.all
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
- @read_users = @read_auths.map { |auth| auth.user }.uniq
+ @read_users = @read_auths.map(&:user).uniq
end
def require_login
end
def require_auth_scope
- if @read_auths.empty?
+ unless current_user && @read_auths.any? { |auth| auth.user.andand.uuid == current_user.uuid }
if require_login != false
send_error("Forbidden", status: 403)
end
def append_info_to_payload(payload)
super
payload[:request_id] = response.headers['X-Request-Id']
- payload[:client_ipaddr] = request.remote_ip
+ payload[:client_ipaddr] = @remote_ip
payload[:client_auth] = current_api_client_authorization.andand.uuid || nil
end
def set_cors_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
- response.headers['Access-Control-Allow-Headers'] = 'Authorization'
+ response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
response.headers['Access-Control-Max-Age'] = '86486400'
end
}
end
+ def self._update_requires_parameters
+ {}
+ end
+
def self._index_requires_parameters
{
filters: { type: 'array', required: false },
projects / arvados.git / blobdiff