X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/591a25ea2d44801fbef2ec678a366807537a8411..4554374c672ee56608c9ddbd6a48486fe20c90d1:/services/api/app/models/user.rb

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 08476be57c..50ecc6b65d 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -284,7 +284,8 @@ class User < ArvadosModel
   # responsible for checking permission to do this.
   def merge(new_owner_uuid:, new_user_uuid:, redirect_to_new_user:)
     raise PermissionDeniedError if !current_user.andand.is_admin
-    raise "not implemented" if !new_user_uuid
+    raise "Missing new_owner_uuid" if !new_owner_uuid
+    raise "Missing new_user_uuid" if !new_user_uuid
     transaction(requires_new: true) do
       reload
       raise "cannot merge an already merged user" if self.redirect_to_user_uuid
@@ -293,7 +294,17 @@ class User < ArvadosModel
       raise "user does not exist" if !new_user
       raise "cannot merge to an already merged user" if new_user.redirect_to_user_uuid
 
-      if redirect_to_new_user
+      # If 'self' is a remote user, don't transfer authorizations
+      # (i.e. ability to access the account) to the new user, because
+      # that gives the remote site the ability to access the 'new'
+      # user account that takes over the 'self' account.
+      #
+      # If 'self' is a local user, it is okay to transfer
+      # authorizations, even if the 'new' user is a remote account,
+      # because the remote site does not gain the ability to access an
+      # account it could not before.
+
+      if redirect_to_new_user and self.uuid[0..4] == Rails.configuration.ClusterID
         # Existing API tokens and ssh keys are updated to authenticate
         # to the new user.
         ApiClientAuthorization.
@@ -327,17 +338,19 @@ class User < ArvadosModel
       end
 
       # Need to update repository names to new username
-      old_repo_name_re = /^#{Regexp.escape(username)}\//
-      Repository.where(:owner_uuid => uuid).each do |repo|
-        repo.owner_uuid = new_user.uuid
-        repo_name_sub = "#{new_user.username}/"
-        name = repo.name.sub(old_repo_name_re, repo_name_sub)
-        while (conflict = Repository.where(:name => name).first) != nil
-          repo_name_sub += "migrated"
+      if username
+        old_repo_name_re = /^#{Regexp.escape(username)}\//
+        Repository.where(:owner_uuid => uuid).each do |repo|
+          repo.owner_uuid = new_user.uuid
+          repo_name_sub = "#{new_user.username}/"
           name = repo.name.sub(old_repo_name_re, repo_name_sub)
+          while (conflict = Repository.where(:name => name).first) != nil
+            repo_name_sub += "migrated"
+            name = repo.name.sub(old_repo_name_re, repo_name_sub)
+          end
+          repo.name = name
+          repo.save!
         end
-        repo.name = name
-        repo.save!
       end
 
       # References to the merged user's "home project" are updated to
@@ -413,7 +426,7 @@ class User < ArvadosModel
         if !primary_user
           primary_user = user.redirects_to
         elsif primary_user.uuid != user.redirects_to.uuid
-          raise "Ambigious email address, directs to both #{primary_user.uuid} and #{user.redirects_to.uuid}"
+          raise "Ambiguous email address, directs to both #{primary_user.uuid} and #{user.redirects_to.uuid}"
         end
       end
     end