meta-foundation
diff --git a/‎CHANGELOG
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG
Lines changed: 7 additions & 0 deletions
diff --git a/‎arangod/RestHandler/RestUsersHandler.cpp
Lines changed: 5 additions & 4 deletions b/‎arangod/RestHandler/RestUsersHandler.cpp
Lines changed: 5 additions & 4 deletions
diff --git a/‎tests/js/common/http/grants-spec.js
Lines changed: 233 additions & 16 deletions b/‎tests/js/common/http/grants-spec.js
Lines changed: 233 additions & 16 deletions
@@ -1,6 +1,13 @@
 devel
 -----
 
+* Fixed ES-1078: The REST API endpoint for handling `/_api/user/${user}/config`
+  did not work properly. The supplied data by sending a PUT request has not been
+  stored to the correct location. The Web UI uses this endpoint to store its
+  graph properties for storing the visualization properties. As this endpoint
+  did not work as expected, the graph visualization properties did not get
+  persisted as well. This is now resolved.
+
 * Updated arangosync to 2.9.0.
 
 * Speed up initial sync (in case there is already data present) by prefetching
 
@@ -445,10 +445,10 @@ RestStatus RestUsersHandler::putRequest(auth::UserManager* um) {
         // to a remove of the config option.
         res = um->updateUser(name, [&](auth::User& u) {
           VPackSlice newVal = body;
-          VPackSlice oldConf = u.userData();
+          VPackSlice oldConf = u.configData();
           if (!newVal.isObject() || !newVal.hasKey("value")) {
             if (oldConf.isObject() && oldConf.hasKey(key)) {
-              u.setUserData(VPackCollection::remove(
+              u.setConfigData(VPackCollection::remove(
                   oldConf, std::unordered_set<std::string>{key}));
             }       // Nothing to do. We do not have a config yet.
           } else {  // We need to merge the new key into the config
@@ -457,9 +457,10 @@ RestStatus RestUsersHandler::putRequest(auth::UserManager* um) {
 
             if (oldConf.isObject() &&
                 !oldConf.isEmptyObject()) {  // merge value in
-              u.setUserData(VPackCollection::merge(oldConf, b.slice(), false));
+              u.setConfigData(
+                  VPackCollection::merge(oldConf, b.slice(), false));
             } else {
-              u.setUserData(std::move(b));
+              u.setConfigData(std::move(b));
             }
           }
 
 
@@ -29,18 +29,19 @@ const request = require('@arangodb/request');
 const users = require('@arangodb/users');
 const db = require('@arangodb').db;
 
-describe('Grants', function() {
-  before(function() {
+describe('Grants', function () {
+  before(function () {
     db._drop('grants');
     db._create('grants');
   });
-  beforeEach(function() {
+  beforeEach(function () {
     try {
       // remove any such user if it exists
       users.remove('hans');
-    } catch (err) {}
+    } catch (err) {
+    }
   });
-  afterEach(function() {
+  afterEach(function () {
     let resp = request.put({
       url: '/_admin/server/mode',
       body: {'mode': 'default'},
@@ -51,10 +52,10 @@ describe('Grants', function() {
     require('internal').wait(5.0);
     users.remove('hans');
   });
-  after(function() {
+  after(function () {
     db._drop('grants');
   });
-  it('should show the effective rights for a user', function() {
+  it('should show the effective rights for a user', function () {
     users.save('hans');
     users.grantDatabase('hans', '_system', 'rw');
     let resp = request.get({
@@ -63,11 +64,11 @@ describe('Grants', function() {
     });
     expect(JSON.parse(resp.body)).to.have.property('result', 'rw');
   });
-  
-  it('should show the effective rights when readonly mode is on', function() {
+
+  it('should show the effective rights when readonly mode is on', function () {
     users.save('hans');
     users.grantDatabase('hans', '_system', 'rw');
-    
+
     let resp;
     resp = request.put({
       url: '/_admin/server/mode',
@@ -81,10 +82,10 @@ describe('Grants', function() {
     expect(JSON.parse(resp.body)).to.have.property('result', 'ro');
   });
 
-  it('should show the configured rights when readonly mode is on and configured is requested', function() {
+  it('should show the configured rights when readonly mode is on and configured is requested', function () {
     users.save('hans');
     users.grantDatabase('hans', '_system', 'rw');
-    
+
     let resp;
     resp = request.put({
       url: '/_admin/server/mode',
@@ -98,11 +99,11 @@ describe('Grants', function() {
     expect(JSON.parse(resp.body)).to.have.property('result', 'rw');
   });
 
-  it('should show the effective rights when readonly mode is on', function() {
+  it('should show the effective rights when readonly mode is on', function () {
     users.save('hans');
     users.grantDatabase('hans', '_system', 'rw');
     users.grantCollection('hans', '_system', 'grants');
-    
+
     let resp;
     resp = request.put({
       url: '/_admin/server/mode',
@@ -116,11 +117,11 @@ describe('Grants', function() {
     expect(JSON.parse(resp.body)).to.have.property('result', 'ro');
   });
 
-  it('should show the configured rights when readonly mode is on and configured is requested', function() {
+  it('should show the configured rights when readonly mode is on and configured is requested', function () {
     users.save('hans');
     users.grantDatabase('hans', '_system', 'rw');
     users.grantCollection('hans', '_system', 'grants');
-    
+
     let resp;
     resp = request.put({
       url: '/_admin/server/mode',
@@ -134,3 +135,219 @@ describe('Grants', function() {
     expect(JSON.parse(resp.body)).to.have.property('result', 'rw');
   });
 });
+
+describe('UserProperties', function () {
+  const rootUser = 'root';
+  const rootDB = '_system';
+
+  const nonRootDB = 'nonRootDB';
+  const nonRootUser = 'notRoot';
+
+  const configPropertyAttribute = 'graphs';
+  const additionalPropertyAttribute = 'someAdditionalAttribute';
+
+  const initConfigObject = {
+    a: true,
+    b: false,
+    c: 1,
+    d: 1.1,
+    e: "aString",
+    f: [1, 2, 3],
+    g: {"anObjectKey": "anObjectValue"}
+  };
+
+  const overwriteConfigObject = {
+    c: 1337,
+    someNewParam: "MJ7"
+  };
+
+  const mergeConfigObject = {
+    "thisMustStay": true
+  };
+
+  const verifyEmptyConfig = (result) => {
+    expect(result.error).to.be.false;
+    expect(result).to.have.property('code', 200);
+    expect(result).to.have.property('result', null);
+  };
+
+  const verifyInitObject = (result) => {
+    expect(result.error).to.be.false;
+    expect(result).to.have.property('code', 200);
+
+    result = result.result[configPropertyAttribute];
+    expect(result.a).to.be.true;
+    expect(result.b).to.be.false;
+    expect(result).to.have.property('c', 1);
+    expect(result).to.have.property('d', 1.1);
+    expect(result).to.have.property('e', "aString");
+    expect(result.f).to.be.an('array');
+    expect(result.g).to.be.an('object');
+  };
+
+  const verifyOverwriteConfigObject = (result) => {
+    // We do have one "global" property we can modify. If we write to that same top-level attribute again, it will be
+    // fully replaced by the supplied object given. In case we write to another top-level attribute, it will be merged with
+    // the other already available ones (This is tested in verifyMergedConfigObject).
+    expect(result.error).to.be.false;
+    expect(result).to.have.property('code', 200);
+
+    result = result.result[configPropertyAttribute];
+    expect(result).to.have.property('c', 1337);
+    expect(result).to.have.property('someNewParam', "MJ7");
+  };
+
+  const verifyMergedConfigObject = (result) => {
+    // needs to be called after we've written `overwriteConfigObject`
+    verifyOverwriteConfigObject(result);
+    const expectedMergeObject = result.result[additionalPropertyAttribute];
+    expect(expectedMergeObject.thisMustStay).to.be.true;
+  };
+
+  const generateReadConfigUrl = (user, database) => {
+    return `/_db/${database}/_api/user/${user}/config`;
+  };
+
+  const generateWriteConfigUrl = (user, database, attribute) => {
+    if (!attribute) {
+      attribute = configPropertyAttribute;
+    }
+    return `/_db/${database}/_api/user/${user}/config/${attribute}`;
+  };
+
+  const generateConfigBody = (object) => {
+    return {
+      value: object
+    };
+  };
+
+  before(function () {
+    db._createDatabase(nonRootDB);
+  });
+
+  beforeEach(function () {
+    try {
+      // remove any such user if it exists
+      users.remove(nonRootUser);
+    } catch (ignore) {
+    }
+  });
+
+  afterEach(function () {
+    try {
+      users.remove(nonRootUser);
+    } catch (ignore) {
+    }
+
+    // cleanup root users config we might have been modified in any of our tests
+    const cleanupRootUrl = generateWriteConfigUrl(rootUser, rootDB);
+    request.delete({
+      url: cleanupRootUrl,
+      json: true
+    });
+  });
+
+  after(function () {
+    db._dropDatabase(nonRootDB);
+  });
+
+  const testSuiteHelper = (user, database) => {
+    const readUrl = generateReadConfigUrl(user, database);
+    const writeUrl = generateWriteConfigUrl(user, database);
+    let response;
+
+    // should be empty by default
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyEmptyConfig(JSON.parse(response.body));
+
+    // stores the init object
+    response = request.put({
+      url: writeUrl,
+      body: generateConfigBody(initConfigObject),
+      json: true
+    });
+    expect(response.statusCode).to.equal(200);
+
+    // should now be the same as init object
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyInitObject(JSON.parse(response.body));
+
+    // now try to overwrite as well
+    response = request.put({
+      url: writeUrl,
+      body: generateConfigBody(overwriteConfigObject),
+      json: true
+    });
+    expect(response.statusCode).to.equal(200);
+
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyOverwriteConfigObject(JSON.parse(response.body));
+
+    // now try a merge with another storage attribute
+    const additionalWriteUrl = generateWriteConfigUrl(user, database, additionalPropertyAttribute);
+    response = request.put({
+      url: additionalWriteUrl,
+      body: generateConfigBody(mergeConfigObject),
+      json: true
+    });
+    expect(response.statusCode).to.equal(200);
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyMergedConfigObject(JSON.parse(response.body));
+
+    // test delete (remove additional key)
+    response = request.delete({
+      url: additionalWriteUrl,
+      json: true
+    });
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyOverwriteConfigObject(JSON.parse(response.body));
+
+    // finally, test delete of graph attribute
+    response = request.delete({
+      url: writeUrl,
+      json: true
+    });
+    // should be fully empty now again
+    response = request.get({
+      url: readUrl,
+      json: true
+    });
+    verifyEmptyConfig(JSON.parse(response.body));
+  };
+
+  it('should store/patch/delete root config data in _system database', function () {
+    testSuiteHelper(rootUser, rootDB);
+  });
+
+  it('should store/patch/delete root config data in non-system database', function () {
+    testSuiteHelper(rootUser, nonRootDB);
+  });
+
+  it('should store/patch/delete non-root user config data in _system database', function () {
+    users.save(nonRootUser);
+    users.grantDatabase(nonRootUser, rootDB, 'rw');
+    testSuiteHelper(nonRootUser, rootDB);
+  });
+
+  it('should store/patch/delete non-root user config data in non-system database', function () {
+    users.save(nonRootUser);
+    users.grantDatabase(nonRootUser, nonRootDB, 'rw');
+    testSuiteHelper(nonRootUser, nonRootDB);
+  });
+
+});