Merge branch 'master' into 3177-collection-choose-files

[arvados.git] / apps / workbench / app / controllers / application_controller.rb

diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 3d82b23ba5b17a65a189d3ee9c577043b94caff9..751b494bf4f03bcf5975b0bde5ba857362867404 100644 (file)
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -118,7 +118,9 @@ class ApplicationController < ActionController::Base
   def load_filters_and_paging_params
     if params[:order].blank?
       @order = 'created_at desc'
-    elsif !params[:order].is_a? Array
+    elsif params[:order].is_a? Array
+      @order = params[:order]
+    else
       begin
         @order = JSON.load(params[:order])
       rescue
@@ -397,12 +399,17 @@ class ApplicationController < ActionController::Base
     false  # For convenience to return from callbacks
   end
 
-  def using_specific_api_token(api_token)
+  def using_specific_api_token(api_token, opts={})
     start_values = {}
     [:arvados_api_token, :user].each do |key|
       start_values[key] = Thread.current[key]
     end
-    load_api_token(api_token)
+    if opts.fetch(:load_user, true)
+      load_api_token(api_token)
+    else
+      Thread.current[:arvados_api_token] = api_token
+      Thread.current[:user] = nil
+    end
     begin
       yield
     ensure
@@ -828,6 +835,12 @@ class ApplicationController < ActionController::Base
     crumbs = []
     current = @name_link || @object
     while current
+      # Halt if a group ownership loop is detected. API should refuse
+      # to produce this state, but it could still arise from a race
+      # condition when group ownership changes between our find()
+      # queries.
+      break if crumbs.collect(&:uuid).include? current.uuid
+
       if current.is_a?(Group) and current.group_class == 'project'
         crumbs.prepend current
       end