projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added integration tests for create new user, setup and unsetup existing user. The...
[arvados.git] / services / api / lib / current_api_client.rb
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 884c4f0c26351a191e8786d4d0f5c6bed7e34a65..0ea871e3da6314d8f81217232009dceffbe2cf2e 100644 (file)
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -11,6 +11,10 @@ module CurrentApiClient
     Thread.current[:api_client_authorization]
   end
 
+  def current_api_base
+    Thread.current[:api_url_base]
+  end
+
   def current_default_owner
     # owner_uuid for newly created objects
     ((current_api_client_authorization &&
@@ -25,6 +29,16 @@ module CurrentApiClient
     Thread.current[:api_client_ip_address]
   end
 
+  # Does the current API client authorization include any of ok_scopes?
+  def current_api_client_auth_has_scope(ok_scopes)
+    auth_scopes = current_api_client_authorization.andand.scopes || []
+    unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
+      logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
+      return false
+    end
+    true
+  end
+
   def system_user_uuid
     [Server::Application.config.uuid_prefix,
      User.uuid_prefix,
@@ -52,6 +66,14 @@ module CurrentApiClient
   end
 
   def act_as_system_user
-    Thread.current[:user] = system_user
+    if block_given?
+      user_was = Thread.current[:user]
+      Thread.current[:user] = system_user
+      ret = yield
+      Thread.current[:user] = user_was
+      ret
+    else
+      Thread.current[:user] = system_user
+    end
   end
 end