projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '21227-keep-web-panic'
[arvados.git] / services / api / app / models / user.rb
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index d9040387e9e53de4b9b09e0cb7e04b0bc58e62b1..dbacf9c01742ee79160eeffb7d2912b611233b1c 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -105,6 +105,10 @@ class User < ArvadosModel
        self.groups_i_can(:read).select { |x| x.match(/-f+$/) }.first)
   end
 
+  def self.ignored_select_attributes
+    super + ["full_name", "is_invited"]
+  end
+
   def groups_i_can(verb)
     my_groups = self.group_permissions(VAL_FOR_PERM[verb]).keys
     if verb == :read
@@ -508,11 +512,11 @@ SELECT target_uuid, perm_level
         update!(redirect_to_user_uuid: new_user.uuid, username: nil)
       end
       skip_check_permissions_against_full_refresh do
-        update_permissions self.uuid, self.uuid, CAN_MANAGE_PERM
-        update_permissions new_user.uuid, new_user.uuid, CAN_MANAGE_PERM
-        update_permissions new_user.owner_uuid, new_user.uuid, CAN_MANAGE_PERM
+        update_permissions self.uuid, self.uuid, CAN_MANAGE_PERM, nil, true
+        update_permissions new_user.uuid, new_user.uuid, CAN_MANAGE_PERM, nil, true
+        update_permissions new_user.owner_uuid, new_user.uuid, CAN_MANAGE_PERM, nil, true
       end
-      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
+      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM, nil, true
     end
   end
 
@@ -654,7 +658,7 @@ SELECT target_uuid, perm_level
         end
       end
 
-      if user.is_invited && !remote_user[:is_invited]
+      if user.is_invited && remote_user[:is_invited] == false
         # Remote user is not "invited" state, they should be unsetup, which
         # also makes them inactive.
         user.unsetup
@@ -674,13 +678,14 @@ SELECT target_uuid, perm_level
            Rails.configuration.RemoteClusters[remote_user_prefix].andand["ActivateUsers"])
           # remote user is active and invited, we need to activate them
           user.update!(is_active: true)
-        elsif user.is_active && !remote_user[:is_active]
+        elsif user.is_active && remote_user[:is_active] == false
           # remote user is not active, we need to de-activate them
           user.update!(is_active: false)
         end
 
         if remote_user_prefix == Rails.configuration.Login.LoginCluster and
           user.is_active and
+          !remote_user[:is_admin].nil? and
           user.is_admin != remote_user[:is_admin]
           # Remote cluster controls our user database, including the
           # admin flag.