fix permissions to accommodate nodes#ping and user_sessions#create exemptions

[arvados.git] / app / controllers / user_sessions_controller.rb

diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb
index 31f691d333dbb951d1547d3b447a0a54b892f824..f941cb065329e293de2de7351118b5f71cbed57a 100644 (file)
--- a/app/controllers/user_sessions_controller.rb
+++ b/app/controllers/user_sessions_controller.rb
@@ -25,10 +25,13 @@ class UserSessionsController < ApplicationController
     user = User.find_by_identity_url(omniauth['info']['identity_url'])
     if not user
       # New user registration
-      user = User.create!(:email => omniauth['info']['email'],
-                          :first_name => omniauth['info']['first_name'],
-                          :last_name => omniauth['info']['last_name'],
-                          :identity_url => omniauth['info']['identity_url'])
+      user = User.new(:email => omniauth['info']['email'],
+                      :first_name => omniauth['info']['first_name'],
+                      :last_name => omniauth['info']['last_name'],
+                      :identity_url => omniauth['info']['identity_url'])
+      Thread.current[:user] = user # prevents OrvosModel#before_create
+                                   # from throwing "unauthorized"
+      user.save!
     else
       user.email = omniauth['info']['email']
       user.first_name = omniauth['info']['first_name']