object found" logic; fix status codes in some error responses.
:render_error,
:render_not_found]
before_filter :reload_object_before_update, :only => :update
+ before_filter :render_404_if_no_object, except: [:index, :create,
+ :render_error,
+ :render_not_found]
attr_accessor :resource_attrs
end
def show
- if @object
- render json: @object.as_api_response
- else
- render_not_found("object not found")
- end
+ render json: @object.as_api_response
end
def create
end
def update
- if !@object
- return render_not_found("object not found")
- end
attrs_to_update = resource_attrs.reject { |k,v|
[:kind, :etag, :href].index k
}
:with => :render_error
end
+ def render_404_if_no_object
+ render_not_found "Object not found" if !@object
+ end
+
def render_error(e)
logger.error e.inspect
logger.error e.backtrace.collect { |x| x + "\n" }.join('') if e.backtrace
accept_attribute_as_json :runtime_constraints, Hash
accept_attribute_as_json :tasks_summary, Hash
skip_before_filter :find_object_by_uuid, :only => :queue
+ skip_before_filter :render_404_if_no_object, :only => :queue
def index
want_ancestor = @where[:script_version_descends_from]
class Arvados::V1::KeepDisksController < ApplicationController
skip_before_filter :require_auth_scope_all, :only => :ping
- skip_before_filter :find_object_by_uuid, :only => :ping
def self._ping_requires_parameters
{
}
end
def ping
- @object = Node.where(uuid: (params[:id] || params[:uuid])).first
- if !@object
- if current_user.andand.is_admin
- @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
- @object.save!
-
- # In the first ping from this new filesystem_uuid, we can't
- # expect the keep node to know the ping_secret so we made sure
- # we got an admin token. Here we add ping_secret to params so
- # KeepNode.ping() understands this update is properly
- # authenticated.
- params[:ping_secret] = @object.ping_secret
- else
- return render_not_found "object not found"
- end
- end
-
params[:service_host] ||= request.env['REMOTE_ADDR']
if not @object.ping params
return render_not_found "object not found"
end
+ # Render the :superuser view (i.e., include the ping_secret) even
+ # if !current_user.is_admin. This is safe because @object.ping's
+ # success implies the ping_secret was already known by the client.
render json: @object.as_api_response(:superuser)
end
@objects = model_class.where('1=1')
super
end
+
+ def find_object_by_uuid
+ @object = KeepDisk.where(uuid: (params[:id] || params[:uuid])).first
+ if !@object && current_user.andand.is_admin
+ # Create a new KeepDisk and ping it.
+ @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
+ @object.save!
+
+ # In the first ping from this new filesystem_uuid, we can't
+ # expect the keep node to know the ping_secret so we made sure
+ # we got an admin token. Here we add ping_secret to params so
+ # KeepNode.ping() understands this update is properly
+ # authenticated.
+ params[:ping_secret] = @object.ping_secret
+ end
+ end
end
class Arvados::V1::NodesController < ApplicationController
skip_before_filter :require_auth_scope_all, :only => :ping
skip_before_filter :find_object_by_uuid, :only => :ping
+ skip_before_filter :render_404_if_no_object, :only => :ping
def create
@object = Node.new
class Arvados::V1::SchemaController < ApplicationController
skip_before_filter :find_object_by_uuid
+ skip_before_filter :render_404_if_no_object
skip_before_filter :require_auth_scope_all
def show
class Arvados::V1::UserAgreementsController < ApplicationController
before_filter :admin_required, except: [:index, :sign, :signatures]
- skip_before_filter :find_object, only: [:sign, :signatures]
+ skip_before_filter :find_object_by_uuid, only: [:sign, :signatures]
+ skip_before_filter :render_404_if_no_object, only: [:sign, :signatures]
def model_class
Link
class Arvados::V1::UsersController < ApplicationController
+ skip_before_filter :find_object_by_uuid, only:
+ [:activate, :event_stream, :current, :system]
+ skip_before_filter :render_404_if_no_object, only:
+ [:activate, :event_stream, :current, :system]
+
def current
@object = current_user
show
else
logger.warn "User #{@object.uuid} called users.activate " +
"before signing agreements #{todo_uuids.inspect}"
- raise ArgumentError.new \
+ raise ArvadosModel::PermissionDeniedError.new \
"Cannot activate without user agreements #{todo_uuids.inspect}."
end
end
class Arvados::V1::VirtualMachinesController < ApplicationController
skip_before_filter :find_object_by_uuid, :only => :get_all_logins
+ skip_before_filter :render_404_if_no_object, :only => :get_all_logins
skip_before_filter(:require_auth_scope_all,
:only => [:logins, :get_all_logins])
before_filter(:admin_required,
class StaticController < ApplicationController
skip_before_filter :find_object_by_uuid
+ skip_before_filter :render_404_if_no_object
skip_before_filter :require_auth_scope_all, :only => [ :home, :login_failure ]
def home
before_filter :require_auth_scope_all, :only => [ :destroy ]
skip_before_filter :find_object_by_uuid
+ skip_before_filter :render_404_if_no_object
respond_to :html
name: Public
description: Public Group
+private:
+ uuid: zzzzz-j7d0g-rew6elm53kancon
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ name: Private
+ description: Private Group
+
all_users:
uuid: zzzzz-j7d0g-fffffffffffffff
owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
head_uuid: b519d9cb706a29fc7ea24dbea2f05851
properties: {}
+user_agreement_readable:
+ uuid: zzzzz-o0j2j-qpf60gg4fwjlmex
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2014-01-24 20:42:26 -0800
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2014-01-24 20:42:26 -0800
+ updated_at: 2014-01-24 20:42:26 -0800
+ tail_kind: arvados#group
+ tail_uuid: zzzzz-j7d0g-fffffffffffffff
+ link_class: permission
+ name: can_read
+ head_kind: arvados#collection
+ head_uuid: b519d9cb706a29fc7ea24dbea2f05851
+ properties: {}
+
+active_user_member_of_all_users_group:
+ uuid: zzzzz-o0j2j-ctbysaduejxfrs5
+ owner_uuid: zzzzz-tpzed-000000000000000
+ created_at: 2014-01-24 20:42:26 -0800
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2014-01-24 20:42:26 -0800
+ updated_at: 2014-01-24 20:42:26 -0800
+ tail_kind: arvados#user
+ tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ link_class: permission
+ name: can_read
+ head_kind: arvados#group
+ head_uuid: zzzzz-j7d0g-fffffffffffffff
+ properties: {}
+
user_agreement_signed_by_active:
uuid: zzzzz-o0j2j-4x85a69tqlrud1z
owner_uuid: zzzzz-tpzed-000000000000000
class Arvados::V1::GroupsControllerTest < ActionController::TestCase
+ test "attempt to delete group without read or write access" do
+ authorize_with :active
+ post :destroy, id: groups(:private).uuid
+ assert_response 404
+ end
+
test "attempt to delete group without write access" do
authorize_with :active
- post :destroy, id: groups(:public).uuid
+ post :destroy, id: groups(:all_users).uuid
assert_response 403
end
class Arvados::V1::KeepDisksControllerTest < ActionController::TestCase
- test "add keep node with admin token" do
+ test "add keep disk with admin token" do
authorize_with :admin
post :ping, {
ping_secret: '', # required by discovery doc, but ignored
}
assert_response :success
assert_not_nil assigns(:object)
- new_keep_node = JSON.parse(@response.body)
- assert_not_nil new_keep_node['uuid']
- assert_not_nil new_keep_node['ping_secret']
- assert_not_equal '', new_keep_node['ping_secret']
+ new_keep_disk = JSON.parse(@response.body)
+ assert_not_nil new_keep_disk['uuid']
+ assert_not_nil new_keep_disk['ping_secret']
+ assert_not_equal '', new_keep_disk['ping_secret']
end
- test "add keep node with no filesystem_uuid" do
+ test "add keep disk with no filesystem_uuid" do
authorize_with :admin
opts = {
ping_secret: '',
assert_not_nil JSON.parse(@response.body)['uuid']
end
- test "refuse to add keep node without admin token" do
+ test "refuse to add keep disk without admin token" do
post :ping, {
ping_secret: '',
service_host: '::1',
assert_response 404
end
- test "ping from keep node" do
+ test "ping keep disk" do
post :ping, {
uuid: keep_disks(:nonfull).uuid,
ping_secret: keep_disks(:nonfull).ping_secret,
}
assert_response :success
assert_not_nil assigns(:object)
- keep_node = JSON.parse(@response.body)
- assert_not_nil keep_node['uuid']
- assert_not_nil keep_node['ping_secret']
+ keep_disk = JSON.parse(@response.body)
+ assert_not_nil keep_disk['uuid']
+ assert_not_nil keep_disk['ping_secret']
end
- test "should get index with ping_secret" do
+ test "admin should get index with ping_secret" do
authorize_with :admin
get :index
assert_response :success
assert_not_nil items[0]['ping_secret']
end
- # inactive user does not see any keep disks
- test "inactive user should get empty index" do
+ # inactive user sees keep disks
+ test "inactive user should get index" do
authorize_with :inactive
get :index
assert_response :success
items = JSON.parse(@response.body)['items']
- assert_equal 0, items.size
+ assert_not_equal 0, items.size
end
# active user sees non-secret attributes of keep disks
assert_response :success
me = JSON.parse(@response.body)
post :activate, uuid: me['uuid']
- assert_response 422
+ assert_response 403
get :current
assert_response :success
me = JSON.parse(@response.body)