projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 891783a)
17464: Unknown user gets "User" permission check instead of failure
authorPeter Amstutz <peter.amstutz@curii.com>
Fri, 18 Jun 2021 19:43:26 +0000 (15:43 -0400)
committerPeter Amstutz <peter.amstutz@curii.com>
Fri, 18 Jun 2021 19:43:26 +0000 (15:43 -0400)
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

services/keep-web/handler.go patch | blob | history

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 6f6ff542b5556ff414a376f1c9c9988f0f953074..d76cedaec3e44bfb4364b5c620e717a078c41c7d 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -864,12 +864,9 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc
 }
 
 func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
-       if tokenUser == nil {
-               return false
-       }
        var permitDownload bool
        var permitUpload bool
-       if tokenUser.IsAdmin {
+       if tokenUser != nil && tokenUser.IsAdmin {
                permitUpload = h.Config.cluster.Collections.WebDAVPermission.Admin.Upload
                permitDownload = h.Config.cluster.Collections.WebDAVPermission.Admin.Download
        } else {