X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e20bd70e4deaf55e7f162307a10118c66e2faac5..2bec2ba1ce3b37fb8ff9a94f20d6c8a694d87183:/services/api/app/controllers/arvados/v1/users_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index a671809123..271299b6c9 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -118,8 +118,33 @@ class Arvados::V1::UsersController < ApplicationController
 
   def self._setup_requires_parameters
     {
-      send_notification_email: { type: 'boolean', required: true },
+      user: {
+        type: 'object', required: false
+      },
+      openid_prefix: {
+        type: 'string', required: false
+      },
+      repo_name: {
+        type: 'string', required: false
+      },
+      vm_uuid: {
+        type: 'string', required: false
+      },
+      send_notification_email: {
+        type: 'boolean', required: false, default: false
+      },
     }
   end
 
+  def find_objects_for_index
+    if (action_name == "index") and (not @read_users.any? { |u| u.is_admin })
+      # Non-admin index returns very basic information about all active users.
+      # We ignore where and filters params to avoid leaking information.
+      @where = {}
+      @filters = []
+      @select = ["uuid", "is_active", "email", "first_name", "last_name"]
+      @objects = model_class.where(is_active: true)
+    end
+    super
+  end
 end