Bug #19139: Regular users should not be able to create user records; creating a user does not make admin the "owner" of that user - Arvados

Subject changed from Regular users should not be able to create user records; creating a user should not "own" that user to Regular users should not be able to create user records; creating a user does not make admin the "owner" of that user

Actions

Copy link

Updated by Peter Amstutz over 2 years ago

Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint

Actions

Copy link

Updated by Peter Amstutz over 2 years ago

Target version changed from 2022-06-22 Sprint to 2022-07-06

Actions

Copy link

Updated by Lucas Di Pentima over 2 years ago

Assigned To set to Lucas Di Pentima

Actions

Copy link

Updated by Peter Amstutz over 2 years ago

Target version changed from 2022-07-06 to 2022-07-20

Actions

Copy link

Updated by Lucas Di Pentima over 2 years ago

Status changed from New to In Progress

Actions

Copy link

#10

Updated by Lucas Di Pentima over 2 years ago

Updates at 70d97b9 - branch 19139-user-creation-fixes
Test run: developer-run-tests: #3233
WB1 integration re-run: developer-run-tests-apps-workbench-integration: #3475

Adds tests, one confirming that already non-admins cannot create users, the other exposing the bug about owner_uuid being assigned to non-system root users.
Fixes the bug by forcing that owner_uuid is always set to clsid-tpzed-000000000000000

Actions

Copy link

#11

Updated by Tom Clegg over 2 years ago

(medium) looks like the code handles this correctly, but still seems worthwhile to also test the case where the client specifies an owner_uuid, and it is ignored / replaced with the root uuid.

Rest LGTM, thanks!

Actions

Copy link

#12