6476: skip require_thread_api_token filter when anonymous browsing is enabled and...

diff --git a/apps/workbench/app/controllers/actions_controller.rb b/apps/workbench/app/controllers/actions_controller.rb
index cbe7e37fe5ca4c7f38b1b642db9f62294414aacb..926cdef7367c4bd46f3f40059dafc125dd31a7f7 100644 (file)
--- a/apps/workbench/app/controllers/actions_controller.rb
+++ b/apps/workbench/app/controllers/actions_controller.rb
@@ -2,6 +2,16 @@ require "arvados/collection"
 
 class ActionsController < ApplicationController
 
+  skip_around_filter :require_thread_api_token, if: proc { |ctrl|
+    Rails.configuration.anonymous_user_token and
+    'show' == ctrl.action_name and
+    params['uuid'] and
+    (model_class == Collection or
+     model_class == Group or
+     model_class == Job or
+     model_class == PipelineInstance or
+     model_class == PipelineTemplate)
+  }
   skip_filter :require_thread_api_token, only: [:report_issue_popup, :report_issue]
   skip_filter :check_user_agreements, only: [:report_issue_popup, :report_issue]
 
@@ -21,6 +31,8 @@ class ActionsController < ApplicationController
         @object.link_class == 'name' and
         ArvadosBase::resource_class_for_uuid(@object.head_uuid) == Collection
       redirect_to collection_path(id: @object.uuid)
+    elsif @object.is_a?(Group) and @object.group_class == 'project'
+      redirect_to project_path(id: @object.uuid)
     elsif @object
       redirect_to @object
     else

diff --git a/apps/workbench/test/controllers/actions_controller_test.rb b/apps/workbench/test/controllers/actions_controller_test.rb
index 26ef67bcb932afe545cc218f1c565fa10dc61a24..9f561aa577037210f72ea06352254f71ae732d18 100644 (file)
--- a/apps/workbench/test/controllers/actions_controller_test.rb
+++ b/apps/workbench/test/controllers/actions_controller_test.rb
@@ -160,4 +160,43 @@ class ActionsControllerTest < ActionController::TestCase
     assert_includes(manifest_text, 'foo')
     assert_includes(manifest_text, 'foo(1)')
   end
+
+  [
+    ['collections', 'user_agreement_in_anonymously_accessible_project'],
+    ['groups', 'anonymously_accessible_project'],
+    ['jobs', 'running_job_in_publicly_accessible_project'],
+    ['pipeline_instances', 'pipeline_in_publicly_accessible_project'],
+    ['pipeline_templates', 'pipeline_template_in_publicly_accessible_project'],
+  ].each do |dm, fixture|
+    test "access show method for public #{dm} and expect to see page" do
+      Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
+      get(:show, {uuid: api_fixture(dm)[fixture]['uuid']})
+      assert_response :redirect
+      if dm == 'groups'
+        assert_includes @response.redirect_url, "projects/#{fixture['uuid']}"
+      else
+        assert_includes @response.redirect_url, "#{dm}/#{fixture['uuid']}"
+      end
+    end
+  end
+
+  [
+    ['collections', 'foo_collection_in_aproject', 404],
+    ['groups', 'subproject_in_asubproject_with_same_name_as_one_in_active_user_home', 404],
+    ['jobs', 'job_with_latest_version', 404],
+    ['pipeline_instances', 'pipeline_owned_by_active_in_home', 404],
+    ['pipeline_templates', 'template_in_asubproject_with_same_name_as_one_in_active_user_home', 404],
+    ['traits', 'owned_by_aproject_with_no_name', :redirect],
+  ].each do |dm, fixture, expected|
+    test "access show method for non-public #{dm} and expect #{expected}" do
+      Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
+      get(:show, {uuid: api_fixture(dm)[fixture]['uuid']})
+      assert_response expected
+      if expected == 404
+        assert_includes @response.inspect, 'Log in'
+      else
+        assert_match /\/users\/welcome/, @response.redirect_url
+      end
+    end
+  end
 end