X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/85ee7f10d6aa8084da51a388011395c080842c70..2b6837ef2b57204b7bf4fd5c4373283892999268:/services/api/app/controllers/arvados/v1/users_controller.rb diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb index 568dd97a10..03efed999f 100644 --- a/services/api/app/controllers/arvados/v1/users_controller.rb +++ b/services/api/app/controllers/arvados/v1/users_controller.rb @@ -8,9 +8,14 @@ class Arvados::V1::UsersController < ApplicationController before_filter :admin_required, only: [:setup, :unsetup] def current - @object = current_user - show + if current_user + @object = current_user + show + else + send_error("Not logged in", status: 401) + end end + def system @object = system_user show @@ -91,12 +96,29 @@ class Arvados::V1::UsersController < ApplicationController end end + # It's not always possible for the client to know the user's + # username when submitting this request: the username might have + # been assigned automatically in create!() above. If client + # provided a plain repository name, prefix it with the username + # now that we know what it is. + if params[:repo_name].nil? + full_repo_name = nil + elsif @object.username.nil? + raise ArgumentError. + new("cannot setup a repository because user has no username") + elsif object_found and + params[:repo_name].start_with?("#{@object.username}/") + full_repo_name = params[:repo_name] + else + full_repo_name = "#{@object.username}/#{params[:repo_name]}" + end + if object_found - @response = @object.setup_repo_vm_links params[:repo_name], + @response = @object.setup_repo_vm_links full_repo_name, params[:vm_uuid], params[:openid_prefix] else @response = User.setup @object, params[:openid_prefix], - params[:repo_name], params[:vm_uuid] + full_repo_name, params[:vm_uuid] end # setup succeeded. send email to user @@ -104,7 +126,7 @@ class Arvados::V1::UsersController < ApplicationController UserNotifier.account_is_setup(@object).deliver end - render json: { kind: "arvados#HashList", items: @response.as_api_response(nil) } + send_json kind: "arvados#HashList", items: @response.as_api_response(nil) end # delete user agreements, vm, repository, login links; set state to inactive @@ -114,38 +136,39 @@ class Arvados::V1::UsersController < ApplicationController show end - # update profile for the user - def profile - reload_object_before_update - - # update profile - @object.profile params - - # profile update succeeded. send email if requested by the client - profile_notification_address = params[:send_profile_notification_email] - if profile_notification_address - ProfileNotifier.profile_created(@object, profile_notification_address).deliver - end - - show - end - protected def self._setup_requires_parameters { - send_notification_email: { type: 'boolean', required: true }, + user: { + type: 'object', required: false + }, + openid_prefix: { + type: 'string', required: false + }, + repo_name: { + type: 'string', required: false + }, + vm_uuid: { + type: 'string', required: false + }, + send_notification_email: { + type: 'boolean', required: false, default: false + }, } end - def find_objects_for_index - if (action_name == "index") and (not @read_users.any? { |u| u.is_admin }) - # Non-admin index returns very basic information about all active users. - # We ignore where and filters params to avoid leaking information. - @where = {} - @filters = [] - @select = ["uuid", "is_active", "email", "first_name", "last_name"] - @objects = model_class.where(is_active: true) + def apply_filters(model_class=nil) + return super if @read_users.any? &:is_admin + if params[:uuid] != current_user.andand.uuid + # Non-admin index/show returns very basic information about readable users. + safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name"] + if @select + @select = @select & safe_attrs + else + @select = safe_attrs + end + @filters += [['is_active', '=', true]] end super end