20300: Bypass query cache when re-fetching record for race check.

[arvados.git] / services / api / app / models / authorized_key.rb

diff --git a/services/api/app/models/authorized_key.rb b/services/api/app/models/authorized_key.rb
index afb33e60f8121229c15d003129a3d4492f250055..cf4a1d55de796fd57417b8994d4c77214f8b12d8 100644 (file)
--- a/services/api/app/models/authorized_key.rb
+++ b/services/api/app/models/authorized_key.rb
@@ -1,11 +1,22 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class AuthorizedKey < ArvadosModel
-  include AssignUuid
+  include HasUuid
   include KindAndEtag
   include CommonApiTemplate
   before_create :permission_to_set_authorized_user_uuid
   before_update :permission_to_set_authorized_user_uuid
 
-  belongs_to :authorized_user, :foreign_key => :authorized_user_uuid, :class_name => 'User', :primary_key => :uuid
+  belongs_to :authorized_user, {
+               foreign_key: 'authorized_user_uuid',
+               class_name: 'User',
+               primary_key: 'uuid',
+               optional: true,
+             }
+
+  validate :public_key_must_be_unique
 
   api_accessible :user, extend: :common do |t|
     t.add :name
@@ -28,4 +39,16 @@ class AuthorizedKey < ArvadosModel
     # Default = deny.
     false
   end
+
+  def public_key_must_be_unique
+    if self.public_key
+      # Valid if no other rows have this public key
+      if self.class.where('uuid != ? and public_key like ?',
+                          uuid || '', "%#{self.public_key}%").any?
+        errors.add(:public_key, "already exists in the database, use a different key.")
+        return false
+      end
+    end
+    return true
+  end
 end