From 5d8ebb8d00de8c3afa59045fa929536ff8973881 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Tue, 19 Feb 2019 17:28:26 -0500 Subject: [PATCH] 14807: Fix admin permissions for containers. Admins are allowed to see all containers, even ones that aren't associated with any container request. Otherwise, when a container request retries, even the dispatcher can't see the previously assigned container, and therefore never learns that the container is supposed to be cancelled. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- services/api/app/models/container.rb | 3 +++ services/api/test/unit/container_test.rb | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb index bd586907ee..0682676c5c 100644 --- a/services/api/app/models/container.rb +++ b/services/api/app/models/container.rb @@ -375,6 +375,9 @@ class Container < ArvadosModel else kwargs = {} end + if users_list.select { |u| u.is_admin }.any? + return super + end Container.where(ContainerRequest.readable_by(*users_list).where("containers.uuid = container_requests.container_uuid").exists) end diff --git a/services/api/test/unit/container_test.rb b/services/api/test/unit/container_test.rb index 2a9ff5bf4c..dac08d4b69 100644 --- a/services/api/test/unit/container_test.rb +++ b/services/api/test/unit/container_test.rb @@ -677,6 +677,14 @@ class ContainerTest < ActiveSupport::TestCase assert_equal 1, Container.readable_by(users(:active)).where(state: "Queued").count end + test "Containers with no matching request are readable by admin" do + uuids = Container.includes('container_requests').where(container_requests: {uuid: nil}).collect(&:uuid) + assert_not_empty uuids + assert_empty Container.readable_by(users(:active)).where(uuid: uuids) + assert_not_empty Container.readable_by(users(:admin)).where(uuid: uuids) + assert_equal uuids.count, Container.readable_by(users(:admin)).where(uuid: uuids).count + end + test "Container locked cancel" do set_user_from_auth :active c, _ = minimal_new -- 2.30.2