projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Update a few more old domain references.
[arvados.git]
/
services
/
keep-web
/
handler.go
diff --git
a/services/keep-web/handler.go
b/services/keep-web/handler.go
index 6d0b7669e3921a43f40ae6e2da370662d2ddc64a..97ec95e3aac3f96111ab49014635ae742073b4e8 100644
(file)
--- a/
services/keep-web/handler.go
+++ b/
services/keep-web/handler.go
@@
-487,13
+487,14
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
// Check configured permission
_, sess, err := h.Config.Cache.GetSession(arv.ApiToken)
tokenUser, err = h.Config.Cache.GetTokenUser(arv.ApiToken)
// Check configured permission
_, sess, err := h.Config.Cache.GetSession(arv.ApiToken)
tokenUser, err = h.Config.Cache.GetTokenUser(arv.ApiToken)
- if !h.userPermittedToUploadOrDownload(r.Method, tokenUser) {
- http.Error(w, "Not permitted", http.StatusForbidden)
- return
- }
- h.logUploadOrDownload(r, sess.arvadosclient, nil, strings.Join(targetPath, "/"), collection, tokenUser)
if webdavMethod[r.Method] {
if webdavMethod[r.Method] {
+ if !h.userPermittedToUploadOrDownload(r.Method, tokenUser) {
+ http.Error(w, "Not permitted", http.StatusForbidden)
+ return
+ }
+ h.logUploadOrDownload(r, sess.arvadosclient, nil, strings.Join(targetPath, "/"), collection, tokenUser)
+
if writeMethod[r.Method] {
// Save the collection only if/when all
// webdav->filesystem operations succeed --
if writeMethod[r.Method] {
// Save the collection only if/when all
// webdav->filesystem operations succeed --
@@
-548,6
+549,12
@@
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
} else if stat.IsDir() {
h.serveDirectory(w, r, collection.Name, fs, openPath, true)
} else {
} else if stat.IsDir() {
h.serveDirectory(w, r, collection.Name, fs, openPath, true)
} else {
+ if !h.userPermittedToUploadOrDownload(r.Method, tokenUser) {
+ http.Error(w, "Not permitted", http.StatusForbidden)
+ return
+ }
+ h.logUploadOrDownload(r, sess.arvadosclient, nil, strings.Join(targetPath, "/"), collection, tokenUser)
+
http.ServeContent(w, r, basename, stat.ModTime(), f)
if wrote := int64(w.WroteBodyBytes()); wrote != stat.Size() && w.WroteStatus() == http.StatusOK {
// If we wrote fewer bytes than expected, it's
http.ServeContent(w, r, basename, stat.ModTime(), f)
if wrote := int64(w.WroteBodyBytes()); wrote != stat.Size() && w.WroteStatus() == http.StatusOK {
// If we wrote fewer bytes than expected, it's
@@
-857,12
+864,9
@@
func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc
}
func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
}
func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
- if tokenUser == nil {
- return false
- }
var permitDownload bool
var permitUpload bool
var permitDownload bool
var permitUpload bool
- if tokenUser.IsAdmin {
+ if tokenUser
!= nil && tokenUser
.IsAdmin {
permitUpload = h.Config.cluster.Collections.WebDAVPermission.Admin.Upload
permitDownload = h.Config.cluster.Collections.WebDAVPermission.Admin.Download
} else {
permitUpload = h.Config.cluster.Collections.WebDAVPermission.Admin.Upload
permitDownload = h.Config.cluster.Collections.WebDAVPermission.Admin.Download
} else {
@@
-893,9
+897,13
@@
func (h *handler) logUploadOrDownload(
log := ctxlog.FromContext(r.Context())
props := make(map[string]string)
props["reqPath"] = r.URL.Path
log := ctxlog.FromContext(r.Context())
props := make(map[string]string)
props["reqPath"] = r.URL.Path
+ var useruuid string
if user != nil {
log = log.WithField("user_uuid", user.UUID).
WithField("user_full_name", user.FullName)
if user != nil {
log = log.WithField("user_uuid", user.UUID).
WithField("user_full_name", user.FullName)
+ useruuid = user.UUID
+ } else {
+ useruuid = fmt.Sprintf("%s-tpzed-anonymouspublic", h.Config.cluster.ClusterID)
}
if collection == nil && fs != nil {
collection, filepath = h.determineCollection(fs, filepath)
}
if collection == nil && fs != nil {
collection, filepath = h.determineCollection(fs, filepath)
@@
-911,7
+919,7
@@
func (h *handler) logUploadOrDownload(
if h.Config.cluster.Collections.WebDAVLogEvents {
go func() {
lr := arvadosclient.Dict{"log": arvadosclient.Dict{
if h.Config.cluster.Collections.WebDAVLogEvents {
go func() {
lr := arvadosclient.Dict{"log": arvadosclient.Dict{
- "object_uuid": user
.UUID
,
+ "object_uuid": user
uuid
,
"event_type": "file_upload",
"properties": props}}
err := client.Create("logs", lr, nil)
"event_type": "file_upload",
"properties": props}}
err := client.Create("logs", lr, nil)
@@
-929,7
+937,7
@@
func (h *handler) logUploadOrDownload(
if h.Config.cluster.Collections.WebDAVLogEvents {
go func() {
lr := arvadosclient.Dict{"log": arvadosclient.Dict{
if h.Config.cluster.Collections.WebDAVLogEvents {
go func() {
lr := arvadosclient.Dict{"log": arvadosclient.Dict{
- "object_uuid": user
.UUID
,
+ "object_uuid": user
uuid
,
"event_type": "file_download",
"properties": props}}
err := client.Create("logs", lr, nil)
"event_type": "file_download",
"properties": props}}
err := client.Create("logs", lr, nil)