add jobs#log_tail_follow

[arvados.git] / services / api / app / controllers / application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index cba949bdedc44c789ef22eaf0105869cf816d6b6..0335bed9fb774a6414dfb43c6a976525477b193f 100644 (file)
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -59,7 +59,7 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  unless Rails.application.config.consider_all_requests_local
+  begin
     rescue_from Exception,
     :with => :render_error
     rescue_from ActiveRecord::RecordNotFound,
@@ -70,6 +70,8 @@ class ApplicationController < ActionController::Base
     :with => :render_not_found
     rescue_from ActionController::UnknownAction,
     :with => :render_not_found
+    rescue_from ArvadosModel::PermissionDeniedError,
+    :with => :render_error
   end
 
   def render_error(e)
@@ -91,8 +93,17 @@ class ApplicationController < ActionController::Base
   protected
 
   def load_where_param
-    @where = params[:where] || {}
-    @where = Oj.load(@where) if @where.is_a?(String)
+    if params[:where].nil? or params[:where] == ""
+      @where = {}
+    elsif params[:where].is_a? Hash
+      @where = params[:where]
+    elsif params[:where].is_a? String
+      begin
+        @where = Oj.load(params[:where])
+      rescue
+        raise ArgumentError.new("Could not parse \"where\" param as an object")
+      end
+    end
   end
 
   def find_objects_for_index
@@ -198,12 +209,12 @@ class ApplicationController < ActionController::Base
   def login_required
     if !current_user
       respond_to do |format|
+        format.json {
+          render :json => { errors: ['Not logged in'] }.to_json, status: 401
+        }
         format.html  {
           redirect_to '/auth/joshid'
         }
-        format.json {
-          render :json => { errors: ['Not logged in'] }.to_json
-        }
       end
     end
   end
@@ -226,11 +237,11 @@ class ApplicationController < ActionController::Base
       if supplied_token
         api_client_auth = ApiClientAuthorization.
           includes(:api_client, :user).
-          where('api_token=?', supplied_token).
+          where('api_token=? and (expires_at is null or expires_at > now())', supplied_token).
           first
         if api_client_auth
           session[:user_id] = api_client_auth.user.id
-          session[:api_client_uuid] = api_client_auth.api_client.uuid
+          session[:api_client_uuid] = api_client_auth.api_client.andand.uuid
           session[:api_client_authorization_id] = api_client_auth.id
           user = api_client_auth.user
           api_client = api_client_auth.api_client
@@ -245,15 +256,18 @@ class ApplicationController < ActionController::Base
             find session[:api_client_authorization_id]
         end
       end
-      Thread.current[:api_client_trusted] = session[:api_client_trusted]
       Thread.current[:api_client_ip_address] = remote_ip
       Thread.current[:api_client_authorization] = api_client_auth
-      Thread.current[:api_client_uuid] = api_client && api_client.uuid
+      Thread.current[:api_client_uuid] = api_client.andand.uuid
       Thread.current[:api_client] = api_client
       Thread.current[:user] = user
+      if api_client_auth
+        api_client_auth.last_used_at = Time.now
+        api_client_auth.last_used_by_ip_address = remote_ip
+        api_client_auth.save validate: false
+      end
       yield
     ensure
-      Thread.current[:api_client_trusted] = nil
       Thread.current[:api_client_ip_address] = nil
       Thread.current[:api_client_authorization] = nil
       Thread.current[:api_client_uuid] = nil