# SPDX-License-Identifier: AGPL-3.0
require 'safe_json'
+require 'request_error'
module ApiTemplateOverride
def allowed_to_render?(fieldset, field, model, options)
def render_error(e)
logger.error e.inspect
- if e.respond_to? :backtrace and e.backtrace
+ if !e.is_a? RequestError and (e.respond_to? :backtrace and e.backtrace)
logger.error e.backtrace.collect { |x| x + "\n" }.join('')
end
if (@object.respond_to? :errors and
.all
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
-
- # Use a salted token as a reader token for /groups/ and /users/current
- if params[:remote] && (
- request.path.start_with?('/arvados/v1/groups') ||
- request.path.start_with?('/arvados/v1/users/current'))
- auth = ApiClientAuthorization.
- validate(token: Thread.current[:supplied_token],
- remote: params[:remote])
- if auth && auth.user
- Thread.current[:user] = auth.user
- @read_auths << auth
- end
- end
-
@read_users = @read_auths.map(&:user).uniq
end
end
def require_auth_scope
- if @read_auths.empty?
+ unless current_user && @read_auths.any? { |auth| auth.user.andand.uuid == current_user.uuid }
if require_login != false
send_error("Forbidden", status: 403)
end
def set_cors_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
- response.headers['Access-Control-Allow-Headers'] = 'Authorization'
+ response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
response.headers['Access-Control-Max-Age'] = '86486400'
end
}
end
+ def self._update_requires_parameters
+ {}
+ end
+
def self._index_requires_parameters
{
filters: { type: 'array', required: false },