[ARVADOS] updated: 2.1.0-2150-g697f6fcaa
Git user
git at public.arvados.org
Thu Mar 24 20:16:48 UTC 2022
Summary of changes:
services/api/test/integration/permissions_test.rb | 78 +++++++++++++++++++++--
1 file changed, 71 insertions(+), 7 deletions(-)
via 697f6fcaaf91f6d1acb1927efd5465a52b8829e5 (commit)
from fca6909a08d0140b99be11b872d0b519f2ae7f59 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 697f6fcaaf91f6d1acb1927efd5465a52b8829e5
Author: Tom Clegg <tom at curii.com>
Date: Thu Mar 24 16:13:17 2022 -0400
18865: Test that can_manage reveals permission links to descendants.
Test fails because #18865.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/services/api/test/integration/permissions_test.rb b/services/api/test/integration/permissions_test.rb
index 194c0fa36..fcc0ed6ca 100644
--- a/services/api/test/integration/permissions_test.rb
+++ b/services/api/test/integration/permissions_test.rb
@@ -451,36 +451,100 @@ class PermissionsTest < ActionDispatch::IntegrationTest
# Should be able to read links directly too
get "/arvados/v1/links/#{can_read_uuid}",
- params: {},
+ params: {},
+ headers: auth(:active)
+ assert_response :success
+
+ ### Create a collection inside a subproject inside the shared
+ ### project, and share the collection with a 3rd user
+ ### ("spectator").
+ post '/arvados/v1/groups',
+ params: {
+ group: {
+ name: 'permission test subproject',
+ group_class: 'project',
+ },
+ },
+ headers: auth(:active)
+ assert_response :success
+ subproject_uuid = json_response['uuid']
+
+ post '/arvados/v1/collections',
+ params: {
+ collection: {
+ name: 'permission test collection in subproject',
+ },
+ },
+ headers: auth(:active)
+ assert_response :success
+ collection_uuid = json_response['uuid']
+
+ post '/arvados/v1/links',
+ params: {
+ link: {
+ tail_uuid: users(:spectator).uuid,
+ link_class: 'permission',
+ name: 'can_read',
+ head_uuid: collection_uuid,
+ }
+ },
+ headers: auth(:admin)
+ assert_response :success
+ can_read_collection_uuid = json_response['uuid']
+
+ # The "active-can_manage-project" permission should cause the
+ # "spectator-can_read-collection" link to be visible to the
+ # "active" user.
+ get "/arvados/v1/permissions/#{collection_uuid}",
+ headers: auth(:active)
+ assert_response :success
+ perm_uuids = json_response['items'].map { |item| item['uuid'] }
+ assert_includes perm_uuids, can_read_collection_uuid, "can_read_uuid not found"
+
+ get "/arvados/v1/links/#{can_read_collection_uuid}",
headers: auth(:active)
assert_response :success
### Now delete the can_manage link
delete "/arvados/v1/links/#{can_manage_uuid}",
- params: nil,
headers: auth(:active)
assert_response :success
# Should not be able read these permission links again
get "/arvados/v1/permissions/#{groups(:public).uuid}",
- params: nil,
+ headers: auth(:active)
+ assert_response 404
+
+ get "/arvados/v1/permissions/#{collection_uuid}",
headers: auth(:active)
assert_response 404
get "/arvados/v1/links",
- params: {
- :filters => [["link_class", "=", "permission"], ["head_uuid", "=", groups(:public).uuid]].to_json
- },
+ params: {
+ :filters => [["link_class", "=", "permission"], ["head_uuid", "=", groups(:public).uuid]].to_json
+ },
+ headers: auth(:active)
+ assert_response :success
+ assert_equal [], json_response['items']
+
+ get "/arvados/v1/links",
+ params: {
+ :filters => [["link_class", "=", "permission"], ["head_uuid", "=", collection_uuid]].to_json
+ },
headers: auth(:active)
assert_response :success
assert_equal [], json_response['items']
# Should not be able to read links directly either
get "/arvados/v1/links/#{can_read_uuid}",
- params: {},
+ params: {},
headers: auth(:active)
assert_response 404
+ get "/arvados/v1/links/#{can_read_collection_uuid}",
+ headers: auth(:active)
+ assert_response 404
+
### Create a collection, and share it with a direct permission
### link (as opposed to sharing its parent project)
post "/arvados/v1/collections",
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list