X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/72513393310d7f22688afa93f51b05e1d42bae08..43ad590772de48fbc3a6a45654445bab79a0bdc1:/services/api/app/models/container_request.rb?ds=sidebyside diff --git a/services/api/app/models/container_request.rb b/services/api/app/models/container_request.rb index b75775c878..0c2ad09655 100644 --- a/services/api/app/models/container_request.rb +++ b/services/api/app/models/container_request.rb @@ -106,8 +106,12 @@ class ContainerRequest < ArvadosModel end def skip_uuid_read_permission_check - # XXX temporary until permissions are sorted out. - %w(modified_by_client_uuid container_uuid requesting_container_uuid) + # The uuid_read_permission_check prevents users from making + # references to objects they can't view. However, in this case we + # don't want to do that check since there's a circular dependency + # where user can't view the container until the user has + # constructed the container request that references the container. + %w(container_uuid) end def finalize_if_needed @@ -345,7 +349,7 @@ class ContainerRequest < ArvadosModel end def validate_runtime_token - if !self.runtime_token.nil? + if !self.runtime_token.nil? && self.runtime_token_changed? if !runtime_token[0..2] == "v2/" errors.add :runtime_token, "not a v2 token" return @@ -359,14 +363,7 @@ class ContainerRequest < ArvadosModel def scrub_secrets if self.state == Final self.secret_mounts = {} - if !self.runtime_token.nil? - _, uuid, secret = self.runtime_token.split('/') - tok = ApiClientAuthorization.find_by_uuid(uuid) - if !tok.nil? - tok.expire_destroy - end - self.runtime_token = nil - end + self.runtime_token = nil end end @@ -395,9 +392,6 @@ class ContainerRequest < ArvadosModel def get_requesting_container return self.requesting_container_uuid if !self.requesting_container_uuid.nil? - return if !current_api_client_authorization - if (c = Container.where('auth_uuid=?', current_api_client_authorization.uuid).select([:uuid, :priority]).first) - return c - end + Container.for_current_token end end