projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b79ae85)
16263: Fix only_admin_can_bypass_federation
authorPeter Amstutz <peter.amstutz@curii.com>
Tue, 31 Mar 2020 21:12:31 +0000 (17:12 -0400)
committerPeter Amstutz <peter.amstutz@curii.com>
Mon, 13 Apr 2020 15:27:36 +0000 (11:27 -0400)
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

services/api/app/controllers/application_controller.rb patch | blob | history

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index a3435d0b68387a6fe7edb26a4b767a583e7c2e29..83a233cd54681b18b9fb6bb12c72642a2e95cae4 100644 (file)
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -141,7 +141,7 @@ class ApplicationController < ActionController::Base
   end
 
   def only_admin_can_bypass_federation
-    if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+    unless !params[:bypass_federation] || current_user.andand.is_admin
       send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
     end
   end