From e94ed22c9f40ecafd3cb1ee1349eaee018b4d883 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Mon, 4 May 2020 10:53:21 -0400 Subject: [PATCH 1/1] 16387: Allow batch update to set is_active=false for a remote user. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- services/api/app/controllers/arvados/v1/users_controller.rb | 5 ++++- services/api/app/models/user.rb | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb index 6a5fbbc509..647b62fea8 100644 --- a/services/api/app/controllers/arvados/v1/users_controller.rb +++ b/services/api/app/controllers/arvados/v1/users_controller.rb @@ -51,7 +51,10 @@ class Arvados::V1::UsersController < ApplicationController @object = current_user end if not @object.is_active - if not (current_user.is_admin or @object.is_invited) + if @object.uuid[0..4] != Rails.configuration.ClusterID + logger.warn "Remote user #{@object.uuid} called users.activate" + raise ArgumentError.new "cannot activate remote account" + elsif not (current_user.is_admin or @object.is_invited) logger.warn "User #{@object.uuid} called users.activate " + "but is not invited" raise ArgumentError.new "Cannot activate without being invited." diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 310c2ca698..3f0a970629 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -239,8 +239,9 @@ class User < ArvadosModel def must_unsetup_to_deactivate if self.is_active_changed? && - self.is_active_was == true && - !self.is_active + self.is_active_was && + !self.is_active && + self.uuid[0..4] == Rails.configuration.ClusterID group = Group.where(name: 'All users').select do |g| g[:uuid].match(/-f+$/) -- 2.30.2