def self._setup_requires_parameters
{
- send_notification_email: { type: 'boolean', required: true },
+ user: {
+ type: 'object', required: false
+ },
+ openid_prefix: {
+ type: 'string', required: false
+ },
+ repo_name: {
+ type: 'string', required: false
+ },
+ vm_uuid: {
+ type: 'string', required: false
+ },
+ send_notification_email: {
+ type: 'boolean', required: false, default: false
+ },
}
end
+ def find_objects_for_index
+ if (action_name == "index") and (not @read_users.any? { |u| u.is_admin })
+ # Non-admin index returns very basic information about all active users.
+ # We ignore where and filters params to avoid leaking information.
+ @where = {}
+ @filters = []
+ @select = ["uuid", "is_active", "email", "first_name", "last_name"]
+ @objects = model_class.where(is_active: true)
+ end
+ super
+ end
end
projects / arvados.git / blobdiff