X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7023263e319cbd93365f7104c866aba4886616da..a6c0e01403377311a12f6d9ae587d92dbc00e1fd:/services/api/lib/current_api_client.rb

diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 401be16c7a..f851c588c7 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -29,16 +29,6 @@ module CurrentApiClient
     Thread.current[:api_client_ip_address]
   end
 
-  # Does the current API client authorization include any of ok_scopes?
-  def current_api_client_auth_has_scope(ok_scopes)
-    auth_scopes = current_api_client_authorization.andand.scopes || []
-    unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
-      logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
-      return false
-    end
-    true
-  end
-
   def system_user_uuid
     [Server::Application.config.uuid_prefix,
      User.uuid_prefix,
@@ -54,7 +44,9 @@ module CurrentApiClient
   def system_user
     if not $system_user
       real_current_user = Thread.current[:user]
-      Thread.current[:user] = User.new(is_admin: true, is_active: true)
+      Thread.current[:user] = User.new(is_admin: true,
+                                       is_active: true,
+                                       uuid: system_user_uuid)
       $system_user = User.where('uuid=?', system_user_uuid).first
       if !$system_user
         $system_user = User.new(uuid: system_user_uuid,
@@ -98,9 +90,11 @@ module CurrentApiClient
     if block_given?
       user_was = Thread.current[:user]
       Thread.current[:user] = system_user
-      ret = yield
-      Thread.current[:user] = user_was
-      ret
+      begin
+        yield
+      ensure
+        Thread.current[:user] = user_was
+      end
     else
       Thread.current[:user] = system_user
     end