projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
2755: Verify permission signatures on create.
[arvados.git]
/
services
/
api
/
app
/
controllers
/
arvados
/
v1
/
repositories_controller.rb
diff --git
a/services/api/app/controllers/arvados/v1/repositories_controller.rb
b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 6ba98c8e0914e46e45a65fd04e40ad050cdd67a3..8b45c56bcbfe576eb921ae8e31c8613388793903 100644
(file)
--- a/
services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/
services/api/app/controllers/arvados/v1/repositories_controller.rb
@@
-1,4
+1,6
@@
class Arvados::V1::RepositoriesController < ApplicationController
class Arvados::V1::RepositoriesController < ApplicationController
+ skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
+ skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
before_filter :admin_required, :only => :get_all_permissions
def get_all_permissions
@users = {}
before_filter :admin_required, :only => :get_all_permissions
def get_all_permissions
@users = {}
@@
-12,7
+14,7
@@
class Arvados::V1::RepositoriesController < ApplicationController
gitolite_permissions = ''
perms = []
repo.permissions.each do |perm|
gitolite_permissions = ''
perms = []
repo.permissions.each do |perm|
- if
perm.tail_kind == 'arvados#group'
+ if
ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
@users.each do |user_uuid, user|
user.group_permissions.each do |group_uuid, perm_mask|
if perm_mask[:write]
@users.each do |user_uuid, user|
user.group_permissions.each do |group_uuid, perm_mask|
if perm_mask[:write]
@@
-26,6
+28,12
@@
class Arvados::V1::RepositoriesController < ApplicationController
perms << {name: perm.name, user_uuid: perm.tail_uuid}
end
end
perms << {name: perm.name, user_uuid: perm.tail_uuid}
end
end
+ # Owner of the repository, and all admins, can RW
+ ([repo.owner_uuid] + @users.keys).each do |user_uuid|
+ %w(can_read can_write).each do |name|
+ perms << {name: name, user_uuid: user_uuid}
+ end
+ end
perms.each do |perm|
user_uuid = perm[:user_uuid]
@user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
perms.each do |perm|
user_uuid = perm[:user_uuid]
@user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.