From 2c292c1942746dfa7b93411d76a8374e1b0aff16 Mon Sep 17 00:00:00 2001
From: radhika chippada <radhika@radhika.curoverse>
Date: Fri, 4 Apr 2014 14:53:42 -0400
Subject: [PATCH] During setup of an existing user, create oid login
 permission, if it does not already exist.

---
 .../app/views/users/_setup_popup.html.erb     |  3 +-
 .../arvados/v1/users_controller.rb            |  3 +-
 services/api/app/models/user.rb               | 57 ++++++++++---------
 3 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/apps/workbench/app/views/users/_setup_popup.html.erb b/apps/workbench/app/views/users/_setup_popup.html.erb
index 475b6967ab..aed57da978 100644
--- a/apps/workbench/app/views/users/_setup_popup.html.erb
+++ b/apps/workbench/app/views/users/_setup_popup.html.erb
@@ -5,6 +5,7 @@
     <% end %>
     <% disable_email = uuid != nil %>
     <% identity_url_prefix = @current_selections[:identity_url_prefix] %>
+    <% disable_url_prefix = identity_url_prefix != nil %>
     <% selected_repo = @current_selections[:repo_name] %>
     <% selected_vm = @current_selections[:vm_uuid] %>
     
@@ -24,7 +25,7 @@
             <% end %>
           </tr>
           <tr>
-            <% if disable_email %>
+            <% if disable_url_prefix %>
               <td> Identity URL Prefix &nbsp </td>
               <td> <input id="openid_prefix" maxlength="250" name="openid_prefix" type="text" 
                     value="<%=identity_url_prefix%>" disabled=true > </td>
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index fe2d0da5d8..58661a0e9a 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -124,7 +124,8 @@ class Arvados::V1::UsersController < ApplicationController
     end
 
     if object_found
-      @response = @object.setup_repo_vm_links params[:repo_name], params[:vm_uuid]
+      @response = @object.setup_repo_vm_links params[:repo_name],
+                    params[:vm_uuid], params[:openid_prefix]
     else
       @response = User.setup @object, params[:openid_prefix],
                     params[:repo_name], params[:vm_uuid]
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 77e9778e61..e4881edf4e 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -111,39 +111,17 @@ class User < ArvadosModel
   end
 
   def self.setup(user, openid_prefix, repo_name=nil, vm_uuid=nil)
-    login_perm_props = {identity_url_prefix: openid_prefix}
-
-    # Check oid_login_perm
-    oid_login_perms = Link.where(tail_uuid: user.email,
-                                   head_kind: 'arvados#user',
-                                   link_class: 'permission',
-                                   name: 'can_login')
-
-    if !oid_login_perms.any?
-      # create openid login permission
-      oid_login_perm = Link.create(link_class: 'permission',
-                                   name: 'can_login',
-                                   tail_kind: 'email',
-                                   tail_uuid: user.email,
-                                   head_kind: 'arvados#user',
-                                   head_uuid: user.uuid,
-                                   properties: login_perm_props
-                                  )
-      logger.info { "openid login permission: " + oid_login_perm[:uuid] }
-    else
-      oid_login_perm = oid_login_perms.first
-    end
-
-    return [oid_login_perm] + user.setup_repo_vm_links(repo_name, vm_uuid)
+    return user.setup_repo_vm_links(repo_name, vm_uuid, openid_prefix)
   end
 
   # create links
-  def setup_repo_vm_links(repo_name, vm_uuid)
+  def setup_repo_vm_links(repo_name, vm_uuid, openid_prefix)
+    oid_login_perm = create_oid_login_perm openid_prefix
     repo_perm = create_user_repo_link repo_name
     vm_login_perm = create_vm_login_permission_link vm_uuid, repo_name
     group_perm = create_user_group_link
 
-    return [repo_perm, vm_login_perm, group_perm, self].compact
+    return [oid_login_perm, repo_perm, vm_login_perm, group_perm, self].compact
   end
 
   # delete user signatures, login, repo, and vm perms, and mark as inactive
@@ -270,6 +248,33 @@ class User < ArvadosModel
     merged
   end
 
+  def create_oid_login_perm (openid_prefix)
+    login_perm_props = {identity_url_prefix: openid_prefix}
+
+    # Check oid_login_perm
+    oid_login_perms = Link.where(tail_uuid: self.email,
+                                   head_kind: 'arvados#user',
+                                   link_class: 'permission',
+                                   name: 'can_login')
+
+    if !oid_login_perms.any?
+      # create openid login permission
+      oid_login_perm = Link.create(link_class: 'permission',
+                                   name: 'can_login',
+                                   tail_kind: 'email',
+                                   tail_uuid: self.email,
+                                   head_kind: 'arvados#user',
+                                   head_uuid: self.uuid,
+                                   properties: login_perm_props
+                                  )
+      logger.info { "openid login permission: " + oid_login_perm[:uuid] }
+    else
+      oid_login_perm = oid_login_perms.first
+    end
+
+    return oid_login_perm
+  end
+
   def create_user_repo_link(repo_name)
     # repo_name is optional
     if not repo_name
-- 
2.30.2