projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 54873fc) | patch
5160: All users have API read permission to anonymous group.
authorBrett Smith <brett@curoverse.com>
Fri, 6 Feb 2015 21:52:38 +0000 (16:52 -0500)
committerBrett Smith <brett@curoverse.com>
Fri, 6 Feb 2015 21:52:38 +0000 (16:52 -0500)
commit488846259a3a8a3a5f9845279a73b569d998a199
tree2b2520d4986a062e36d030e59f3bbe0f8214bed3tree | snapshot
parent54873fcd103e4887e41e987522e4442b62f682adcommit | diff
5160: All users have API read permission to anonymous group.

Workbench makes public data available to everyone by including the
anonymous user API token as a reader token for every request.
However, model-level validations do not respect reader tokens.  As a
consequence, users cannot make their project public by sharing it with
the anonymous group.  They can't create the necessary link, because
the validation can't confirm that the creator can see the anonymous
group.

There are a few ways we could've tackled this, but granting all users
permission to see the anonymous group seems like the most reliable,
since it works within our existing permissions infrastructure as much
as possible.
services/api/app/models/database_seeds.rb diff | blob | history
services/api/db/migrate/20150206210804_all_users_can_read_anonymous_group.rb [new file with mode: 0644] blob
services/api/db/structure.sql diff | blob | history
services/api/lib/current_api_client.rb diff | blob | history
services/api/test/fixtures/links.yml diff | blob | history
services/api/test/unit/link_test.rb diff | blob | history