Bug #17984

--project-uuid validation should accept user uuids (regression)

Added by Peter Amstutz about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
CWL
Target version:
Start date:
08/10/2021
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Subtasks

Task #17986: Review 17984-cwl-project-uuid-usersResolvedPeter Amstutz

Associated revisions

Revision 8ce476b7
Added by Peter Amstutz about 1 month ago

Merge branch '17984-cwl-project-uuid-users' into main

refs #17984

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <>

History

#1 Updated by Peter Amstutz about 2 months ago

  • Release set to 41

#2 Updated by Peter Amstutz about 1 month ago

  • Status changed from New to In Progress

#3 Updated by Peter Amstutz about 1 month ago

17984-cwl-project-uuid-users @ 74aa79ebb951a915a8f5aba49852a0119835c579

Validation recognizes user uuids.

Also add check that groups are projects.

Also improves error reporting to avoid a back trace in this case when not run with --debug.

#4 Updated by Lucas Di Pentima about 1 month ago

Some comments:

  • The api().users().get(uuid=xxxx).execute() call I believe is meant to check if the current user has access to the tpzed-type UUID. Wouldn't it be more correct to just compare if the UUID is the same as the current user's UUID or is there a case where a user would submit a workflow on another user's home project?
  • Some tests are failing at: https://ci.arvados.org/job/developer-run-tests-remainder/2731/console

#5 Updated by Peter Amstutz about 1 month ago

Lucas Di Pentima wrote:

Some comments:

  • The api().users().get(uuid=xxxx).execute() call I believe is meant to check if the current user has access to the tpzed-type UUID. Wouldn't it be more correct to just compare if the UUID is the same as the current user's UUID or is there a case where a user would submit a workflow on another user's home project?

Technically an admin could assign the workflow run to be owned by another user. It might not really make sense but at the same time I don't see a benefit to forbidding it.

Fixed

17984-cwl-project-uuid-users @ 1521969d1475ab6854d1f9987fdaa1f66a1cbaab

https://ci.arvados.org/view/Developer/job/developer-run-tests/2637/

#6 Updated by Lucas Di Pentima about 1 month ago

This LGTM, thanks.

#7 Updated by Peter Amstutz about 1 month ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF