projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '4334-idle-star-is-down' closes #4334
[arvados.git]
/
apps
/
workbench
/
app
/
controllers
/
collections_controller.rb
diff --git
a/apps/workbench/app/controllers/collections_controller.rb
b/apps/workbench/app/controllers/collections_controller.rb
index 4e0008d93cf63887926c7d3ef7907d4f1f377bd3..5ddf93c2d35292555d538105c771e0ae1579b551 100644
(file)
--- a/
apps/workbench/app/controllers/collections_controller.rb
+++ b/
apps/workbench/app/controllers/collections_controller.rb
@@
-1,3
+1,5
@@
+require "arvados/keep"
+
class CollectionsController < ApplicationController
include ActionController::Live
class CollectionsController < ApplicationController
include ActionController::Live
@@
-145,9
+147,11
@@
class CollectionsController < ApplicationController
usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
+
+ file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
if usable_token.nil?
return # Response already rendered.
if usable_token.nil?
return # Response already rendered.
- elsif
params[:file].nil? or not coll.manifest.has_file?(params[:file]
)
+ elsif
file_name.nil? or not coll.manifest.has_file?(file_name
)
return render_not_found
end
return render_not_found
end
@@
-296,7
+300,9
@@
class CollectionsController < ApplicationController
most_specific_error = [401]
token_list.each do |api_token|
begin
most_specific_error = [401]
token_list.each do |api_token|
begin
- using_specific_api_token(api_token) do
+ # We can't load the corresponding user, because the token may not
+ # be scoped for that.
+ using_specific_api_token(api_token, load_user: false) do
yield
return api_token
end
yield
return api_token
end