Merge branch 'master' into 2681-new-inactive-user-notification

diff --combined services/api/app/models/user.rb
index 2e146872d6278da84b8177c96014964c4567a81c,d6dd9dc8a86df40852f7b5bd459ab04b37f0d74f..8aec7670c5c92d63326eee09e294bbe5519b9ee8
--- 1/services/api/app/models/user.rb
--- 2/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@@ -1,14 -1,18 +1,18 @@@
+ require 'can_be_an_owner'
+ 
  class User < ArvadosModel
-   include AssignUuid
+   include HasUuid
    include KindAndEtag
    include CommonApiTemplate
+   include CanBeAnOwner
+ 
    serialize :prefs, Hash
    has_many :api_client_authorizations
    before_update :prevent_privilege_escalation
    before_update :prevent_inactive_admin
    before_create :check_auto_admin
    after_create :add_system_group_permission_link
 -  after_create AdminNotifier
 +  after_create :send_admin_notifications
  
    has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
  
@@@ -177,6 -181,10 +181,10 @@@
  
    protected
  
+   def ensure_ownership_path_leads_to_user
+     true
+   end
+ 
    def permission_to_update
      # users must be able to update themselves (even if they are
      # inactive) in order to create sessions
@@@ -330,7 -338,7 +338,7 @@@
  
        perm_exists = false
        login_perms.each do |perm|
-         if perm.properties[:username] == repo_name
+         if perm.properties['username'] == repo_name
            perm_exists = true
            break
          end
@@@ -341,7 -349,7 +349,7 @@@
                                   head_uuid: vm[:uuid],
                                   link_class: 'permission',
                                   name: 'can_login',
-                                  properties: {username: repo_name})
+                                  properties: {'username' => repo_name})
          logger.info { "login permission: " + login_perm[:uuid] }
        else
          login_perm = login_perms.first
@@@ -394,12 -402,4 +402,12 @@@
                    head_uuid: self.uuid)
      end
    end
 +
 +  # Send admin notifications
 +  def send_admin_notifications
 +    AdminNotifier.new_user(self).deliver
 +    if not self.is_active then
 +      AdminNotifier.new_inactive_user(self).deliver
 +    end
 +  end
  end

diff --combined services/api/config/application.default.yml
index cb3d827f068a9d577523808e998f3882db57612c,a3ff6800be23bf336f8741a147c642000d1a69b9..88a8aeef8a833b1f68c8c5d3fb7fb260bbc6ea32
--- 1/services/api/config/application.default.yml
--- 2/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@@ -43,6 -43,7 +43,7 @@@ test
  
  common:
    secret_token: ~
+   blob_signing_key: ~
    uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %>
  
    # Git repositories must be readable by api server, or you won't be
@@@ -86,8 -87,6 +87,8 @@@
    admin_notifier_email_from: arvados@example.com
    email_subject_prefix: "[ARVADOS] "
    user_notifier_email_from: arvados@example.com
 +  new_user_notification_recipients: ''
 +  new_inactive_user_notification_recipients: ''
  
    # Visitors to the API server will be redirected to the workbench
    workbench_address: https://workbench.local:3001/
@@@ -114,3 -113,17 +115,17 @@@
    assets.version: "1.0"
  
    arvados_theme: default
+ 
+   # Default: do not advertise a websocket server.
+   websocket_address: false
+ 
+   # You can run the websocket server separately from the regular HTTP service
+   # by setting "ARVADOS_WEBSOCKETS=ws-only" in the environment before running
+   # the websocket server.  When you do this, you need to set the following
+   # configuration variable so that the primary server can give out the correct
+   # address of the dedicated websocket server:
+   #websocket_address: wss://127.0.0.1:3333/websocket
+ 
+   # Amount of time (in seconds) for which a blob permission signature
+   # remains valid.  Default: 2 weeks (1209600 seconds)
+   blob_signing_ttl: 1209600