+require "arvados/keep"
+
class CollectionsController < ApplicationController
include ActionController::Live
usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
+
+ file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
if usable_token.nil?
return # Response already rendered.
- elsif params[:file].nil? or not coll.manifest.has_file?(params[:file])
+ elsif file_name.nil? or not coll.manifest.has_file?(file_name)
return render_not_found
end
return super if !@object
if current_user
if Keep::Locator.parse params["uuid"]
- @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]])
+ @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(1000)
if @same_pdh.results.size == 1
redirect_to collection_path(@same_pdh[0]["uuid"])
return
most_specific_error = [401]
token_list.each do |api_token|
begin
- using_specific_api_token(api_token) do
+ # We can't load the corresponding user, because the token may not
+ # be scoped for that.
+ using_specific_api_token(api_token, load_user: false) do
yield
return api_token
end