X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/57647945b08a74bab02fed6adf947eb9adb8321f..09a3f207ceb2ddcdc7d31d0190eeed94962740d1:/apps/workbench/app/controllers/collections_controller.rb

diff --git a/apps/workbench/app/controllers/collections_controller.rb b/apps/workbench/app/controllers/collections_controller.rb
index dcd47e1414..2c8cf7e443 100644
--- a/apps/workbench/app/controllers/collections_controller.rb
+++ b/apps/workbench/app/controllers/collections_controller.rb
@@ -9,17 +9,17 @@ require "uri"
 class CollectionsController < ApplicationController
   include ActionController::Live
 
-  skip_around_filter :require_thread_api_token, if: proc { |ctrl|
-    Rails.configuration.anonymous_user_token and
+  skip_around_action :require_thread_api_token, if: proc { |ctrl|
+    !Rails.configuration.Users.AnonymousUserToken.empty? and
     'show' == ctrl.action_name
   }
-  skip_around_filter(:require_thread_api_token,
+  skip_around_action(:require_thread_api_token,
                      only: [:show_file, :show_file_links])
-  skip_before_filter(:find_object_by_uuid,
+  skip_before_action(:find_object_by_uuid,
                      only: [:provenance, :show_file, :show_file_links])
   # We depend on show_file to display the user agreement:
-  skip_before_filter :check_user_agreements, only: :show_file
-  skip_before_filter :check_user_profile, only: :show_file
+  skip_before_action :check_user_agreements, only: :show_file
+  skip_before_action :check_user_profile, only: :show_file
 
   RELATION_LIMIT = 5
 
@@ -124,7 +124,8 @@ class CollectionsController < ApplicationController
     # Otherwise, it's impossible to know whether any other request succeeded
     # because of the reader token.
     coll = nil
-    tokens = [(Rails.configuration.anonymous_user_token || nil),
+    tokens = [(if !Rails.configuration.Users.AnonymousUserToken.empty? then
+                Rails.configuration.Users.AnonymousUserToken else nil end),
               params[:reader_token],
               Thread.current[:arvados_api_token]].compact
     usable_token = find_usable_token(tokens) do
@@ -138,7 +139,7 @@ class CollectionsController < ApplicationController
     opts = {}
     if usable_token == params[:reader_token]
       opts[:path_token] = usable_token
-    elsif usable_token == Rails.configuration.anonymous_user_token
+    elsif usable_token == Rails.configuration.Users.AnonymousUserToken
       # Don't pass a token at all
     else
       # We pass the current user's real token only if it's necessary
@@ -234,11 +235,7 @@ class CollectionsController < ApplicationController
 
   def download_link
     token = @search_sharing.first.api_token
-    if Rails.configuration.keep_web_url || Rails.configuration.keep_web_download_url
-      keep_web_url(@object.uuid, nil, {path_token: token})
-    else
-      collections_url + "/download/#{@object.uuid}/#{token}/"
-    end
+    keep_web_url(@object.uuid, nil, {path_token: token})
   end
 
   def share
@@ -269,7 +266,7 @@ class CollectionsController < ApplicationController
   end
 
   def update
-    updated_attr = params[:collection].each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
+    updated_attr = params[:collection].to_unsafe_hash.each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
 
     if updated_attr.size > 0
       # Is it file rename?
@@ -304,30 +301,6 @@ class CollectionsController < ApplicationController
     end
   end
 
-  def tags
-    render
-  end
-
-  def save_tags
-    tags_param = params['tag_data']
-    if tags_param
-      if tags_param.is_a?(String) && tags_param == "empty"
-        tags = {}
-      else
-        tags = tags_param
-      end
-    end
-
-    if tags
-      if @object.update_attributes properties: tags
-        @saved_tags = true
-        render
-      else
-        self.render_error status: 422
-      end
-    end
-  end
-
   protected
 
   def find_usable_token(token_list)