Merge branch 'master' into try-to-fix-circular-dep

cytomine · Jun 23, 2022 · 37ee61e · 37ee61e
2 parents e901b7e + 677a7bf
commit 37ee61e
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 23 deletions.
diff --git a/grails-app/conf/UserPositionUrlMappings.groovy b/grails-app/conf/UserPositionUrlMappings.groovy
@@ -24,7 +24,7 @@ class UserPositionUrlMappings {
 
     static mappings = {
         "/api/imageinstance/$image/position.$format" (controller : "restUserPosition") {
-            action = [POST:"add"]
+            action = [POST:"add",GET:"list"]
         }
         "/api/imageinstance/$id/position/$user.$format" (controller : "restUserPosition") {
             action = [GET:"lastPositionByUser"]
@@ -34,10 +34,6 @@ class UserPositionUrlMappings {
             action = [POST:"add"]
         }
 
-        "/api/imageinstance/$image/position.$format" (controller : "restUserPosition") {
-            action = [GET:"list"]
-        }
-
         //Deprecated
         "/api/imageinstance/$image/positions.$format" (controller : "restUserPosition") {
             action = [GET:"list"]

diff --git a/src/groovy/be/cytomine/test/http/UserPositionAPI.groovy b/src/groovy/be/cytomine/test/http/UserPositionAPI.groovy
@@ -26,43 +26,43 @@ import be.cytomine.test.Infos
 class UserPositionAPI extends DomainAPI {
 
     static def listLastByUser(Long idImage,Long idUser, String username, String password, boolean broadcast=false) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/position/${idUser}.json" +
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/position/${idUser}.json" +
                 (broadcast ? "?broadcast=true" : "")
         return doGET(URL, username, password)
     }
 
     static def listLastByImage(Long idImage,String username, String password, boolean broadcast=false) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/online.json" +
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/online.json" +
                 (broadcast ? "?broadcast=true" : "")
         return doGET(URL, username, password)
     }
 
     static def listByImage(Long idImage, String username, String password, Long afterThan = null) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/positions.json?showDetails=true"
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/positions.json?showDetails=true"
         if(afterThan) URL += "&afterThan=$afterThan"
         return doGET(URL, username, password)
     }
 
     static def listByImageAndUser(Long idImage,Long idUser, String username, String password, Long afterThan = null) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/positions.json?user=$idUser&showDetails=true"
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/positions.json?user=$idUser&showDetails=true"
         if(afterThan) URL += "&afterThan=$afterThan"
         return doGET(URL, username, password)
     }
 
     static def summarizeByImage(Long idImage,String username, String password, Long afterThan = null) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/positions.json"
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/positions.json"
         if(afterThan) URL += "?afterThan=$afterThan"
         return doGET(URL, username, password)
     }
 
     static def summarizeByImageAndUser(Long idImage,Long idUser, String username, String password, Long afterThan = null) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/positions.json?user=$idUser"
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/positions.json?user=$idUser"
         if(afterThan) URL += "&afterThan=$afterThan"
         return doGET(URL, username, password)
     }
 
     static def create(Long idImage, def json, String username, String password) {
-        String URL = Infos.CYTOMINEURL + "/api/imageinstance/$idImage/position.json"
+        String URL = Infos.CYTOMINEURL + "api/imageinstance/$idImage/position.json"
         def result = doPOST(URL,json,username,password)
         return result
     }

diff --git a/test/functional/be/cytomine/ProjectMemberTests.groovy b/test/functional/be/cytomine/ProjectMemberTests.groovy
@@ -100,6 +100,11 @@ class ProjectMemberTests {
     void testAddDeleteUserToProject() {
         def project = BasicInstanceBuilder.getProjectNotExist()
         BasicInstanceBuilder.saveDomain(project)
+
+        //Add super admin as a true manager
+        def resAddUser = ProjectAPI.addUserProject(project.id, BasicInstanceBuilder.getSuperAdmin(Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        assert 200 == resAddUser.code
+
         User u1 = BasicInstanceBuilder.user1
 
         def result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
@@ -108,14 +113,13 @@ class ProjectMemberTests {
 
 
         //Add project right for user 1
-        def resAddUser = ProjectAPI.addUserProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        resAddUser = ProjectAPI.addUserProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         assert 200 == resAddUser.code
         result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
         assert UserAPI.containsInJSONList(u1.id,json)
 
-        resAddUser = ProjectAPI.deleteUserProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
-        assert 200 == resAddUser.code
+        assert 200 == ProjectAPI.deleteUserProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).code
         result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
         assert !UserAPI.containsInJSONList(u1.id,json)
@@ -129,14 +133,18 @@ class ProjectMemberTests {
             users << BasicInstanceBuilder.getUserNotExist(true)
         }
 
+        //Add super admin as a true manager
+        def resAddUser = ProjectAPI.addUserProject(project.id, BasicInstanceBuilder.getSuperAdmin(Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        assert 200 == resAddUser.code
+
         def result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         def json = JSON.parse(result.data)
         Long size = json.size
 
         def userIds = users.collect{it.id}
 
         //Add
-        def resAddUser = ProjectAPI.addUsersProject(project.id, userIds, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        resAddUser = ProjectAPI.addUsersProject(project.id, userIds, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         assert 200 == resAddUser.code
         result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
@@ -155,8 +163,7 @@ class ProjectMemberTests {
         assert json.size == size + users.size()
 
         //Delete
-        resAddUser = ProjectAPI.deleteUsersProject(project.id, userIds.subList(0, 2), Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
-        assert 200 == resAddUser.code
+        assert 200 == ProjectAPI.deleteUsersProject(project.id, userIds.subList(0, 2), Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).code
         result = UserAPI.list(project.id,"project","user",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
         assert json.size == size + users.size()-2
@@ -177,20 +184,24 @@ class ProjectMemberTests {
     void testAddDeleteAdminToProject() {
         def project = BasicInstanceBuilder.getProjectNotExist()
         BasicInstanceBuilder.saveDomain(project)
+
+        //Add super admin as a true manager
+        def resAddUser = ProjectAPI.addUserProject(project.id, BasicInstanceBuilder.getSuperAdmin(Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        assert 200 == resAddUser.code
+
         User u1 = BasicInstanceBuilder.user1
         def result = UserAPI.list(project.id,"project","admin",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         def json = JSON.parse(result.data)
         assert !UserAPI.containsInJSONList(u1.id,json)
 
         //Add project right for user 2
-        def resAddUser = ProjectAPI.addAdminProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
+        resAddUser = ProjectAPI.addAdminProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         assert 200 == resAddUser.code
         result = UserAPI.list(project.id,"project","admin",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
         assert UserAPI.containsInJSONList(u1.id,json)
 
-        resAddUser = ProjectAPI.deleteAdminProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
-        assert 200 == resAddUser.code
+        assert 200 == ProjectAPI.deleteAdminProject(project.id, u1.id, Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD).code
         result = UserAPI.list(project.id,"project","admin",Infos.SUPERADMINLOGIN, Infos.SUPERADMINPASSWORD)
         json = JSON.parse(result.data)
         assert !UserAPI.containsInJSONList(u1.id,json)

diff --git a/test/functional/be/cytomine/security/ProjectUserSecurityTests.groovy b/test/functional/be/cytomine/security/ProjectUserSecurityTests.groovy
@@ -106,8 +106,8 @@ class ProjectUserSecurityTests extends SecurityTestsAbstract {
       //check if user2 cannot delete user 3 in project
       assert (403 ==ProjectAPI.deleteUserProject(project.id, user3.id,SecurityTestsAbstract.USERNAME2,SecurityTestsAbstract.PASSWORD2).code)
 
-      //check if user2 can delete himself project
-      assert (200 ==ProjectAPI.deleteUserProject(project.id, user2.id,SecurityTestsAbstract.USERNAME2,SecurityTestsAbstract.PASSWORD2).code)
+      //check if user2 cannot delete himself from project (permission impact on ontology)
+      assert (403 ==ProjectAPI.deleteUserProject(project.id, user2.id,SecurityTestsAbstract.USERNAME2,SecurityTestsAbstract.PASSWORD2).code)
 
   }
 

diff --git a/test/functional/be/cytomine/security/UserSecurityTests.groovy b/test/functional/be/cytomine/security/UserSecurityTests.groovy
@@ -50,6 +50,10 @@ class UserSecurityTests extends SecurityTestsAbstract {
 
         //check if admin can add/del user from project
         Project project = BasicInstanceBuilder.getProjectNotExist(true)
+
+        //add admin as a true manager
+        assert (200 == ProjectAPI.addUserProject(project.id,BasicInstanceBuilder.getUser(USERNAMEADMIN,PASSWORDADMIN).id,USERNAMEADMIN,PASSWORDADMIN).code)
+
         assert (200 == ProjectAPI.addUserProject(project.id,user1.id,USERNAMEADMIN,PASSWORDADMIN).code)
         assert (200 == ProjectAPI.deleteUserProject(project.id,user1.id,USERNAMEADMIN,PASSWORDADMIN).code)