if @object.locked_by_uuid != Thread.current[:api_client_authorization].uuid
raise ArvadosModel::PermissionDeniedError.new("Not locked by your token")
end
- @object = @object.auth
+ if @object.runtime_token.nil?
+ @object = @object.auth
+ else
+ @object = ApiClientAuthorization.validate(token: @object.runtime_token)
+ if @object.nil?
+ raise ArvadosModel::PermissionDeniedError.new("Invalid runtime_token")
+ end
+ end
show
end
def assign_auth
if self.auth_uuid_changed?
- return errors.add :auth_uuid, 'is readonly'
+ return errors.add :auth_uuid, 'is readonly'
end
if not [Locked, Running].include? self.state
# don't need one
end
if self.runtime_token.nil?
if self.runtime_user_uuid.nil?
+ # legacy behavior, we don't have a runtime_user_uuid so get
+ # the user from the highest priority container request, needed
+ # when performing an upgrade and there are queued containers,
+ # and some tests.
cr = ContainerRequest.
where('container_uuid=? and priority>0', self.uuid).
order('priority desc').
create!(user_id: User.find_by_uuid(self.runtime_user_uuid).id,
api_client_id: 0,
scopes: self.runtime_auth_scopes)
- else
- # using runtime_token
- self.auth = ApiClientAuthorization.validate(token: self.runtime_token)
- if self.auth.nil?
- raise ArgumentError.new "Invalid runtime token"
- end
end
end
cr.save!
c = Container.find_by_uuid cr.container_uuid
lock_and_run c
- assert_equal c.auth_uuid, spec.uuid
+ assert_nil c.auth_uuid
+ assert_equal c.runtime_token, spec.token
assert_not_nil ApiClientAuthorization.find_by_uuid(spec.uuid)