From: Peter Amstutz <peter.amstutz@curii.com>
Date: Tue, 31 Mar 2020 21:12:31 +0000 (-0400)
Subject: 16263: Fix only_admin_can_bypass_federation
X-Git-Tag: 2.0.2~11
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/bbf58b8ed64c47900c7204e70fd342db90eb8348?hp=b79ae856450ab7442954b0454061173f8d3f540c

16263: Fix only_admin_can_bypass_federation

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
---

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index a3435d0b68..83a233cd54 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -141,7 +141,7 @@ class ApplicationController < ActionController::Base
   end
 
   def only_admin_can_bypass_federation
-    if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+    unless !params[:bypass_federation] || current_user.andand.is_admin
       send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
     end
   end