From 95e9d44b567a92664939f0f89bd45eedd6db67ab Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Mon, 4 May 2020 10:53:21 -0400 Subject: [PATCH] 16387: Allow batch update to set is_active=false for a remote user. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- services/api/app/controllers/arvados/v1/users_controller.rb | 5 ++++- services/api/app/models/user.rb | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb index d9ab5556ff..62da35ae86 100644 --- a/services/api/app/controllers/arvados/v1/users_controller.rb +++ b/services/api/app/controllers/arvados/v1/users_controller.rb @@ -54,7 +54,10 @@ class Arvados::V1::UsersController < ApplicationController @object = current_user end if not @object.is_active - if not (current_user.is_admin or @object.is_invited) + if @object.uuid[0..4] != Rails.configuration.ClusterID + logger.warn "Remote user #{@object.uuid} called users.activate" + raise ArgumentError.new "cannot activate remote account" + elsif not (current_user.is_admin or @object.is_invited) logger.warn "User #{@object.uuid} called users.activate " + "but is not invited" raise ArgumentError.new "Cannot activate without being invited." diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index dd447ca51a..ba451eb184 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -239,8 +239,9 @@ class User < ArvadosModel def must_unsetup_to_deactivate if self.is_active_changed? && - self.is_active_was == true && - !self.is_active + self.is_active_was && + !self.is_active && + self.uuid[0..4] == Rails.configuration.ClusterID group = Group.where(name: 'All users').select do |g| g[:uuid].match(/-f+$/) -- 2.30.2