before_filter :admin_required, only: [:setup, :unsetup]
def current
- @object = current_user
- show
+ if current_user
+ @object = current_user
+ show
+ else
+ send_error("Not logged in", status: 401)
+ end
end
+
def system
@object = system_user
show
end
end
+ # It's not always possible for the client to know the user's
+ # username when submitting this request: the username might have
+ # been assigned automatically in create!() above. If client
+ # provided a plain repository name, prefix it with the username
+ # now that we know what it is.
+ if params[:repo_name].nil?
+ full_repo_name = nil
+ elsif @object.username.nil?
+ raise ArgumentError.
+ new("cannot setup a repository because user has no username")
+ elsif object_found and
+ params[:repo_name].start_with?("#{@object.username}/")
+ full_repo_name = params[:repo_name]
+ else
+ full_repo_name = "#{@object.username}/#{params[:repo_name]}"
+ end
+
if object_found
- @response = @object.setup_repo_vm_links params[:repo_name],
+ @response = @object.setup_repo_vm_links full_repo_name,
params[:vm_uuid], params[:openid_prefix]
else
@response = User.setup @object, params[:openid_prefix],
- params[:repo_name], params[:vm_uuid]
+ full_repo_name, params[:vm_uuid]
end
# setup succeeded. send email to user
if params[:send_notification_email] == true || params[:send_notification_email] == 'true'
- UserNotifier.account_is_setup(@object).deliver
+ UserNotifier.account_is_setup(@object).deliver_now
end
- render json: { kind: "arvados#HashList", items: @response.as_api_response(nil) }
+ send_json kind: "arvados#HashList", items: @response.as_api_response(nil)
end
# delete user agreements, vm, repository, login links; set state to inactive
show
end
- # update profile for the user
- def profile
- reload_object_before_update
-
- # update profile
- @object.profile params
-
- # profile update succeeded. send email if requested by the client
- profile_notification_address = params[:send_profile_notification_email]
- if profile_notification_address
- ProfileNotifier.profile_created(@object, profile_notification_address).deliver
- end
-
- show
- end
-
protected
def self._setup_requires_parameters
{
- send_notification_email: { type: 'boolean', required: true },
+ user: {
+ type: 'object', required: false
+ },
+ openid_prefix: {
+ type: 'string', required: false
+ },
+ repo_name: {
+ type: 'string', required: false
+ },
+ vm_uuid: {
+ type: 'string', required: false
+ },
+ send_notification_email: {
+ type: 'boolean', required: false, default: false
+ },
}
end
- def find_objects_for_index
- if (action_name == "index") and (not @read_users.any? { |u| u.is_admin })
- # Non-admin index returns very basic information about all active users.
- # We ignore where and filters params to avoid leaking information.
- @where = {}
- @filters = []
- @select = ["uuid", "is_active", "email", "first_name", "last_name"]
- @objects = model_class.where(is_active: true)
+ def apply_filters(model_class=nil)
+ return super if @read_users.any?(&:is_admin)
+ if params[:uuid] != current_user.andand.uuid
+ # Non-admin index/show returns very basic information about readable users.
+ safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name"]
+ if @select
+ @select = @select & safe_attrs
+ else
+ @select = safe_attrs
+ end
+ @filters += [['is_active', '=', true]]
end
super
end