X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a8bf5ded794ad2b59e65d8a681b79d727f899402..2c292c1942746dfa7b93411d76a8374e1b0aff16:/services/api/app/controllers/arvados/v1/keep_disks_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
index 2f38cb57e5..7db295dbb2 100644
--- a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
+++ b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
@@ -13,40 +13,35 @@ class Arvados::V1::KeepDisksController < ApplicationController
     }
   end
   def ping
-    if !@object
-      if params[:filesystem_uuid].andand.length.andand > 0 and
-          current_user.andand.is_admin
-        @object = KeepDisk.
-          find_or_initialize_by_filesystem_uuid params[:filesystem_uuid]
-        if not @object.new_record?
-          raise "ping from keep_disk with existing filesystem_uuid #{params[:filesystem_uuid]} but wrong uuid #{params[:uuid]}"
-        end
-        @object.save!
-
-        # In the first ping from this new filesystem_uuid, we can't
-        # expect the keep node to know the ping_secret so we made sure
-        # we got an admin token. Here we add ping_secret to params so
-        # KeepNode.ping() understands this update is properly
-        # authenticated.
-        params[:ping_secret] = @object.ping_secret
-      else
-        return render_not_found "object not found"
-      end
-    end
-
     params[:service_host] ||= request.env['REMOTE_ADDR']
     if not @object.ping params
       return render_not_found "object not found"
     end
+    # Render the :superuser view (i.e., include the ping_secret) even
+    # if !current_user.is_admin. This is safe because @object.ping's
+    # success implies the ping_secret was already known by the client.
     render json: @object.as_api_response(:superuser)
   end
 
   def find_objects_for_index
-    if current_user.andand.is_admin || !current_user.andand.is_active
-      super
-    else
-      # active non-admin users can list all keep disks
-      @objects = model_class.all
+    # all users can list all keep disks
+    @objects = model_class.where('1=1')
+    super
+  end
+
+  def find_object_by_uuid
+    @object = KeepDisk.where(uuid: (params[:id] || params[:uuid])).first
+    if !@object && current_user.andand.is_admin
+      # Create a new KeepDisk and ping it.
+      @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
+      @object.save!
+
+      # In the first ping from this new filesystem_uuid, we can't
+      # expect the keep node to know the ping_secret so we made sure
+      # we got an admin token. Here we add ping_secret to params so
+      # KeepNode.ping() understands this update is properly
+      # authenticated.
+      params[:ping_secret] = @object.ping_secret
     end
   end
 end