3605: Provide "info" field to all requesters. Filters out any keys with text

"secret" to non-admin users.  Also fix fiddlesticks on workbench viewing
details for node.

diff --git a/apps/workbench/app/views/application/_arvados_attr_value.html.erb b/apps/workbench/app/views/application/_arvados_attr_value.html.erb
index 52c46fbe2f9e0821fe8bbba8621814b6a4c05ce5..3df892fd5a6b24126d584f112da28284f30c1e60 100644 (file)
--- a/apps/workbench/app/views/application/_arvados_attr_value.html.erb
+++ b/apps/workbench/app/views/application/_arvados_attr_value.html.erb
@@ -3,7 +3,7 @@
     <%= message %><br />
   <% end %>
 <% else %>
-      <% if obj.attribute_editable?(attr) and (!defined?(editable) || editable) %>
+      <% if attr and obj.attribute_editable?(attr) and (!defined?(editable) || editable) %>
         <% if resource_class_for_uuid(attrvalue, {referring_object: obj, referring_attr: attr}) %>
           <%= link_to_if_arvados_object attrvalue, {referring_attr: attr, referring_object: obj, with_class_name: true, friendly_name: true} %>
           <br>

diff --git a/services/api/app/models/node.rb b/services/api/app/models/node.rb
index 71d4dea2c0cc815c7b29c30c8d0d7dac40c31cf1..960142e977238c0b804ef0ad5b30284ec0049151 100644 (file)
--- a/services/api/app/models/node.rb
+++ b/services/api/app/models/node.rb
@@ -20,16 +20,19 @@ class Node < ArvadosModel
     t.add :slot_number
     t.add :status
     t.add :crunch_worker_state
+    t.add :info
   end
   api_accessible :superuser, :extend => :user do |t|
     t.add :first_ping_at
-    t.add :info
     t.add lambda { |x| @@nameservers }, :as => :nameservers
   end
 
   def info
-    @info ||= Hash.new
-    super
+    if current_user.andand.current_user.is_admin
+      super
+    else
+      super.select { |k| not k.to_s.include? "secret" }
+    end
   end
 
   def domain