projects
/
arvados.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
9049897
)
Obey permissions when retrieving object by UUID.
author
Tom Clegg <tom@curoverse.com>
Tue, 14 Jan 2014 21:37:30 +0000
(13:37 -0800)
committer
Tom Clegg <tom@curoverse.com>
Tue, 14 Jan 2014 21:37:30 +0000
(13:37 -0800)
closes #1871
services/api/app/controllers/application_controller.rb
patch
|
blob
|
history
diff --git
a/services/api/app/controllers/application_controller.rb
b/services/api/app/controllers/application_controller.rb
index c7cbc6065d0e32af8c9c623aad359123d8106335..708defede671ac6fc60af73fd83485fcdfd31545 100644
(file)
--- a/
services/api/app/controllers/application_controller.rb
+++ b/
services/api/app/controllers/application_controller.rb
@@
-310,7
+310,9
@@
class ApplicationController < ActionController::Base
if params[:id] and params[:id].match /\D/
params[:uuid] = params.delete :id
end
- @object = model_class.where('uuid=?', params[:uuid]).first
+ @where = { uuid: params[:uuid] }
+ find_objects_for_index
+ @object = @objects.first
end
def self.accept_attribute_as_json(attr, force_class=nil)