[ARVADOS] updated: 81c352f7deee9764811ada69878d8d69ce4cb674

git at public.curoverse.com git at public.curoverse.com
Tue Jun 24 10:13:26 EDT 2014 

Summary of changes:
 .../workbench/app/assets/javascripts/log_viewer.js |  2 +-
 .../app/controllers/application_controller.rb      | 29 +++++++++++-----------
 .../app/controllers/user_agreements_controller.rb  |  4 +--
 3 files changed, 18 insertions(+), 17 deletions(-)

       via  81c352f7deee9764811ada69878d8d69ce4cb674 (commit)
       via  5203c37f46410cb2833f95c39ade093c868401e6 (commit)
       via  bfaad44c23b334c91d347acb1517fd750f13e0c3 (commit)
      from  9cd91512d9b615ed2f0b2c8d260e8595aee0f6b1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 81c352f7deee9764811ada69878d8d69ce4cb674
Author: radhika <radhika at curoverse.com>
Date:   Tue Jun 24 09:46:39 2014 -0400

    2659: anonymous token filter chaining

diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 2a2cb48..3537142 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -8,11 +8,12 @@ class ApplicationController < ActionController::Base
   ERROR_ACTIONS = [:render_error, :render_not_found]
 
   around_filter :thread_clear
+  before_filter :permit_anonymous_browsing_if_no_thread_token
   around_filter :set_thread_api_token
   # Methods that don't require login should
   #   skip_around_filter :require_thread_api_token
   around_filter :require_thread_api_token, except: ERROR_ACTIONS
-  around_filter :use_anonymous_token_if_necessary
+  before_filter :permit_anonymous_browsing_for_inactive_user
   before_filter :check_user_agreements, except: ERROR_ACTIONS
   before_filter :check_user_notifications, except: ERROR_ACTIONS
   before_filter :find_object_by_uuid, except: [:index, :choose] + ERROR_ACTIONS
@@ -415,11 +416,6 @@ class ApplicationController < ActionController::Base
           redirect_to strip_token_from_path(request.fullpath)
           return
         end
-      elsif Rails.configuration.anonymous_user_token && !session[:arvados_api_token]
-        check_anonymous_token
-        if Thread.current[:arvados_api_token]
-          try_redirect_to_login = false
-        end
       else
         logger.debug "No token received, session is #{session.inspect}"
       end
@@ -466,19 +462,14 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def use_anonymous_token_if_necessary
-    check_anonymous_token
-    yield
-  end
-
-  def check_anonymous_token
+  def permit_anonymous_browsing_if_no_thread_token
     anonymous_user_token = Rails.configuration.anonymous_user_token
     if !anonymous_user_token
       Thread.current[:arvados_anonymous_api_token] = nil
       return
     end
 
-    if !Thread.current[:arvados_api_token]
+    if !Thread.current[:arvados_api_token] && !params[:api_token] && !session[:arvados_api_token]
       Thread.current[:arvados_api_token] = anonymous_user_token
       if verify_api_token 
         session[:arvados_api_token] = anonymous_user_token
@@ -497,7 +488,17 @@ class ApplicationController < ActionController::Base
         Thread.current[:arvados_api_token] = nil
         Thread.current[:arvados_anonymous_api_token] = nil
       end
-    elsif current_user && !current_user.andand.is_active
+    end
+  end
+
+  def permit_anonymous_browsing_for_inactive_user
+    anonymous_user_token = Rails.configuration.anonymous_user_token
+    if !anonymous_user_token
+      Thread.current[:arvados_anonymous_api_token] = nil
+      return
+    end
+
+    if current_user && !current_user.andand.is_active
       previous_api_token = Thread.current[:arvados_api_token]
       if anonymous_user_token != previous_api_token
         Thread.current[:arvados_api_token] = anonymous_user_token
diff --git a/apps/workbench/app/controllers/user_agreements_controller.rb b/apps/workbench/app/controllers/user_agreements_controller.rb
index 9596160..c889486 100644
--- a/apps/workbench/app/controllers/user_agreements_controller.rb
+++ b/apps/workbench/app/controllers/user_agreements_controller.rb
@@ -1,8 +1,8 @@
 class UserAgreementsController < ApplicationController
   skip_before_filter :check_user_agreements
   skip_before_filter :find_object_by_uuid
-  skip_around_filter :use_anonymous_token_if_necessary
-
+  skip_before_filter :permit_anonymous_browsing_if_no_thread_token
+  skip_before_filter :permit_anonymous_browsing_for_inactive_user
   def model_class
     Collection
   end

commit 5203c37f46410cb2833f95c39ade093c868401e6
Merge: 9cd9151 bfaad44
Author: radhika <radhika at curoverse.com>
Date:   Mon Jun 23 20:36:17 2014 -0400

    Merge branch 'master' into 2659-anonymous-group


-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list