X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f873463bfea88575f98e7a36b26ffbae9aa28aa6..001a60dff02545c2d2476a437b1846c9ae633941:/services/api/app/models/api_client_authorization.rb

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 3af206c450..b158faa272 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -185,7 +185,10 @@ class ApiClientAuthorization < ArvadosModel
         # 5 minutes. TODO: Request the actual api_client_auth
         # record from the remote server in case it wants the token
         # to expire sooner.
-        auth.update_attributes!(expires_at: Time.now + 5.minutes)
+        auth.update_attributes!(user: user,
+                                api_token: secret,
+                                api_client_id: 0,
+                                expires_at: Time.now + 5.minutes)
       end
       return auth
     else
@@ -207,10 +210,8 @@ class ApiClientAuthorization < ArvadosModel
   end
 
   def permission_to_update
-    (permission_to_create and
-     not uuid_changed? and
-     not user_id_changed? and
-     not owner_uuid_changed?)
+    permission_to_create && !uuid_changed? &&
+      (current_user.andand.is_admin || !user_id_changed?)
   end
 
   def log_update