15306: Fixes the bug.

[arvados.git] / services / api / app / controllers / arvados / v1 / user_agreements_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
index ac74f3d8d2fc98c4109324751444de9896b33e77..748eb06f0a0128e86fedf4d04460d29598e56e6c 100644 (file)
--- a/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
+++ b/services/api/app/controllers/arvados/v1/user_agreements_controller.rb
@@ -1,21 +1,36 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class Arvados::V1::UserAgreementsController < ApplicationController
-  before_filter :admin_required, except: [:index, :sign, :signatures]
+  before_action :admin_required, except: [:index, :sign, :signatures]
+  skip_before_action :find_object_by_uuid, only: [:sign, :signatures]
+  skip_before_action :render_404_if_no_object, only: [:sign, :signatures]
 
   def model_class
     Link
   end
 
+  def table_name
+    'links'
+  end
+
   def index
-    current_user_uuid = current_user.uuid
-    act_as_system_user do
-      uuids = Link.where(owner_uuid: system_user_uuid,
-                         link_class: 'signature',
-                         name: 'require',
-                         tail_kind: 'arvados#user',
-                         tail_uuid: system_user_uuid,
-                         head_kind: 'arvados#collection').
-        collect &:head_uuid
-      @objects = Collection.where('uuid in (?)', uuids)
+    if not current_user.is_invited
+      # New users cannot see user agreements until/unless invited to
+      # use this installation.
+      @objects = []
+    else
+      act_as_system_user do
+        uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
+                           system_user_uuid,
+                           'signature',
+                           'require',
+                           system_user_uuid,
+                           Collection.uuid_like_pattern).
+          collect(&:head_uuid)
+        @objects = Collection.where('uuid in (?)', uuids)
+      end
     end
     @response_resource_name = 'collection'
     super
@@ -25,12 +40,12 @@ class Arvados::V1::UserAgreementsController < ApplicationController
     current_user_uuid = (current_user.andand.is_admin && params[:uuid]) ||
       current_user.uuid
     act_as_system_user do
-      @objects = Link.where(owner_uuid: system_user_uuid,
-                            link_class: 'signature',
-                            name: 'click',
-                            tail_kind: 'arvados#user',
-                            tail_uuid: current_user_uuid,
-                            head_kind: 'arvados#collection')
+      @objects = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
+                            system_user_uuid,
+                            'signature',
+                            'click',
+                            current_user_uuid,
+                            Collection.uuid_like_pattern)
     end
     @response_resource_name = 'link'
     render_list
@@ -41,10 +56,8 @@ class Arvados::V1::UserAgreementsController < ApplicationController
     act_as_system_user do
       @object = Link.create(link_class: 'signature',
                             name: 'click',
-                            tail_kind: 'arvados#user',
                             tail_uuid: current_user_uuid,
-                            head_kind: 'arvados#collection',
-                            head_uuid: params[:id])
+                            head_uuid: params[:uuid])
     end
     show
   end