X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/aa2adbcaa06c4f5dc7a6e54f3d9a5148b20fbbb1..3f94855e8f06d0c01ad9596f34a90e0c65e0be46:/apps/workbench/app/controllers/application_controller.rb

diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index b62636166c..20dea38dcd 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -11,9 +11,9 @@ class ApplicationController < ActionController::Base
   around_filter :set_thread_api_token
   # Methods that don't require login should
   #   skip_around_filter :require_thread_api_token
-  around_filter :require_thread_api_token, except: ERROR_ACTIONS
+  around_filter :require_thread_api_token, except: [:report_issue_popup, :report_issue] + ERROR_ACTIONS
   before_filter :accept_uuid_as_id_param, except: ERROR_ACTIONS
-  before_filter :check_user_agreements, except: ERROR_ACTIONS
+  before_filter :check_user_agreements, except: [:report_issue_popup, :report_issue] + ERROR_ACTIONS
   before_filter :check_user_profile, except: ERROR_ACTIONS
   before_filter :check_user_notifications, except: ERROR_ACTIONS
   before_filter :load_filters_and_paging_params, except: ERROR_ACTIONS
@@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base
       return render_not_found("object not found")
     end
     respond_to do |f|
-      f.json { render json: @object.attributes.merge(href: url_for(@object)) }
+      f.json { render json: @object.attributes.merge(href: url_for(action: :show, id: @object)) }
       f.html {
         if params['tab_pane']
           render_pane params['tab_pane']
@@ -274,7 +274,7 @@ class ApplicationController < ActionController::Base
     @object ||= model_class.new @new_resource_attrs, params["options"]
     if @object.save
       respond_to do |f|
-        f.json { render json: @object.attributes.merge(href: url_for(@object)) }
+        f.json { render json: @object.attributes.merge(href: url_for(action: :show, id: @object)) }
         f.html {
           redirect_to @object
         }
@@ -436,6 +436,10 @@ class ApplicationController < ActionController::Base
       false  # We may redirect to login, or not, based on the current action.
     else
       session[:arvados_api_token] = params[:api_token]
+      # If we later have trouble contacting the API server, we still want
+      # to be able to render basic user information in the UI--see
+      # render_exception above.  We store that in the session here.  This is
+      # not intended to be used as a general-purpose cache.  See #2891.
       session[:user] = {
         uuid: user.uuid,
         email: user.email,