+ require 'can_be_an_owner'
+
class User < ArvadosModel
- include AssignUuid
+ include HasUuid
include KindAndEtag
include CommonApiTemplate
+ include CanBeAnOwner
+
serialize :prefs, Hash
has_many :api_client_authorizations
before_update :prevent_privilege_escalation
before_update :prevent_inactive_admin
before_create :check_auto_admin
after_create :add_system_group_permission_link
- after_create AdminNotifier
+ after_create :send_admin_notifications
has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
protected
+ def ensure_ownership_path_leads_to_user
+ true
+ end
+
def permission_to_update
# users must be able to update themselves (even if they are
# inactive) in order to create sessions
perm_exists = false
login_perms.each do |perm|
- if perm.properties[:username] == repo_name
+ if perm.properties['username'] == repo_name
perm_exists = true
break
end
head_uuid: vm[:uuid],
link_class: 'permission',
name: 'can_login',
- properties: {username: repo_name})
+ properties: {'username' => repo_name})
logger.info { "login permission: " + login_perm[:uuid] }
else
login_perm = login_perms.first
head_uuid: self.uuid)
end
end
+
+ # Send admin notifications
+ def send_admin_notifications
+ AdminNotifier.new_user(self).deliver
+ if not self.is_active then
+ AdminNotifier.new_inactive_user(self).deliver
+ end
+ end
end
common:
secret_token: ~
+ blob_signing_key: ~
uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %>
# Git repositories must be readable by api server, or you won't be
admin_notifier_email_from: arvados@example.com
email_subject_prefix: "[ARVADOS] "
user_notifier_email_from: arvados@example.com
+ new_user_notification_recipients: ''
+ new_inactive_user_notification_recipients: ''
# Visitors to the API server will be redirected to the workbench
workbench_address: https://workbench.local:3001/
assets.version: "1.0"
arvados_theme: default
+
+ # Default: do not advertise a websocket server.
+ websocket_address: false
+
+ # You can run the websocket server separately from the regular HTTP service
+ # by setting "ARVADOS_WEBSOCKETS=ws-only" in the environment before running
+ # the websocket server. When you do this, you need to set the following
+ # configuration variable so that the primary server can give out the correct
+ # address of the dedicated websocket server:
+ #websocket_address: wss://127.0.0.1:3333/websocket
+
+ # Amount of time (in seconds) for which a blob permission signature
+ # remains valid. Default: 2 weeks (1209600 seconds)
+ blob_signing_ttl: 1209600