X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/47e59a35d5ed9b2cdb052894d741972324058505..b43cf1d3398b7004ada50e053ae235b814c9aa70:/services/api/app/models/api_client_authorization.rb diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 3af206c450..8ea9f7bd88 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -92,7 +92,7 @@ class ApiClientAuthorization < ArvadosModel uuid_prefix+".arvadosapi.com") end - def self.validate(token:, remote:) + def self.validate(token:, remote: nil) return nil if !token remote ||= Rails.configuration.uuid_prefix @@ -161,7 +161,8 @@ class ApiClientAuthorization < ArvadosModel end end - if Rails.configuration.new_users_are_active + if Rails.configuration.new_users_are_active || + Rails.configuration.auto_activate_users_from.include?(remote_user['uuid'][0..4]) # Update is_active to whatever it is at the remote end user.is_active = remote_user['is_active'] elsif !remote_user['is_active'] @@ -185,7 +186,10 @@ class ApiClientAuthorization < ArvadosModel # 5 minutes. TODO: Request the actual api_client_auth # record from the remote server in case it wants the token # to expire sooner. - auth.update_attributes!(expires_at: Time.now + 5.minutes) + auth.update_attributes!(user: user, + api_token: secret, + api_client_id: 0, + expires_at: Time.now + 5.minutes) end return auth else @@ -207,10 +211,8 @@ class ApiClientAuthorization < ArvadosModel end def permission_to_update - (permission_to_create and - not uuid_changed? and - not user_id_changed? and - not owner_uuid_changed?) + permission_to_create && !uuid_changed? && + (current_user.andand.is_admin || !user_id_changed?) end def log_update