[ARVADOS] updated: 26745c3d05f3a49902ac892297f76d0bfb92a272
git at public.curoverse.com
git at public.curoverse.com
Tue Jan 21 13:54:13 EST 2014
Summary of changes:
.../app/controllers/arvados/v1/nodes_controller.rb | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
via 26745c3d05f3a49902ac892297f76d0bfb92a272 (commit)
from c0a50172a8cc8baf6eae682da361ac8328d79201 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 26745c3d05f3a49902ac892297f76d0bfb92a272
Author: Tom Clegg <tom at curoverse.com>
Date: Tue Jan 21 10:53:02 2014 -0800
Fix circumventing usual permission mechanism in nodes.ping.
diff --git a/services/api/app/controllers/arvados/v1/nodes_controller.rb b/services/api/app/controllers/arvados/v1/nodes_controller.rb
index d044482..8f5b097 100644
--- a/services/api/app/controllers/arvados/v1/nodes_controller.rb
+++ b/services/api/app/controllers/arvados/v1/nodes_controller.rb
@@ -1,5 +1,6 @@
class Arvados::V1::NodesController < ApplicationController
skip_before_filter :require_auth_scope_all, :only => :ping
+ skip_before_filter :find_object_by_uuid, :only => :ping
def create
@object = Node.new
@@ -12,6 +13,10 @@ class Arvados::V1::NodesController < ApplicationController
{ ping_secret: true }
end
def ping
+ @object = Node.where(uuid: (params[:id] || params[:uuid])).first
+ if !@object
+ return render_not_found
+ end
@object.ping({ ip: params[:local_ipv4] || request.env['REMOTE_ADDR'],
ping_secret: params[:ping_secret],
ec2_instance_id: params[:instance_id] })
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list