projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
10172: Tests and related fixes for auth_uuid setting output on container.
[arvados.git] / services / api / app / models / container.rb
diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb
index 6b5bc4f5dbcdc9ec57755353dc6e88718c4c26a7..a3057d643c020649ca31d6a2839abc75c80bf407 100644 (file)
--- a/services/api/app/models/container.rb
+++ b/services/api/app/models/container.rb
@@ -187,7 +187,23 @@ class Container < ArvadosModel
   end
 
   def permission_to_update
-    current_user.andand.is_admin
+    # Override base permission check to allow auth_uuid to set progress and
+    # output (only).  Whether it is legal to set progress and output in the current
+    # state has already been checked in validate_change.
+    current_user.andand.is_admin ||
+      (!Thread.current[:api_client_authorization].nil? and
+       [self.auth_uuid, self.locked_by_uuid].include? Thread.current[:api_client_authorization].uuid)
+  end
+
+  def ensure_owner_uuid_is_permitted
+    # Override base permission check to allow auth_uuid to set progress and
+    # output (only).  Whether it is legal to set progress and output in the current
+    # state has already been checked in validate_change.
+    if !Thread.current[:api_client_authorization].nil? and self.auth_uuid == Thread.current[:api_client_authorization].uuid
+      check_update_whitelist [:progress, :output]
+    else
+      super
+    end
   end
 
   def set_timestamps
@@ -241,20 +257,10 @@ class Container < ArvadosModel
   end
 
   def validate_lock
-    if locked_by_uuid_was
-      if not [locked_by_uuid_was, auth_uuid].include? Thread.current[:api_client_authorization].uuid
-        # The container is locked, but is being accessed by an API token that
-        # isn't associated with the container.  Only the priority field may be
-        # updated, needed when updating to max(priority) of relevant
-        # ContainerRequests.
-        check_update_whitelist [:priority]
-      end
-    end
-
     if [Locked, Running].include? self.state
       # If the Container was already locked, locked_by_uuid must not
       # changes. Otherwise, the current auth gets the lock.
-      need_lock = locked_by_uuid_was || Thread.current[:api_client_authorization].uuid
+      need_lock = locked_by_uuid_was || Thread.current[:api_client_authorization].andand.uuid
     else
       need_lock = nil
     end
@@ -280,7 +286,7 @@ class Container < ArvadosModel
           where(portable_data_hash: self.output).
           first
       if !c
-        return errors.add :output, "collection must exist and be readable by current user."
+        errors.add :output, "collection must exist and be readable by current user."
       end
     end
   end
@@ -322,17 +328,6 @@ class Container < ArvadosModel
     end
   end
 
-  def ensure_owner_uuid_is_permitted
-    # Override base permission check to allow auth_uuid to set progress and
-    # output (only).  Whether it is legal to set progress and output in the current
-    # state has already been checked in validate_change.
-    if self.auth_uuid == Thread.current[:api_client_authorization].uuid
-      check_update_whitelist [:progress, :output]
-    else
-      super
-    end
-  end
-
   def handle_completed
     # This container is finished so finalize any associated container requests
     # that are associated with this container.