegrationSuite) TestListUsers(c *check.C) {
}
}
c.Assert(nullUsername, check.Equals, true)
+
+ user1, err := conn1.UserGetCurrent(userctx1, arvados.GetOptions{})
+ c.Assert(err, check.IsNil)
+ c.Check(user1.IsActive, check.Equals, true)
+
// Ask for the user list on z3333 using z1111's system root token
- _, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
- c.Assert(err, check.IsNil, check.Commentf("getting user list: %q", err))
-}
+ lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ c.Assert(err, check.IsNil)
+ found := false
+ for _, user := range lst.Items {
+ if user.UUID == user1.UUID {
+ c.Check(user.IsActive, check.Equals, true)
+ found = true
+ break
+ }
+ }
+ c.Check(found, check.Equals, true)
-// Test for bug #16263
-func (s *IntegrationSuite) TestListUsersWithMaxLimit(c *check.C) {
- rootctx1, _, _ := s.rootClients("z1111")
- conn3 := s.conn("z3333")
- maxLimit := int64(math.MaxInt64)
+ // Deactivate user acct on z1111
+ _, err = conn1.UserUnsetup(rootctx1, arvados.GetOptions{UUID: user1.UUID})
+ c.Assert(err, check.IsNil)
- // Make sure LoginCluster is properly configured
- for cls := range s.testClusters {
- c.Check(
- s.testClusters[cls].config.Clusters[cls].Login.LoginCluster,
- check.Equals, "z1111",
- check.Commentf("incorrect LoginCluster config on cluster %q", cls))
+ // Get user list from z3333, check the returned z1111 user is
+ // deactivated
+ lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ c.Assert(err, check.IsNil)
+ found = false
+ for _, user := range lst.Items {
+ if user.UUID == user1.UUID {
+ c.Check(user.IsActive, check.Equals, false)
+ found = true
+ break
+ }
}
+ c.Check(found, check.Equals, true)
- // Ask for the user list on z3333 using z1111's system root token and
- // limit: max int64 value.
- _, err := conn3.UserList(rootctx1, arvados.ListOptions{Limit: maxLimit})
- c.Assert(err, check.IsNil, check.Commentf("getting user list: %q", err))
+ // Deactivated user can see is_active==false via "get current
+ // user" API
+ user1, err = conn3.UserGetCurrent(userctx1, arvados.GetOptions{})
+ c.Assert(err, check.IsNil)
+ c.Check(user1.IsActive, check.Equals, false)
}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list