[ARVADOS] created: 187382bb88eee65d887c004d73eddf46cbd86bc2

[Git user]

        at  187382bb88eee65d887c004d73eddf46cbd86bc2 (commit)


commit 187382bb88eee65d887c004d73eddf46cbd86bc2
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Jul 12 10:58:48 2017 -0400

    11960: Fix permission checking for "delete" events.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curoverse.com>

diff --git a/services/ws/session_v0.go b/services/ws/session_v0.go
index daa5208..db60738 100644
--- a/services/ws/session_v0.go
+++ b/services/ws/session_v0.go
@@ -99,7 +99,17 @@ func (sess *v0session) EventMessage(e *event) ([]byte, error) {
 		return nil, nil
 	}
 
-	ok, err := sess.permChecker.Check(detail.ObjectUUID)
+	var permTarget string
+	if detail.EventType == "delete" {
+		// It's pointless to check permission by reading
+		// ObjectUUID if it has just been deleted, but if the
+		// client has permission on the parent project then
+		// it's OK to send the event.
+		permTarget = detail.ObjectOwnerUUID
+	} else {
+		permTarget = detail.ObjectUUID
+	}
+	ok, err := sess.permChecker.Check(permTarget)
 	if err != nil || !ok {
 		return nil, err
 	}

commit 0041af13b61716fb9044c050b2ef34a3315566d6
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Jul 12 10:57:49 2017 -0400

    11960: Fix permission checking for events on trashed collections.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curoverse.com>

diff --git a/services/ws/permission.go b/services/ws/permission.go
index b40c1fa..a39a959 100644
--- a/services/ws/permission.go
+++ b/services/ws/permission.go
@@ -74,7 +74,8 @@ func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
 
 	pc.nMisses++
 	err = pc.RequestAndDecode(&buf, "GET", path, nil, url.Values{
-		"select": {`["uuid"]`},
+		"include_trash": {"true"},
+		"select":        {`["uuid"]`},
 	})
 
 	var allowed bool

commit a3bfffe950102b82b6655b91038bba9e6b085f03
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Jul 12 10:17:05 2017 -0400

    11960: Include is_trashed in old/new attributes sent to client.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curoverse.com>

diff --git a/services/ws/session_v0.go b/services/ws/session_v0.go
index bc7e6ec..daa5208 100644
--- a/services/ws/session_v0.go
+++ b/services/ws/session_v0.go
@@ -20,7 +20,16 @@ var (
 	errQueueFull   = errors.New("client queue full")
 	errFrameTooBig = errors.New("frame too big")
 
-	sendObjectAttributes = []string{"state", "name", "owner_uuid", "portable_data_hash"}
+	// Send clients only these keys from the
+	// log.properties.old_attributes and
+	// log.properties.new_attributes hashes.
+	sendObjectAttributes = []string{
+		"is_trashed",
+		"name",
+		"owner_uuid",
+		"portable_data_hash",
+		"state",
+	}
 
 	v0subscribeOK   = []byte(`{"status":200}`)
 	v0subscribeFail = []byte(`{"status":400}`)

-----------------------------------------------------------------------


hooks/post-receive
--