projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b2fe910)
20831: Make the IsAdmin and IsInvited pointers so they are nullable
authorPeter Amstutz <peter.amstutz@curii.com>
Fri, 17 Nov 2023 16:16:24 +0000 (11:16 -0500)
committerPeter Amstutz <peter.amstutz@curii.com>
Fri, 17 Nov 2023 16:16:24 +0000 (11:16 -0500)
Required to correctly handle both where the API does or does not
return the is_admin and is_invited fields when updating from remote
user records.

Also added DiscoveryDocument to arvados.API

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

lib/controller/localdb/container_gateway.go patch | blob | history
sdk/go/arvados/user.go patch | blob | history
sdk/go/arvadostest/api.go patch | blob | history
services/api/app/controllers/arvados/v1/schema_controller.rb patch | blob | history
services/keep-balance/balance.go patch | blob | history
services/keep-web/handler.go patch | blob | history
services/keepproxy/keepproxy.go patch | blob | history

diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 0b6a630faea3707a2fdf59164cf2f96e04750644..376f55b7b3f65d0be7121d07e0a5e985a33a7c07 100644 (file)
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -349,7 +349,7 @@ func (conn *Conn) ContainerSSH(ctx context.Context, opts arvados.ContainerSSHOpt
                return sshconn, err
        }
        ctxRoot := auth.NewContext(ctx, &auth.Credentials{Tokens: []string{conn.cluster.SystemRootToken}})
-       if !user.IsAdmin || !conn.cluster.Containers.ShellAccess.Admin {
+       if !*user.IsAdmin || !conn.cluster.Containers.ShellAccess.Admin {
                if !conn.cluster.Containers.ShellAccess.User {
                        return sshconn, httpserver.ErrorWithStatus(errors.New("shell access is disabled in config"), http.StatusServiceUnavailable)
                }
diff --git a/sdk/go/arvados/user.go b/sdk/go/arvados/user.go
index 2fb061e7fb818840fc8e1c42ae10e771c45e1ee5..8dd71f2b72b1fe6226b6af31f9b9c960ac3dd858 100644 (file)
--- a/sdk/go/arvados/user.go
+++ b/sdk/go/arvados/user.go
@@ -11,14 +11,14 @@ type User struct {
        UUID                 string                 `json:"uuid"`
        Etag                 string                 `json:"etag"`
        IsActive             bool                   `json:"is_active"`
-       IsAdmin              bool                   `json:"is_admin"`
+       IsAdmin              *bool                  `json:"is_admin,omitempty"`
        Username             string                 `json:"username"`
        Email                string                 `json:"email"`
        FullName             string                 `json:"full_name"`
        FirstName            string                 `json:"first_name"`
        LastName             string                 `json:"last_name"`
        IdentityURL          string                 `json:"identity_url"`
-       IsInvited            bool                   `json:"is_invited"`
+       IsInvited            *bool                  `json:"is_invited,omitempty"`
        OwnerUUID            string                 `json:"owner_uuid"`
        CreatedAt            time.Time              `json:"created_at"`
        ModifiedAt           time.Time              `json:"modified_at"`
diff --git a/sdk/go/arvadostest/api.go b/sdk/go/arvadostest/api.go
index 4e214414d7132eb4d9b17ef9007f103ac7d19352..b5f8e962dcf5654ed56cdc2f3997a0622602e3e3 100644 (file)
--- a/sdk/go/arvadostest/api.go
+++ b/sdk/go/arvadostest/api.go
@@ -40,6 +40,10 @@ func (as *APIStub) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error
        as.appendCall(ctx, as.VocabularyGet, nil)
        return arvados.Vocabulary{}, as.Error
 }
+func (as *APIStub) DiscoveryDocument(ctx context.Context) (arvados.DiscoveryDocument, error) {
+       as.appendCall(ctx, as.DiscoveryDocument, nil)
+       return arvados.DiscoveryDocument{}, as.Error
+}
 func (as *APIStub) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) {
        as.appendCall(ctx, as.Login, options)
        return arvados.LoginResponse{}, as.Error
diff --git a/services/api/app/controllers/arvados/v1/schema_controller.rb b/services/api/app/controllers/arvados/v1/schema_controller.rb
index e200870da5f2cc5e17a43df24840f83724b5ca54..74aa4078cbea66a6da3138cfd4a46f9ece81e350 100644 (file)
--- a/services/api/app/controllers/arvados/v1/schema_controller.rb
+++ b/services/api/app/controllers/arvados/v1/schema_controller.rb
@@ -36,7 +36,7 @@ class Arvados::V1::SchemaController < ApplicationController
       # format is YYYYMMDD, must be fixed width (needs to be lexically
       # sortable), updated manually, may be used by clients to
       # determine availability of API server features.
-      revision: "20220510",
+      revision: "20231117",
       source_version: AppVersion.hash,
       sourceVersion: AppVersion.hash, # source_version should be deprecated in the future
       packageVersion: AppVersion.package_version,
diff --git a/services/keep-balance/balance.go b/services/keep-balance/balance.go
index e44dfeda8748aec51e18cd55118c15d509d8fc12..0b865d74757aa9a1627bafd75e337ef193a6f07e 100644 (file)
--- a/services/keep-balance/balance.go
+++ b/services/keep-balance/balance.go
@@ -267,7 +267,7 @@ func (bal *Balancer) CheckSanityEarly(c *arvados.Client) error {
        if err != nil {
                return fmt.Errorf("CurrentUser(): %v", err)
        }
-       if !u.IsActive || !u.IsAdmin {
+       if !u.IsActive || !*u.IsAdmin {
                return fmt.Errorf("current user (%s) is not an active admin user", u.UUID)
        }
        for _, srv := range bal.KeepServices {
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 123c4fe34da3d1dba8ae504b9867a410cd5022b5..b5e0e7e896d6ff34edee3c6e9c7d0b653499d947 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -851,7 +851,7 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc
 func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
        var permitDownload bool
        var permitUpload bool
-       if tokenUser != nil && tokenUser.IsAdmin {
+       if tokenUser != nil && tokenUser.IsAdmin != nil && *tokenUser.IsAdmin {
                permitUpload = h.Cluster.Collections.WebDAVPermission.Admin.Upload
                permitDownload = h.Cluster.Collections.WebDAVPermission.Admin.Download
        } else {
diff --git a/services/keepproxy/keepproxy.go b/services/keepproxy/keepproxy.go
index 2090c506869d69419ffff32d14abf0aa7bfd58fd..964eaa7bdf442f5d08f1cb681930c2394e2cafaa 100644 (file)
--- a/services/keepproxy/keepproxy.go
+++ b/services/keepproxy/keepproxy.go
@@ -151,7 +151,7 @@ func (h *proxyHandler) checkAuthorizationHeader(req *http.Request) (pass bool, t
                return false, "", nil
        }
 
-       if userCurrentError == nil && user.IsAdmin {
+       if userCurrentError == nil && *user.IsAdmin {
                // checking userCurrentError is probably redundant,
                // IsAdmin would be false anyway. But can't hurt.
                if op == "read" && !h.cluster.Collections.KeepproxyPermission.Admin.Download {