X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ecf6627111838530f64ffcd689e11d987cc7bf2f..2baac8a6702551064b065f752f75a9b40dbec0f5:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index 3c5ed60d18..ba7c07d272 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -3,6 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0 require 'safe_json' +require 'request_error' module ApiTemplateOverride def allowed_to_render?(fieldset, field, model, options) @@ -137,7 +138,7 @@ class ApplicationController < ActionController::Base def render_error(e) logger.error e.inspect - if e.respond_to? :backtrace and e.backtrace + if !e.is_a? RequestError and (e.respond_to? :backtrace and e.backtrace) logger.error e.backtrace.collect { |x| x + "\n" }.join('') end if (@object.respond_to? :errors and @@ -365,7 +366,7 @@ class ApplicationController < ActionController::Base end def require_auth_scope - if @read_auths.empty? + unless current_user && @read_auths.any? { |auth| auth.user.andand.uuid == current_user.uuid } if require_login != false send_error("Forbidden", status: 403) end @@ -402,7 +403,7 @@ class ApplicationController < ActionController::Base def set_cors_headers response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE' - response.headers['Access-Control-Allow-Headers'] = 'Authorization' + response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type' response.headers['Access-Control-Max-Age'] = '86486400' end @@ -554,6 +555,10 @@ class ApplicationController < ActionController::Base } end + def self._update_requires_parameters + {} + end + def self._index_requires_parameters { filters: { type: 'array', required: false },