projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '8784-dir-listings'
[arvados.git]
/
services
/
api
/
app
/
models
/
api_client_authorization.rb
diff --git
a/services/api/app/models/api_client_authorization.rb
b/services/api/app/models/api_client_authorization.rb
index 82dd0ec2b6177847f72460b87b492950b66a605a..10c02cca25a576a113801b07865a75dfa8affa82 100644
(file)
--- a/
services/api/app/models/api_client_authorization.rb
+++ b/
services/api/app/models/api_client_authorization.rb
@@
-1,4
+1,9
@@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
class ApiClientAuthorization < ArvadosModel
class ApiClientAuthorization < ArvadosModel
+ include HasUuid
include KindAndEtag
include CommonApiTemplate
include KindAndEtag
include CommonApiTemplate
@@
-30,23
+35,12
@@
class ApiClientAuthorization < ArvadosModel
self.user.andand.uuid
end
def owner_uuid_was
self.user.andand.uuid
end
def owner_uuid_was
- self.user_id_changed? ? User.
find(self.user_id_was)
.andand.uuid : self.user.andand.uuid
+ self.user_id_changed? ? User.
where(id: self.user_id_was).first
.andand.uuid : self.user.andand.uuid
end
def owner_uuid_changed?
self.user_id_changed?
end
end
def owner_uuid_changed?
self.user_id_changed?
end
- def uuid
- self.api_token
- end
- def uuid=(x) end
- def uuid_was
- self.api_token_was
- end
- def uuid_changed?
- self.api_token_changed?
- end
-
def modified_by_client_uuid
nil
end
def modified_by_client_uuid
nil
end
@@
-71,13
+65,21
@@
class ApiClientAuthorization < ArvadosModel
end
def scopes_allow_request?(request)
end
def scopes_allow_request?(request)
- scopes_allow? [request.request_method, request.path].join(' ')
+ method = request.request_method
+ if method == 'HEAD'
+ (scopes_allow?(['HEAD', request.path].join(' ')) ||
+ scopes_allow?(['GET', request.path].join(' ')))
+ else
+ scopes_allow?([method, request.path].join(' '))
+ end
end
def logged_attributes
end
def logged_attributes
- attrs = attributes.dup
- attrs.delete('api_token')
- attrs
+ super.except 'api_token'
+ end
+
+ def self.default_orders
+ ["#{table_name}.id desc"]
end
protected
end
protected
@@
-88,8
+90,9
@@
class ApiClientAuthorization < ArvadosModel
def permission_to_update
(permission_to_create and
def permission_to_update
(permission_to_create and
- not self.user_id_changed? and
- not self.owner_uuid_changed?)
+ not uuid_changed? and
+ not user_id_changed? and
+ not owner_uuid_changed?)
end
def log_update
end
def log_update