X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b75f8eaadb91d5f8f0ac53d85aca763b2a1506cb..9eca684a1c2b52689986797d84f927dccef30ea9:/services/api/app/models/authorized_key.rb?ds=sidebyside diff --git a/services/api/app/models/authorized_key.rb b/services/api/app/models/authorized_key.rb index b454ba3ca7..ce348e0f8a 100644 --- a/services/api/app/models/authorized_key.rb +++ b/services/api/app/models/authorized_key.rb @@ -1,19 +1,27 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + class AuthorizedKey < ArvadosModel - include AssignUuid + include HasUuid include KindAndEtag include CommonApiTemplate - before_create :permission_to_set_authorized_user - before_update :permission_to_set_authorized_user + before_create :permission_to_set_authorized_user_uuid + before_update :permission_to_set_authorized_user_uuid + + belongs_to :authorized_user, :foreign_key => :authorized_user_uuid, :class_name => 'User', :primary_key => :uuid + + validate :public_key_must_be_unique - api_accessible :superuser, :extend => :common do |t| + api_accessible :user, extend: :common do |t| t.add :name t.add :key_type - t.add :authorized_user + t.add :authorized_user_uuid t.add :public_key t.add :expires_at end - def permission_to_set_authorized_user + def permission_to_set_authorized_user_uuid # Anonymous users cannot do anything here return false if !current_user @@ -21,9 +29,21 @@ class AuthorizedKey < ArvadosModel return true if current_user.is_admin # All users can attach keys to their own accounts - return true if current_user.uuid == authorized_user + return true if current_user.uuid == authorized_user_uuid # Default = deny. false end + + def public_key_must_be_unique + if self.public_key + # Valid if no other rows have this public key + if self.class.where('uuid != ? and public_key like ?', + uuid || '', "%#{self.public_key}%").any? + errors.add(:public_key, "already exists in the database, use a different key.") + return false + end + end + return true + end end