X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8e69317214ad56a6255f56725fa3b966c663eda3..0b8f1f94be9f49e7a65f5ca84fe563918861be24:/services/api/app/models/user.rb

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 50dc668448..677685d67a 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -1,14 +1,18 @@
+require 'can_be_an_owner'
+
 class User < ArvadosModel
-  include AssignUuid
+  include HasUuid
   include KindAndEtag
   include CommonApiTemplate
+  include CanBeAnOwner
+
   serialize :prefs, Hash
   has_many :api_client_authorizations
   before_update :prevent_privilege_escalation
   before_update :prevent_inactive_admin
   before_create :check_auto_admin
   after_create :add_system_group_permission_link
-  after_create AdminNotifier
+  after_create :send_admin_notifications
 
   has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
 
@@ -27,7 +31,7 @@ class User < ArvadosModel
   ALL_PERMISSIONS = {read: true, write: true, manage: true}
 
   def full_name
-    "#{first_name} #{last_name}"
+    "#{first_name} #{last_name}".strip
   end
 
   def is_invited
@@ -37,7 +41,11 @@ class User < ArvadosModel
   end
 
   def groups_i_can(verb)
-    self.group_permissions.select { |uuid, mask| mask[verb] }.keys
+    my_groups = self.group_permissions.select { |uuid, mask| mask[verb] }.keys
+    if verb == :read
+      my_groups << anonymous_group_uuid
+    end
+    my_groups
   end
 
   def can?(actions)
@@ -177,6 +185,10 @@ class User < ArvadosModel
 
   protected
 
+  def ensure_ownership_path_leads_to_user
+    true
+  end
+
   def permission_to_update
     # users must be able to update themselves (even if they are
     # inactive) in order to create sessions
@@ -245,12 +257,12 @@ class User < ArvadosModel
   end
 
   def create_oid_login_perm (openid_prefix)
-    login_perm_props = {identity_url_prefix: openid_prefix}
+    login_perm_props = { "identity_url_prefix" => openid_prefix}
 
     # Check oid_login_perm
     oid_login_perms = Link.where(tail_uuid: self.email,
                                    link_class: 'permission',
-                                   name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
+                                   name: 'can_login').where("head_uuid = ?", self.uuid)
 
     if !oid_login_perms.any?
       # create openid login permission
@@ -330,21 +342,21 @@ class User < ArvadosModel
 
       perm_exists = false
       login_perms.each do |perm|
-        if perm.properties[:username] == repo_name
-          perm_exists = true
+        if perm.properties['username'] == repo_name
+          perm_exists = perm
           break
         end
       end
 
-      if !perm_exists
+      if perm_exists
+        login_perm = perm_exists
+      else
         login_perm = Link.create(tail_uuid: self.uuid,
                                  head_uuid: vm[:uuid],
                                  link_class: 'permission',
                                  name: 'can_login',
-                                 properties: {username: repo_name})
+                                 properties: {'username' => repo_name})
         logger.info { "login permission: " + login_perm[:uuid] }
-      else
-        login_perm = login_perms.first
       end
 
       return login_perm
@@ -394,4 +406,12 @@ class User < ArvadosModel
                   head_uuid: self.uuid)
     end
   end
+
+  # Send admin notifications
+  def send_admin_notifications
+    AdminNotifier.new_user(self).deliver
+    if not self.is_active then
+      AdminNotifier.new_inactive_user(self).deliver
+    end
+  end
 end