Merge branch 'master' into 14874-protected-collection-properties

[arvados.git] / services / api / app / controllers / application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 77e3c75af28ad37531cd7ea3eb186fb149a3c679..e07a5aca79b5a310d320c6901df9c5a82326465a 100644 (file)
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -42,9 +42,9 @@ class ApplicationController < ActionController::Base
   before_action :require_auth_scope, except: ERROR_ACTIONS
 
   before_action :catch_redirect_hint
+  before_action :load_required_parameters
   before_action(:find_object_by_uuid,
                 except: [:index, :create] + ERROR_ACTIONS)
-  before_action :load_required_parameters
   before_action :load_limit_offset_order_params, only: [:index, :contents]
   before_action :load_where_param, only: [:index, :contents]
   before_action :load_filters_param, only: [:index, :contents]
@@ -165,6 +165,17 @@ class ApplicationController < ActionController::Base
 
   protected
 
+  def bool_param(pname)
+    if params.include?(pname)
+      if params[pname].is_a?(Boolean)
+        return params[pname]
+      else
+        logger.warn "Warning: received non-boolean parameter '#{pname}' on #{self.class.inspect}."
+      end
+    end
+    false
+  end
+
   def send_error(*args)
     if args.last.is_a? Hash
       err = args.pop
@@ -189,8 +200,8 @@ class ApplicationController < ActionController::Base
 
   def find_objects_for_index
     @objects ||= model_class.readable_by(*@read_users, {
-      :include_trash => (params[:include_trash] || 'untrash' == action_name),
-      :include_old_versions => params[:include_old_versions]
+      :include_trash => (bool_param(:include_trash) || 'untrash' == action_name),
+      :include_old_versions => bool_param(:include_old_versions)
     })
     apply_where_limit_order_params
   end
@@ -237,7 +248,7 @@ class ApplicationController < ActionController::Base
               conditions[0] << " and #{ar_table_name}.#{attr} in (?)"
               conditions << value
             end
-          elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false
+          elsif value.is_a? String or value.is_a? Integer or value == true or value == false
             conditions[0] << " and #{ar_table_name}.#{attr}=?"
             conditions << value
           elsif value.is_a? Hash
@@ -468,11 +479,21 @@ class ApplicationController < ActionController::Base
   end
 
   def load_json_value(hash, key, must_be_class=nil)
-    if hash[key].is_a? String
-      hash[key] = SafeJSON.load(hash[key])
-      if must_be_class and !hash[key].is_a? must_be_class
-        raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
-      end
+    return if hash[key].nil?
+
+    val = hash[key]
+    if val.is_a? ActionController::Parameters
+      val = val.to_unsafe_hash
+    elsif val.is_a? String
+      val = SafeJSON.load(val)
+      hash[key] = val
+    end
+    # When assigning a Hash to an ActionController::Parameters and then
+    # retrieve it, we get another ActionController::Parameters instead of
+    # a Hash. This doesn't happen with other types. This is why 'val' is
+    # being used to do type checking below.
+    if must_be_class and !val.is_a? must_be_class
+      raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
     end
   end
 
@@ -482,7 +503,7 @@ class ApplicationController < ActionController::Base
   accept_attribute_as_json :properties, Hash
   accept_attribute_as_json :info, Hash
   def accept_attribute_as_json(attr, must_be_class)
-    if params[resource_name] and resource_attrs.is_a? Hash
+    if params[resource_name] and [Hash, ActionController::Parameters].include?(resource_attrs.class)
       if resource_attrs[attr].is_a? Hash
         # Convert symbol keys to strings (in hashes provided by
         # resource_attrs)