[ARVADOS] updated: b7c7f20d17afc11d2cce7bfee2205a26dc4a4762
git at public.curoverse.com
git at public.curoverse.com
Thu May 14 18:32:34 EDT 2015
Summary of changes:
apps/workbench/app/controllers/collections_controller.rb | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
via b7c7f20d17afc11d2cce7bfee2205a26dc4a4762 (commit)
from 01574a902d99cba21ed53e62cef6bef683bed2a2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit b7c7f20d17afc11d2cce7bfee2205a26dc4a4762
Author: Brett Smith <brett at curoverse.com>
Date: Thu May 14 18:32:02 2015 -0400
5915: Workbench tries the anonymous reader token first for collection wget listing.
This is necessary to make sure we provide a usable token to arv-get.
If we don't check the anonymous reader token first, we might decide
that another token is usable when in actuality, the reader token is
the one that worked. Closes #5915.
diff --git a/apps/workbench/app/controllers/collections_controller.rb b/apps/workbench/app/controllers/collections_controller.rb
index 0610fd2..d4ea86c 100644
--- a/apps/workbench/app/controllers/collections_controller.rb
+++ b/apps/workbench/app/controllers/collections_controller.rb
@@ -119,10 +119,14 @@ class CollectionsController < ApplicationController
# we ask the API server if the file actually exists. This serves two
# purposes: it lets us return a useful status code for common errors, and
# helps us figure out which token to provide to arv-get.
+ # The order of searched tokens is important: because the anonymous user
+ # token is passed along with every API request, we have to check it first.
+ # Otherwise, it's impossible to know whether any other request succeeded
+ # because of the reader token.
coll = nil
- tokens = [Thread.current[:arvados_api_token],
+ tokens = [(Rails.configuration.anonymous_user_token || nil),
params[:reader_token],
- (Rails.configuration.anonymous_user_token || nil)].compact
+ Thread.current[:arvados_api_token]].compact
usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list