include CurrentApiClient
protect_from_forgery
- before_filter :uncamelcase_params_hash_keys
around_filter :thread_with_auth_info, :except => [:render_error, :render_not_found]
before_filter :remote_ip
- before_filter :login_required, :except => :render_not_found
+ before_filter :require_auth_scope_all, :except => :render_not_found
before_filter :catch_redirect_hint
before_filter :load_where_param, :only => :index
def show
if @object
- render json: @object.as_api_response(:superuser)
+ render json: @object.as_api_response
else
render_not_found("object not found")
end
end
def update
- attrs_to_update = resource_attrs.reject { |k,v| [:kind,:etag].index k }
+ attrs_to_update = resource_attrs.reject { |k,v|
+ [:kind, :etag, :href].index k
+ }
if @object.update_attributes attrs_to_update
show
else
:with => :render_not_found
rescue_from ActionController::UnknownController,
:with => :render_not_found
- rescue_from ActionController::UnknownAction,
+ rescue_from AbstractController::ActionNotFound,
:with => :render_not_found
rescue_from ArvadosModel::PermissionDeniedError,
:with => :render_error
return @attrs if @attrs
@attrs = params[resource_name]
if @attrs.is_a? String
- @attrs = uncamelcase_hash_keys(Oj.load @attrs)
+ @attrs = Oj.load @attrs
end
unless @attrs.is_a? Hash
message = "No #{resource_name}"
end
# Authentication
- def login_required
- if !current_user
+ def require_login
+ if current_user
+ true
+ else
respond_to do |format|
format.json {
render :json => { errors: ['Not logged in'] }.to_json, status: 401
redirect_to '/auth/joshid'
}
end
+ false
end
end
end
end
+ def require_auth_scope_all
+ require_login and require_auth_scope(['all'])
+ end
+
+ def require_auth_scope(ok_scopes)
+ unless current_api_client_auth_has_scope(ok_scopes)
+ render :json => { errors: ['Forbidden'] }.to_json, status: 403
+ end
+ end
+
def thread_with_auth_info
+ Thread.current[:api_url_base] = root_url.sub(/\/$/,'') + '/arvados/v1'
begin
user = nil
api_client = nil
includes(:api_client, :user).
where('api_token=? and (expires_at is null or expires_at > now())', supplied_token).
first
- if api_client_auth
+ if api_client_auth.andand.user
session[:user_id] = api_client_auth.user.id
session[:api_client_uuid] = api_client_auth.api_client.andand.uuid
session[:api_client_authorization_id] = api_client_auth.id
end
end
- def uncamelcase_params_hash_keys
- self.params = uncamelcase_hash_keys(params)
- end
- def uncamelcase_hash_keys(h, max_depth=-1)
- if h.is_a? Hash and max_depth != 0
- nh = Hash.new
- h.each do |k,v|
- if k.class == String
- nk = k.underscore
- elsif k.class == Symbol
- nk = k.to_s.underscore.to_sym
- else
- nk = k
- end
- nh[nk] = uncamelcase_hash_keys(v, max_depth-1)
- end
- h.replace(nh)
- end
- h
- end
-
def render_list
@object_list = {
:kind => "arvados##{resource_name}List",
:self_link => "",
:next_page_token => "",
:next_link => "",
- :items => @objects.as_api_response(:superuser)
+ :items => @objects.as_api_response(nil)
}
render json: @object_list
end
order: { type: 'string', required: false }
}
end
+
+ def client_accepts_plain_text_stream
+ (request.headers['Accept'].split(' ') &
+ ['text/plain', '*/*']).count > 0
+ end
end