if @object.locked_by_uuid != Thread.current[:api_client_authorization].uuid
raise ArvadosModel::PermissionDeniedError.new("Not locked by your token")
end
- if @object.auth.nil?
- cr = ContainerRequest.
- where('container_uuid=? and priority>0', self.uuid).
- order('priority desc').
- first
- @object = ApiClientAuthorization.validate(token: cr.runtime_token)
- else
+ if @object.runtime_token.nil?
@object = @object.auth
+ else
+ @object = ApiClientAuthorization.validate(token: @object.runtime_token)
+ if @object.nil?
+ raise ArvadosModel::PermissionDeniedError.new("Invalid runtime_token")
+ end
end
show
end
if Thread.current[:api_client_authorization].nil?
send_error("Not logged in", status: 401)
else
- c = Container.where(auth_uuid: Thread.current[:api_client_authorization].uuid).first
- if c.nil?
+ c = Container.for_current_token
+ if c.nil? or c.first.nil?
send_error("Token is not associated with a container.", status: 404)
else
- @object = c
+ @object = c.first
show
end
end
end
def secret_mounts
- if @object &&
- @object.auth_uuid &&
- @object.auth_uuid == Thread.current[:api_client_authorization].uuid
+ c = Container.for_current_token
+ if @object && c && @object.uuid == c.uuid
send_json({"secret_mounts" => @object.secret_mounts})
else
send_error("Token is not associated with this container.", status: 403)
projects / arvados.git / blobdiff