X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/99658f9ca22500e6249a77bae32994599949c76d..8e69317214ad56a6255f56725fa3b966c663eda3:/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
index 9722e14790..8fd915ddfb 100644
--- a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
+++ b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
@@ -1,12 +1,43 @@
 class Arvados::V1::ApiClientAuthorizationsController < ApplicationController
+  accept_attribute_as_json :scopes, Array
   before_filter :current_api_client_is_trusted
+  before_filter :admin_required, :only => :create_system_auth
+  skip_before_filter :render_404_if_no_object, :only => :create_system_auth
+
+  def self._create_system_auth_requires_parameters
+    {
+      api_client_id: {type: 'integer', required: false},
+      scopes: {type: 'array', required: false}
+    }
+  end
+  def create_system_auth
+    @object = ApiClientAuthorization.
+      new(user_id: system_user.id,
+          api_client_id: params[:api_client_id] || current_api_client.andand.id,
+          created_by_ip_address: remote_ip,
+          scopes: Oj.load(params[:scopes] || '["all"]'))
+    @object.save!
+    show
+  end
+
+  def create
+    if resource_attrs[:owner_uuid]
+      # The model has an owner_id attribute instead of owner_uuid, but
+      # we can't expect the client to know the local numeric ID. We
+      # translate UUID to numeric ID here.
+      resource_attrs[:user_id] =
+        User.where(uuid: resource_attrs.delete(:owner_uuid)).first.andand.id
+    end
+    resource_attrs[:api_client_id] = Thread.current[:api_client].id
+    super
+  end
 
   protected
 
   def find_objects_for_index
     # Here we are deliberately less helpful about searching for client
     # authorizations. Rather than use the generic index/where/order
-    # featuers, we look up tokens belonging to the current user and
+    # features, we look up tokens belonging to the current user and
     # filter by exact match on api_token (which we expect in the form
     # of a where[uuid] parameter to make things easier for API client
     # libraries).