2659: Send anonymous token as a reader token with all requests.

diff --git a/apps/workbench/app/models/arvados_api_client.rb b/apps/workbench/app/models/arvados_api_client.rb
index 904673fe286faff21e416d4d1892c098a842961e..992f8fd896989a408b9939c16dc893b85aa58964 100644 (file)
--- a/apps/workbench/app/models/arvados_api_client.rb
+++ b/apps/workbench/app/models/arvados_api_client.rb
@@ -101,8 +101,13 @@ class ArvadosApiClient
     url.sub! '/arvados/v1/../../', '/'
 
     query = {
-      'api_token' => tokens[:arvados_api_token] || Thread.current[:arvados_api_token] || '',
-      'reader_tokens' => (tokens[:reader_tokens] || Thread.current[:reader_tokens] || []).to_json,
+      'api_token' => (tokens[:arvados_api_token] ||
+                      Thread.current[:arvados_api_token] ||
+                      ''),
+      'reader_tokens' => ((tokens[:reader_tokens] ||
+                           Thread.current[:reader_tokens] ||
+                           []) +
+                          [Rails.configuration.anonymous_user_token]).to_json,
     }
     if !data.nil?
       data.each do |k,v|
@@ -120,11 +125,6 @@ class ArvadosApiClient
       query["_method"] = "GET"
     end
 
-    # Use anonymous token for GET requests when no api_token is available
-    if ((query["_method"] == "GET") or (query[:_method] == "GET")) && query["api_token"].empty?
-      query['api_token'] = Rails.configuration.anonymous_user_token
-    end
-
     if @@profiling_enabled
       query["_profile"] = "true"
     end