X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/5fcebaf9f4c05cf63f2cfa6d69b5bf16e0a73b96..5debe2b77df18d381d7d59976e76f4ea6c9d5ce0:/services/api/app/models/api_client_authorization.rb

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index dde15f4428..f7985a986a 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -1,4 +1,5 @@
 class ApiClientAuthorization < ArvadosModel
+  include HasUuid
   include KindAndEtag
   include CommonApiTemplate
 
@@ -7,7 +8,7 @@ class ApiClientAuthorization < ArvadosModel
   after_initialize :assign_random_api_token
   serialize :scopes, Array
 
-  api_accessible :superuser, :extend => :common do |t|
+  api_accessible :user, extend: :common do |t|
     t.add :owner_uuid
     t.add :user_id
     t.add :api_client_id
@@ -20,6 +21,8 @@ class ApiClientAuthorization < ArvadosModel
     t.add :scopes
   end
 
+  UNLOGGED_CHANGES = ['last_used_at', 'last_used_by_ip_address', 'updated_at']
+
   def assign_random_api_token
     self.api_token ||= rand(2**256).to_s(36)
   end
@@ -28,23 +31,12 @@ class ApiClientAuthorization < ArvadosModel
     self.user.andand.uuid
   end
   def owner_uuid_was
-    self.user_id_changed? ? User.find(self.user_id_was).andand.uuid : self.user.andand.uuid
+    self.user_id_changed? ? User.where(id: self.user_id_was).first.andand.uuid : self.user.andand.uuid
   end
   def owner_uuid_changed?
     self.user_id_changed?
   end
 
-  def uuid
-    self.api_token
-  end
-  def uuid=(x) end
-  def uuid_was
-    self.api_token_was
-  end
-  def uuid_changed?
-    self.api_token_changed?
-  end
-
   def modified_by_client_uuid
     nil
   end
@@ -60,6 +52,26 @@ class ApiClientAuthorization < ArvadosModel
   end
   def modified_at=(x) end
 
+  def scopes_allow?(req_s)
+    scopes.each do |scope|
+      return true if (scope == 'all') or (scope == req_s) or
+        ((scope.end_with? '/') and (req_s.start_with? scope))
+    end
+    false
+  end
+
+  def scopes_allow_request?(request)
+    scopes_allow? [request.request_method, request.path].join(' ')
+  end
+
+  def logged_attributes
+    super.except 'api_token'
+  end
+
+  def self.default_orders
+    ["#{table_name}.id desc"]
+  end
+
   protected
 
   def permission_to_create
@@ -68,7 +80,12 @@ class ApiClientAuthorization < ArvadosModel
 
   def permission_to_update
     (permission_to_create and
-     not self.user_id_changed? and
-     not self.owner_uuid_changed?)
+     not uuid_changed? and
+     not user_id_changed? and
+     not owner_uuid_changed?)
+  end
+
+  def log_update
+    super unless (changed - UNLOGGED_CHANGES).empty?
   end
 end