class Arvados::V1::KeepDisksController < ApplicationController
- skip_before_filter :require_auth_scope_all, :only => :ping
+ skip_before_filter :require_auth_scope, :only => :ping
def self._ping_requires_parameters
{
service_ssl_flag: true
}
end
- def ping
- if !@object
- if params[:filesystem_uuid].andand.length.andand > 0 and
- current_user.andand.is_admin
- @object = KeepDisk.
- find_or_initialize_by_filesystem_uuid params[:filesystem_uuid]
- if not @object.new_record?
- raise "ping from keep_disk with existing filesystem_uuid #{params[:filesystem_uuid]} but wrong uuid #{params[:uuid]}"
- end
- @object.save!
- # In the first ping from this new filesystem_uuid, we can't
- # expect the keep node to know the ping_secret so we made sure
- # we got an admin token. Here we add ping_secret to params so
- # KeepNode.ping() understands this update is properly
- # authenticated.
- params[:ping_secret] = @object.ping_secret
- else
+ def ping
+ params[:service_host] ||= request.env['REMOTE_ADDR']
+ act_as_system_user do
+ if not @object.ping params
return render_not_found "object not found"
end
+ # Render the :superuser view (i.e., include the ping_secret) even
+ # if !current_user.is_admin. This is safe because @object.ping's
+ # success implies the ping_secret was already known by the client.
+ render json: @object.as_api_response(:superuser)
end
-
- params[:service_host] ||= request.env['REMOTE_ADDR']
- if not @object.ping params
- return render_not_found "object not found"
- end
- render json: @object.as_api_response(:superuser)
end
def find_objects_for_index
- if current_user.andand.is_admin || !current_user.andand.is_active
- super
- else
- # active non-admin users can list all keep disks
- @objects = model_class.all
+ # all users can list all keep disks
+ @objects = model_class.where('1=1')
+ super
+ end
+
+ def find_object_by_uuid
+ @object = KeepDisk.where(uuid: (params[:id] || params[:uuid])).first
+ if !@object && current_user.andand.is_admin
+ # Create a new KeepDisk and ping it.
+ @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
+ @object.save!
+
+ # In the first ping from this new filesystem_uuid, we can't
+ # expect the keep node to know the ping_secret so we made sure
+ # we got an admin token. Here we add ping_secret to params so
+ # KeepNode.ping() understands this update is properly
+ # authenticated.
+ params[:ping_secret] = @object.ping_secret
end
end
end