projects
/
arvados.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
877689f
)
16683: Check that remote cluster id is presumed valid
author
Peter Amstutz <peter.amstutz@curii.com>
Fri, 14 Aug 2020 13:57:53 +0000
(09:57 -0400)
committer
Peter Amstutz <peter.amstutz@curii.com>
Fri, 14 Aug 2020 13:57:53 +0000
(09:57 -0400)
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
services/api/app/models/link.rb
patch
|
blob
|
history
diff --git
a/services/api/app/models/link.rb
b/services/api/app/models/link.rb
index 7f4433dd703861bf7f6e5a231d6021b95cd3f883..0d7334e44e85440d37a530e6316d338f125b92aa 100644
(file)
--- a/
services/api/app/models/link.rb
+++ b/
services/api/app/models/link.rb
@@
-48,6
+48,7
@@
class Link < ArvadosModel
!attr_value.nil? &&
self.link_class == 'permission' &&
attr_value[0..4] != Rails.configuration.ClusterID &&
+ ApiClientAuthorization.remote_host(uuid_prefix: attr_value[0..4]) &&
ArvadosModel::resource_class_for_uuid(attr_value) == User
# Permission link tail is a remote user (the user permissions
# are being granted to), so bypass the standard check that a