projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '8784-dir-listings'
[arvados.git]
/
services
/
api
/
app
/
models
/
api_client_authorization.rb
diff --git
a/services/api/app/models/api_client_authorization.rb
b/services/api/app/models/api_client_authorization.rb
index 499a61b7d3e93116b50f3e96beffbe846466c676..10c02cca25a576a113801b07865a75dfa8affa82 100644
(file)
--- a/
services/api/app/models/api_client_authorization.rb
+++ b/
services/api/app/models/api_client_authorization.rb
@@
-1,3
+1,7
@@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
class ApiClientAuthorization < ArvadosModel
include HasUuid
include KindAndEtag
class ApiClientAuthorization < ArvadosModel
include HasUuid
include KindAndEtag
@@
-61,13
+65,17
@@
class ApiClientAuthorization < ArvadosModel
end
def scopes_allow_request?(request)
end
def scopes_allow_request?(request)
- scopes_allow? [request.request_method, request.path].join(' ')
+ method = request.request_method
+ if method == 'HEAD'
+ (scopes_allow?(['HEAD', request.path].join(' ')) ||
+ scopes_allow?(['GET', request.path].join(' ')))
+ else
+ scopes_allow?([method, request.path].join(' '))
+ end
end
def logged_attributes
end
def logged_attributes
- attrs = attributes.dup
- attrs.delete('api_token')
- attrs
+ super.except 'api_token'
end
def self.default_orders
end
def self.default_orders