projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '12684-pysdk-auto-retry'
[arvados.git]
/
services
/
api
/
app
/
models
/
group.rb
diff --git
a/services/api/app/models/group.rb
b/services/api/app/models/group.rb
index b1b2e942c60c4bc79c13dbe731ad9bc1112684d2..aa3a19bf87004f950e7e5f390650ce9ac964619f 100644
(file)
--- a/
services/api/app/models/group.rb
+++ b/
services/api/app/models/group.rb
@@
-44,6
+44,18
@@
class Group < ArvadosModel
t.add :is_trashed
t.add :properties
t.add :frozen_by_uuid
t.add :is_trashed
t.add :properties
t.add :frozen_by_uuid
+ t.add :can_write
+ t.add :can_manage
+ end
+
+ protected
+
+ def self.attributes_required_columns
+ super.merge(
+ 'can_write' => ['owner_uuid', 'uuid'],
+ 'can_manage' => ['owner_uuid', 'uuid'],
+ 'writable_by' => ['owner_uuid', 'uuid'],
+ )
end
def ensure_filesystem_compatible_name
end
def ensure_filesystem_compatible_name
@@
-239,7
+251,7
@@
class Group < ArvadosModel
if self.owner_uuid != system_user_uuid
raise "Owner uuid for role must be system user"
end
if self.owner_uuid != system_user_uuid
raise "Owner uuid for role must be system user"
end
- raise PermissionDeniedError unless current_user.can?(manage: uuid)
+ raise PermissionDeniedError
.new("role group cannot be modified without can_manage permission")
unless current_user.can?(manage: uuid)
true
else
super
true
else
super
@@
-257,6
+269,18
@@
class Group < ArvadosModel
end
end
end
end
+ def permission_to_create
+ if !super
+ return false
+ elsif group_class == "role" &&
+ !Rails.configuration.Users.CanCreateRoleGroups &&
+ !current_user.andand.is_admin
+ raise PermissionDeniedError.new("this cluster does not allow users to create role groups")
+ else
+ return true
+ end
+ end
+
def permission_to_update
if !super
return false
def permission_to_update
if !super
return false