projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' into 2756-eventbus-in-workbench
[arvados.git]
/
services
/
api
/
app
/
models
/
user.rb
diff --git
a/services/api/app/models/user.rb
b/services/api/app/models/user.rb
index 50dc668448a9eee7a81a0924cd1c0b27b7b8b18b..8743b92b25e78c46fa8a99a41e2a3a27cdbf0e07 100644
(file)
--- a/
services/api/app/models/user.rb
+++ b/
services/api/app/models/user.rb
@@
-1,7
+1,11
@@
+require 'can_be_an_owner'
+
class User < ArvadosModel
class User < ArvadosModel
- include
Assign
Uuid
+ include
Has
Uuid
include KindAndEtag
include CommonApiTemplate
include KindAndEtag
include CommonApiTemplate
+ include CanBeAnOwner
+
serialize :prefs, Hash
has_many :api_client_authorizations
before_update :prevent_privilege_escalation
serialize :prefs, Hash
has_many :api_client_authorizations
before_update :prevent_privilege_escalation
@@
-27,7
+31,7
@@
class User < ArvadosModel
ALL_PERMISSIONS = {read: true, write: true, manage: true}
def full_name
ALL_PERMISSIONS = {read: true, write: true, manage: true}
def full_name
- "#{first_name} #{last_name}"
+ "#{first_name} #{last_name}"
.strip
end
def is_invited
end
def is_invited
@@
-177,6
+181,10
@@
class User < ArvadosModel
protected
protected
+ def ensure_ownership_path_leads_to_user
+ true
+ end
+
def permission_to_update
# users must be able to update themselves (even if they are
# inactive) in order to create sessions
def permission_to_update
# users must be able to update themselves (even if they are
# inactive) in order to create sessions
@@
-245,12
+253,12
@@
class User < ArvadosModel
end
def create_oid_login_perm (openid_prefix)
end
def create_oid_login_perm (openid_prefix)
- login_perm_props = {
identity_url_prefix:
openid_prefix}
+ login_perm_props = {
"identity_url_prefix" =>
openid_prefix}
# Check oid_login_perm
oid_login_perms = Link.where(tail_uuid: self.email,
link_class: 'permission',
# Check oid_login_perm
oid_login_perms = Link.where(tail_uuid: self.email,
link_class: 'permission',
- name: 'can_login').where("head_uuid
like ?", User.uuid_like_pattern
)
+ name: 'can_login').where("head_uuid
= ?", self.uuid
)
if !oid_login_perms.any?
# create openid login permission
if !oid_login_perms.any?
# create openid login permission