X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e31b4ee6fa3da212239dfb5a2e4761ff51ed0928..06d6b29b121b80cb975e5d9d29a9a6f9b3763c47:/apps/workbench/app/controllers/collections_controller.rb

diff --git a/apps/workbench/app/controllers/collections_controller.rb b/apps/workbench/app/controllers/collections_controller.rb
index 6fcede2808..e01151ca40 100644
--- a/apps/workbench/app/controllers/collections_controller.rb
+++ b/apps/workbench/app/controllers/collections_controller.rb
@@ -4,10 +4,11 @@ class CollectionsController < ApplicationController
   include ActionController::Live
 
   skip_around_filter :require_thread_api_token, if: proc { |ctrl|
-    (Rails.configuration.anonymous_user_token and
-     'show' == ctrl.action_name) or
-    %w(show_file show_file_links).include? ctrl.action_name
+    Rails.configuration.anonymous_user_token and
+    'show' == ctrl.action_name
   }
+  skip_around_filter(:require_thread_api_token,
+                     only: [:show_file, :show_file_links])
   skip_before_filter(:find_object_by_uuid,
                      only: [:provenance, :show_file, :show_file_links])
   # We depend on show_file to display the user agreement:
@@ -118,8 +119,14 @@ class CollectionsController < ApplicationController
     # we ask the API server if the file actually exists.  This serves two
     # purposes: it lets us return a useful status code for common errors, and
     # helps us figure out which token to provide to arv-get.
+    # The order of searched tokens is important: because the anonymous user
+    # token is passed along with every API request, we have to check it first.
+    # Otherwise, it's impossible to know whether any other request succeeded
+    # because of the reader token.
     coll = nil
-    tokens = [Thread.current[:arvados_api_token], params[:reader_token]].compact
+    tokens = [(Rails.configuration.anonymous_user_token || nil),
+              params[:reader_token],
+              Thread.current[:arvados_api_token]].compact
     usable_token = find_usable_token(tokens) do
       coll = Collection.find(params[:uuid])
     end
@@ -195,7 +202,7 @@ class CollectionsController < ApplicationController
 
     if current_user
       if Keep::Locator.parse params["uuid"]
-        @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]])
+        @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
         if @same_pdh.results.size == 1
           redirect_to collection_path(@same_pdh[0]["uuid"])
           return
@@ -203,6 +210,8 @@ class CollectionsController < ApplicationController
         owners = @same_pdh.map(&:owner_uuid).to_a.uniq
         preload_objects_for_dataclass Group, owners
         preload_objects_for_dataclass User, owners
+        uuids = @same_pdh.map(&:uuid).to_a.uniq
+        preload_links_for_objects uuids
         render 'hash_matches'
         return
       else
@@ -221,6 +230,7 @@ class CollectionsController < ApplicationController
           .where(head_uuid: @object.uuid, link_class: 'permission',
                  name: 'can_read').results
         @logs = Log.limit(RELATION_LIMIT).order("created_at DESC")
+          .select(%w(uuid event_type object_uuid event_at summary))
           .where(object_uuid: @object.uuid).results
         @is_persistent = Link.limit(1)
           .where(head_uuid: @object.uuid, tail_uuid: current_user.uuid,
@@ -295,7 +305,9 @@ class CollectionsController < ApplicationController
     return nil
   end
 
-  def file_enumerator(opts)
+  # Note: several controller and integration tests rely on stubbing
+  # file_enumerator to return fake file content.
+  def file_enumerator opts
     FileStreamer.new opts
   end