X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/da51b9328abab2df757ed13eadc7c3557315094b..97c83ddd8852d5ca445527f9914a31a8976a9031:/services/api/app/controllers/arvados/v1/keep_disks_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
index 7db295dbb2..b8aa09650f 100644
--- a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
+++ b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
@@ -1,37 +1,26 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class Arvados::V1::KeepDisksController < ApplicationController
-  skip_before_filter :require_auth_scope_all, :only => :ping
+  skip_before_action :require_auth_scope, only: :ping
+  skip_before_action :render_404_if_no_object, only: :ping
 
   def self._ping_requires_parameters
     {
-      uuid: false,
-      ping_secret: true,
-      node_uuid: false,
-      filesystem_uuid: false,
-      service_host: false,
-      service_port: true,
-      service_ssl_flag: true
+      uuid: {required: false},
+      ping_secret: {required: true},
+      node_uuid: {required: false},
+      filesystem_uuid: {required: false},
+      service_host: {required: false},
+      service_port: {required: true},
+      service_ssl_flag: {required: true}
     }
   end
+
   def ping
     params[:service_host] ||= request.env['REMOTE_ADDR']
-    if not @object.ping params
-      return render_not_found "object not found"
-    end
-    # Render the :superuser view (i.e., include the ping_secret) even
-    # if !current_user.is_admin. This is safe because @object.ping's
-    # success implies the ping_secret was already known by the client.
-    render json: @object.as_api_response(:superuser)
-  end
-
-  def find_objects_for_index
-    # all users can list all keep disks
-    @objects = model_class.where('1=1')
-    super
-  end
-
-  def find_object_by_uuid
-    @object = KeepDisk.where(uuid: (params[:id] || params[:uuid])).first
-    if !@object && current_user.andand.is_admin
+    if !params[:uuid] && current_user.andand.is_admin
       # Create a new KeepDisk and ping it.
       @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
       @object.save!
@@ -39,9 +28,23 @@ class Arvados::V1::KeepDisksController < ApplicationController
       # In the first ping from this new filesystem_uuid, we can't
       # expect the keep node to know the ping_secret so we made sure
       # we got an admin token. Here we add ping_secret to params so
-      # KeepNode.ping() understands this update is properly
-      # authenticated.
+      # the ping call below is properly authenticated.
       params[:ping_secret] = @object.ping_secret
     end
+    act_as_system_user do
+      if !@object.andand.ping(params)
+        return render_not_found "object not found"
+      end
+      # Render the :superuser view (i.e., include the ping_secret) even
+      # if !current_user.is_admin. This is safe because @object.ping's
+      # success implies the ping_secret was already known by the client.
+      send_json @object.as_api_response(:superuser)
+    end
+  end
+
+  def find_objects_for_index
+    # all users can list all keep disks
+    @objects = model_class.where('1=1')
+    super
   end
 end