projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '12511-is-trashed-query' refs #12511
[arvados.git]
/
services
/
api
/
app
/
controllers
/
application_controller.rb
diff --git
a/services/api/app/controllers/application_controller.rb
b/services/api/app/controllers/application_controller.rb
index 9826cf2f906f5a7ecd532b4522d2940f41ca5457..649aa2b0df2a8a72941d399dbd3b5728c3f349db 100644
(file)
--- a/
services/api/app/controllers/application_controller.rb
+++ b/
services/api/app/controllers/application_controller.rb
@@
-345,7
+345,7
@@
class ApplicationController < ActionController::Base
.all
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
.all
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
- @read_users = @read_auths.map
{ |auth| auth.user }
.uniq
+ @read_users = @read_auths.map
(&:user)
.uniq
end
def require_login
end
def require_login
@@
-365,7
+365,7
@@
class ApplicationController < ActionController::Base
end
def require_auth_scope
end
def require_auth_scope
- if @read_auths.empty?
+ unless current_user && @read_auths.any? { |auth| auth.user.andand.uuid == current_user.uuid }
if require_login != false
send_error("Forbidden", status: 403)
end
if require_login != false
send_error("Forbidden", status: 403)
end