</a>
<a class="brand" href="/"><%= Rails.configuration.site_name rescue Rails.application.class.parent_name %></a>
<div class="nav-collapse collapse">
+ <% if current_user.andand.is_active %>
<ul class="nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
</ul>
</li>
</ul>
+ <% end %>
<ul class="nav pull-right">
<% if current_user -%>
<li><span class="badge badge-info" style="margin: 10px auto 10px; padding-top: 4px; padding-bottom: 4px"><%= current_user.email %></span></li>
--- /dev/null
+<h4>Your account</h4>
+<div class="well clearfix">
+ <div>
+ Status: <strong>New / inactive</strong>
+ </div>
+ <br />
+ We will send you an email when your account is activated. If this
+ hasn’t happened after 24 hours, please let us know.
+ <br />
+ <%= link_to raw('Contact us ✉'), Rails.configuration.activation_contact_link, class: "pull-right btn btn-primary" %>
+</div>
</div>
<% end %>
+<% if current_user.andand.is_active %>
+<% content_for :manage_access do %>
+<h4>Setup</h4>
+<div class="well clearfix">
+ <div>
+ <strong>SSH keys</strong>
+ <span class="badge <%= 'badge-success' if @my_ssh_keys.any? %> pull-right"><%= @my_ssh_keys.count %></span>
+ </div>
+ You’ll use public key authentication when logging in to a
+ VM or use a hosted git repository.
+ <br />
+ <%= link_to raw('Add/edit keys ➜'), authorized_keys_path, class: "pull-right btn #{'btn-primary' if @my_ssh_keys.empty?}" %>
+</div>
+<div class="well clearfix">
+ <div>
+ <strong>Virtual machines</strong>
+ <span class="badge <%= 'badge-success' if @my_vm_perms.any? %> pull-right"><%= @my_vm_perms.collect(&:head_uuid).uniq.count %></span>
+ </div>
+ Arvados includes virtual machines with SDKs installed and ready to use.
+ <br />
+ <% if @my_vm_perms.any? %>
+ <%= link_to raw('Show VMs ➜'), virtual_machines_path, class: "pull-right btn" %>
+ <% elsif @my_ssh_keys.any? %>
+ <%= link_to raw('Request a VM ➜'), virtual_machines_path, class: "pull-right btn btn-primary" %>
+ <% else %>
+ <%= link_to raw('Request a VM ➜'), virtual_machines_path, { :class => "pull-right btn disabled", :"data-toggle" => "tooltip", :"data-placement" => "bottom", :title => "Add an SSH public key first!" } %>
+ <% end %>
+</div>
+<div class="well clearfix">
+ <div>
+ <strong>Git repositories</strong>
+ <span class="badge <%= 'badge-success' if @my_repo_perms.any? %> pull-right"><%= @my_repo_perms.collect(&:head_uuid).uniq.count %></span>
+ </div>
+ In order to run jobs using your own code, you need to push your code to a git repository. We provide hosted git repositories to make this easy.
+ <br />
+ <% if @my_repo_perms.any? %>
+ <%= link_to raw('Show repositories ➜'), repositories_path, class: "pull-right btn" %>
+ <% elsif @my_ssh_keys.any? %>
+ <%= link_to raw('Request a repository ➜'), repositories_path, class: "pull-right btn btn-primary" %>
+ <% else %>
+ <%= link_to raw('Request a repository ➜'), repositories_path, { :class => "pull-right btn disabled", :"data-toggle" => "tooltip", :"data-placement" => "bottom", :title => "Add an SSH public key first!" } %>
+ <% end %>
+</div>
+<% end %>
+<% end %>
+
<div class="row-fluid">
<div class="col span4">
- <h4>Setup</h4>
- <div class="well clearfix">
- <div>
- <strong>SSH keys</strong>
- <span class="badge <%= 'badge-success' if @my_ssh_keys.any? %> pull-right"><%= @my_ssh_keys.count %></span>
- </div>
- You’ll use public key authentication when logging in to a
- VM or use a hosted git repository.
- <br />
- <%= link_to raw('Add/edit keys ➜'), authorized_keys_path, class: "pull-right btn #{'btn-primary' if @my_ssh_keys.empty?}" %>
- </div>
- <div class="well clearfix">
- <div>
- <strong>Virtual machines</strong>
- <span class="badge <%= 'badge-success' if @my_vm_perms.any? %> pull-right"><%= @my_vm_perms.collect(&:head_uuid).uniq.count %></span>
- </div>
- Arvados includes virtual machines with SDKs installed and ready to use.
- <br />
- <% if @my_vm_perms.any? %>
- <%= link_to raw('Show VMs ➜'), virtual_machines_path, class: "pull-right btn" %>
- <% elsif @my_ssh_keys.any? %>
- <%= link_to raw('Request a VM ➜'), virtual_machines_path, class: "pull-right btn btn-primary" %>
- <% else %>
- <%= link_to raw('Request a VM ➜'), virtual_machines_path, { :class => "pull-right btn disabled", :"data-toggle" => "tooltip", :"data-placement" => "bottom", :title => "Add an SSH public key first!" } %>
- <% end %>
- </div>
- <div class="well clearfix">
- <div>
- <strong>Git repositories</strong>
- <span class="badge <%= 'badge-success' if @my_repo_perms.any? %> pull-right"><%= @my_repo_perms.collect(&:head_uuid).uniq.count %></span>
- </div>
- In order to run jobs using your own code, you need to push your code to a git repository. We provide hosted git repositories to make this easy.
- <br />
- <% if @my_repo_perms.any? %>
- <%= link_to raw('Show repositories ➜'), repositories_path, class: "pull-right btn" %>
- <% elsif @my_ssh_keys.any? %>
- <%= link_to raw('Request a repository ➜'), repositories_path, class: "pull-right btn btn-primary" %>
- <% else %>
- <%= link_to raw('Request a repository ➜'), repositories_path, { :class => "pull-right btn disabled", :"data-toggle" => "tooltip", :"data-placement" => "bottom", :title => "Add an SSH public key first!" } %>
- <% end %>
- </div>
+ <% if content_for? :manage_access %>
+ <%= yield :manage_access %>
+ <% else %>
+ <%= render partial: 'request_activation' %>
+ <% end %>
</div>
<% if content_for? :tutorials %>
config.secret_token = File.read('config/.secret_token') if File.exist? 'config/.secret_token'
config.site_name = 'arvados-workbench.example.com'
+ config.activation_contact_link = 'mailto:info@arvados.org'
end
config.vcf_pipeline_uuid = '9ujm1-mxsvm-o62u4mdoxvs0ckp'
config.site_name = 'arvados-workbench.example.com'
+ config.activation_contact_link = 'mailto:info@arvados.org'
end
config.vcf_pipeline_uuid = '9ujm1-mxsvm-o62u4mdoxvs0ckp'
config.site_name = 'arvados-workbench.example.com'
+ config.activation_contact_link = 'mailto:info@arvados.org'
end
arv virtual_machine create --virtual_machine '{"hostname":"xxxxxxxchangeme.example.com"}'
</pre>
+h3. Activate user
+
+<pre>
+user_uuid=xxxxxxxchangeme
+
+arv user update --uuid "$user_uuid" --user '{"is_active":true}'
+</pre>
+
h3. User → VM
Give @$user_uuid@ permission to log in to @$vm_uuid@ as @$target_username@
Thread.current[:user] = User.find(1)
Thread.current[:user].is_admin = true
- User.find(1).update_attributes is_admin: true
+ User.find(1).update_attributes is_admin: true, is_active: true
User.find(1).is_admin
This should be
user = User.new(:email => omniauth['info']['email'],
:first_name => omniauth['info']['first_name'],
:last_name => omniauth['info']['last_name'],
- :identity_url => omniauth['info']['identity_url'])
+ :identity_url => omniauth['info']['identity_url'],
+ :is_active => Rails.configuration.new_users_are_active)
else
user.email = omniauth['info']['email']
user.first_name = omniauth['info']['first_name']
nil
end
def modified_at=(x) end
+
+ protected
+
+ def permission_to_create
+ current_user.andand.is_admin or (current_user.andand.id == self.user_id)
+ end
+
+ def permission_to_update
+ (permission_to_create and
+ not self.user_id_changed? and
+ not self.owner_changed?)
+ end
end
end
def permission_to_create
- current_user
+ current_user.andand.is_active
end
def ensure_permission_to_update
logger.warn "Anonymous user tried to update #{self.class.to_s} #{self.uuid_was}"
return false
end
+ if !current_user.is_active
+ logger.warn "Inactive user #{current_user.uuid} tried to update #{self.class.to_s} #{self.uuid_was}"
+ return false
+ end
if self.uuid_changed?
logger.warn "User #{current_user.uuid} tried to change uuid of #{self.class.to_s} #{self.uuid_was} to #{self.uuid}"
return false
serialize :prefs, Hash
has_many :api_client_authorizations
before_update :prevent_privilege_escalation
+ before_update :prevent_inactive_admin
has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
t.add :first_name
t.add :last_name
t.add :identity_url
+ t.add :is_active
t.add :is_admin
t.add :prefs
end
protected
+ def permission_to_update
+ # users must be able to update themselves (even if they are
+ # inactive) in order to create sessions
+ self == current_user or super
+ end
+
def permission_to_create
- Thread.current[:user] == self or
- (Thread.current[:user] and Thread.current[:user].is_admin)
+ current_user.andand.is_admin or
+ (self == current_user and
+ self.is_active == Rails.configuration.new_users_are_active)
end
def prevent_privilege_escalation
- if self.is_admin_changed? and !current_user.is_admin
- if current_user.uuid == self.uuid
- if self.is_admin != self.is_admin_was
- logger.warn "User #{self.uuid} tried to change is_admin from #{self.is_admin_was} to #{self.is_admin}"
- self.is_admin = self.is_admin_was
- end
+ if current_user.andand.is_admin
+ return true
+ end
+ if self.is_active_changed?
+ if self.is_active != self.is_active_was
+ logger.warn "User #{current_user.uuid} tried to change is_active from #{self.is_admin_was} to #{self.is_admin} for #{self.uuid}"
+ self.is_active = self.is_active_was
+ end
+ end
+ if self.is_admin_changed?
+ if self.is_admin != self.is_admin_was
+ logger.warn "User #{current_user.uuid} tried to change is_admin from #{self.is_admin_was} to #{self.is_admin} for #{self.uuid}"
+ self.is_admin = self.is_admin_was
end
end
true
end
+ def prevent_inactive_admin
+ if self.is_admin and not self.is_active
+ # There is no known use case for the strange set of permissions
+ # that would result from this change. It's safest to assume it's
+ # a mistake and disallow it outright.
+ raise "Admin users cannot be inactive"
+ end
+ true
+ end
+
def group_permissions
Rails.cache.fetch "groups_for_user_#{self.uuid}" do
permissions_from = {}
# Authentication stub: hard code pre-approved API tokens.
# config.accept_api_token = { rand(2**256).to_s(36) => true }
config.accept_api_token = {}
+
+ config.new_users_are_active = false
end
# Authentication stub: hard code pre-approved API tokens.
# config.accept_api_token = { rand(2**256).to_s(36) => true }
config.accept_api_token = {}
+
+ config.new_users_are_active = false
end
# Authentication stub: hard code pre-approved API tokens.
# config.accept_api_token = { rand(2**256).to_s(36) => true }
config.accept_api_token = {}
+
+ config.new_users_are_active = false
end
--- /dev/null
+class AddIsActiveToUsers < ActiveRecord::Migration
+ def change
+ add_column :users, :is_active, :boolean, :default => false
+ end
+end
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20130617150007) do
+ActiveRecord::Schema.define(:version => 20130626002829) do
create_table "api_client_authorizations", :force => true do |t|
t.string "api_token", :null => false
t.text "prefs"
t.datetime "updated_at"
t.string "default_owner"
+ t.boolean "is_active", :default => false
end
add_index "users", ["created_at"], :name => "index_users_on_created_at"