From bbf58b8ed64c47900c7204e70fd342db90eb8348 Mon Sep 17 00:00:00 2001
From: Peter Amstutz <peter.amstutz@curii.com>
Date: Tue, 31 Mar 2020 17:12:31 -0400
Subject: [PATCH 1/1] 16263: Fix only_admin_can_bypass_federation

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
---
 services/api/app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index a3435d0b68..83a233cd54 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -141,7 +141,7 @@ class ApplicationController < ActionController::Base
   end
 
   def only_admin_can_bypass_federation
-    if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+    unless !params[:bypass_federation] || current_user.andand.is_admin
       send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
     end
   end
-- 
2.30.2