[arvados] updated: 2.1.0-3081-g75779972a

git repository hosting git at public.arvados.org
Fri Dec 2 20:10:11 UTC 2022 

Summary of changes:
 doc/api/permission-model.html.textile.liquid                      | 2 +-
 doc/user/topics/arvados-sync-external-sources.html.textile.liquid | 2 +-
 lib/config/config.default.yml                                     | 4 ++--
 lib/config/export.go                                              | 2 +-
 sdk/go/arvados/config.go                                          | 2 +-
 services/api/app/models/group.rb                                  | 2 +-
 services/api/config/arvados_config.rb                             | 2 +-
 services/api/test/unit/group_test.rb                              | 5 +++--
 8 files changed, 11 insertions(+), 10 deletions(-)

       via  75779972a56467ddfdc5b5aabeab81fca37119a3 (commit)
      from  d15a1d018bf660be8a73b72195d7bddb19318116 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 75779972a56467ddfdc5b5aabeab81fca37119a3
Author: Tom Clegg <tom at curii.com>
Date:   Fri Dec 2 15:09:55 2022 -0500

    19513: Rename flag to CanCreateRoleGroups, add test case.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/doc/api/permission-model.html.textile.liquid b/doc/api/permission-model.html.textile.liquid
index d7d5eabd0..2d589e270 100644
--- a/doc/api/permission-model.html.textile.liquid
+++ b/doc/api/permission-model.html.textile.liquid
@@ -78,7 +78,7 @@ A "role" is a subtype of Group that is treated in Workbench as a group of users
 * The name of a role is unique across a single Arvados cluster.
 * Roles can be both targets (@head_uuid@) and origins (@tail_uuid@) of permission links.
 * By default, all roles are visible to all active users. However, if the configuration entry @Users.RoleGroupsVisibleToAll@ is @false@, visibility is determined by normal permission rules, _i.e._, a role is only visible to users who have that role, and to admins.
-* By default, any user can create a new role. However, if the configuration entry @Users.CreateRoleGroups@ is @false@, only admins can create roles.
+* By default, any user can create a new role. However, if the configuration entry @Users.CanCreateRoleGroups@ is @false@, only admins can create roles.
 
 h3. Access through Roles
 
diff --git a/doc/user/topics/arvados-sync-external-sources.html.textile.liquid b/doc/user/topics/arvados-sync-external-sources.html.textile.liquid
index d84995d5b..53a79ea23 100644
--- a/doc/user/topics/arvados-sync-external-sources.html.textile.liquid
+++ b/doc/user/topics/arvados-sync-external-sources.html.textile.liquid
@@ -65,7 +65,7 @@ Users can be identified by their email address or username: the tool will check
 
 Permission level can be one of the following: @can_read@, @can_write@ or @can_manage@, giving the group member read, read/write or managing privileges on the group. For backwards compatibility purposes, if any record omits the third (permission) field, it will default to @can_write@ permission. You can read more about permissions on the "group management admin guide":{{ site.baseurl }}/admin/group-management.html.
 
-When using @arvados-sync-groups@, consider setting @Users.CreateRoleGroups: false@ in your "cluster configuration":{{site.baseurl}}/admin/config.html to prevent users from creating additional groups.
+When using @arvados-sync-groups@, consider setting @Users.CanCreateRoleGroups: false@ in your "cluster configuration":{{site.baseurl}}/admin/config.html to prevent users from creating additional groups.
 
 h2. Options
 
diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 1a0191797..47d5ce220 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -373,11 +373,11 @@ Clusters:
       # cluster.
       RoleGroupsVisibleToAll: true
 
-      # If CreateRoleGroups is true, regular (non-admin) users can
+      # If CanCreateRoleGroups is true, regular (non-admin) users can
       # create new role groups.
       #
       # If false, only admins can create new role groups.
-      CreateRoleGroups: true
+      CanCreateRoleGroups: true
 
       # During each period, a log entry with event_type="activity"
       # will be recorded for each user who is active during that
diff --git a/lib/config/export.go b/lib/config/export.go
index 14139e850..069e300c5 100644
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -236,7 +236,7 @@ var whitelist = map[string]bool{
 	"Users.AutoSetupNewUsersWithRepository":               false,
 	"Users.AutoSetupNewUsersWithVmUUID":                   false,
 	"Users.AutoSetupUsernameBlacklist":                    false,
-	"Users.CreateRoleGroups":                              true,
+	"Users.CanCreateRoleGroups":                           true,
 	"Users.EmailSubjectPrefix":                            false,
 	"Users.NewInactiveUserNotificationRecipients":         false,
 	"Users.NewUserNotificationRecipients":                 false,
diff --git a/sdk/go/arvados/config.go b/sdk/go/arvados/config.go
index 1257d7a83..fbbcb78ec 100644
--- a/sdk/go/arvados/config.go
+++ b/sdk/go/arvados/config.go
@@ -249,7 +249,7 @@ type Cluster struct {
 		PreferDomainForUsername               string
 		UserSetupMailText                     string
 		RoleGroupsVisibleToAll                bool
-		CreateRoleGroups                      bool
+		CanCreateRoleGroups                   bool
 		ActivityLoggingPeriod                 Duration
 	}
 	StorageClasses map[string]StorageClassConfig
diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb
index 81161e24d..85855fda9 100644
--- a/services/api/app/models/group.rb
+++ b/services/api/app/models/group.rb
@@ -272,7 +272,7 @@ class Group < ArvadosModel
     if !super
       return false
     elsif group_class == "role" &&
-       !Rails.configuration.Users.CreateRoleGroups &&
+       !Rails.configuration.Users.CanCreateRoleGroups &&
        !current_user.andand.is_admin
       raise PermissionDeniedError.new("this cluster does not allow users to create role groups")
     else
diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index a7abf819c..c47eeb551 100644
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -106,7 +106,7 @@ arvcfg.declare_config "Users.UserNotifierEmailFrom", String, :user_notifier_emai
 arvcfg.declare_config "Users.UserNotifierEmailBcc", Hash
 arvcfg.declare_config "Users.NewUserNotificationRecipients", Hash, :new_user_notification_recipients, ->(cfg, k, v) { arrayToHash cfg, "Users.NewUserNotificationRecipients", v }
 arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Hash, :new_inactive_user_notification_recipients, method(:arrayToHash)
-arvcfg.declare_config "Users.CreateRoleGroups", Boolean
+arvcfg.declare_config "Users.CanCreateRoleGroups", Boolean
 arvcfg.declare_config "Users.RoleGroupsVisibleToAll", Boolean
 arvcfg.declare_config "Login.LoginCluster", String
 arvcfg.declare_config "Login.TrustedClients", Hash
diff --git a/services/api/test/unit/group_test.rb b/services/api/test/unit/group_test.rb
index 33ad0ecdf..a0c375a6f 100644
--- a/services/api/test/unit/group_test.rb
+++ b/services/api/test/unit/group_test.rb
@@ -538,9 +538,10 @@ update links set tail_uuid='#{g5}' where uuid='#{l1.uuid}'
     [false, :active, false],
     [true, :admin, true],
     [true, :active, true],
+    [true, :inactive, false],
   ].each do |conf, user, allowed|
-    test "config.Users.CreateRoleGroups conf=#{conf}, user=#{user}" do
-      Rails.configuration.Users.CreateRoleGroups = conf
+    test "config.Users.CanCreateRoleGroups conf=#{conf}, user=#{user}" do
+      Rails.configuration.Users.CanCreateRoleGroups = conf
       act_as_user users(user) do
         if allowed
           Group.create!(name: 'admin-created', group_class: 'role')

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list