From: Peter Amstutz <peter.amstutz@curii.com>
Date: Fri, 14 Aug 2020 13:57:53 +0000 (-0400)
Subject: 16683: Check that remote cluster id is presumed valid
X-Git-Tag: 2.1.0~139^2~1
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/2580743536835baedf91288dfb3599c0b11a3464

16683: Check that remote cluster id is presumed valid

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
---

diff --git a/services/api/app/models/link.rb b/services/api/app/models/link.rb
index 7f4433dd70..0d7334e44e 100644
--- a/services/api/app/models/link.rb
+++ b/services/api/app/models/link.rb
@@ -48,6 +48,7 @@ class Link < ArvadosModel
        !attr_value.nil? &&
        self.link_class == 'permission' &&
        attr_value[0..4] != Rails.configuration.ClusterID &&
+       ApiClientAuthorization.remote_host(uuid_prefix: attr_value[0..4]) &&
        ArvadosModel::resource_class_for_uuid(attr_value) == User
       # Permission link tail is a remote user (the user permissions
       # are being granted to), so bypass the standard check that a