X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1f307eb32c5b01b7fc60c501a5d0b033a8fe7e01..a028b4c3222b379352a538b7b9f921876e31361c:/services/api/lib/current_api_client.rb?ds=sidebyside

diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index f7476a9bed..3f595af8b5 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -12,10 +12,10 @@ module CurrentApiClient
   end
 
   def current_default_owner
-    # owner uuid for newly created objects
+    # owner_uuid for newly created objects
     ((current_api_client_authorization &&
-      current_api_client_authorization.default_owner) ||
-     (current_user && current_user.default_owner) ||
+      current_api_client_authorization.default_owner_uuid) ||
+     (current_user && current_user.default_owner_uuid) ||
      (current_user && current_user.uuid) ||
      nil)
   end
@@ -25,6 +25,16 @@ module CurrentApiClient
     Thread.current[:api_client_ip_address]
   end
 
+  # Does the current API client authorization include any of ok_scopes?
+  def current_api_client_auth_has_scope(ok_scopes)
+    auth_scopes = current_api_client_authorization.andand.scopes || []
+    unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
+      logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
+      return false
+    end
+    true
+  end
+
   def system_user_uuid
     [Server::Application.config.uuid_prefix,
      User.uuid_prefix,