X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/99658f9ca22500e6249a77bae32994599949c76d..e27e7a7e8b03f48e7d512ff714cc79fb60d92ff9:/services/api/app/models/api_client_authorization.rb diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 1c4972c124..fca57dce8f 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -5,30 +5,32 @@ class ApiClientAuthorization < ArvadosModel belongs_to :api_client belongs_to :user after_initialize :assign_random_api_token + serialize :scopes, Array - api_accessible :superuser, :extend => :common do |t| - t.add :owner + api_accessible :user, extend: :common do |t| + t.add :owner_uuid t.add :user_id t.add :api_client_id t.add :api_token t.add :created_by_ip_address - t.add :default_owner + t.add :default_owner_uuid t.add :expires_at t.add :last_used_at t.add :last_used_by_ip_address + t.add :scopes end def assign_random_api_token self.api_token ||= rand(2**256).to_s(36) end - def owner + def owner_uuid self.user.andand.uuid end - def owner_was + def owner_uuid_was self.user_id_changed? ? User.find(self.user_id_was).andand.uuid : self.user.andand.uuid end - def owner_changed? + def owner_uuid_changed? self.user_id_changed? end @@ -43,18 +45,30 @@ class ApiClientAuthorization < ArvadosModel self.api_token_changed? end - def modified_by_client + def modified_by_client_uuid nil end - def modified_by_client=(x) end + def modified_by_client_uuid=(x) end - def modified_by_user + def modified_by_user_uuid nil end - def modified_by_user=(x) end + def modified_by_user_uuid=(x) end def modified_at nil end def modified_at=(x) end + + protected + + def permission_to_create + current_user.andand.is_admin or (current_user.andand.id == self.user_id) + end + + def permission_to_update + (permission_to_create and + not self.user_id_changed? and + not self.owner_uuid_changed?) + end end