[ARVADOS] created: 4533d1324030520f24f6cc7b09abfdf1822d4892
Git user
git at public.curoverse.com
Tue Jun 27 11:40:22 EDT 2017
at 4533d1324030520f24f6cc7b09abfdf1822d4892 (commit)
commit 4533d1324030520f24f6cc7b09abfdf1822d4892
Author: Tom Clegg <tom at curoverse.com>
Date: Tue Mar 7 17:18:37 2017 -0500
3853: Do not try to look up collections by PDH for update/delete.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curoverse.com>
diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb
index b5dd07e..41ee61a 100644
--- a/services/api/app/controllers/arvados/v1/collections_controller.rb
+++ b/services/api/app/controllers/arvados/v1/collections_controller.rb
@@ -29,7 +29,8 @@ class Arvados::V1::CollectionsController < ApplicationController
end
def find_object_by_uuid
- if loc = Keep::Locator.parse(params[:id])
+ if %w(show provenance used_by).include?(action_name) &&
+ (loc = Keep::Locator.parse(params[:id]))
loc.strip_hints!
if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first
@object = {
diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb
index 70f35f3..35ba6ab 100644
--- a/services/api/test/functional/arvados/v1/collections_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb
@@ -293,6 +293,18 @@ EOS
end
end
+ test "cannot update collection using portable data hash" do
+ authorize_with :active
+ foo_collection = collections(:foo_file)
+ post :update, {
+ id: collections(:foo_file)[:portable_data_hash],
+ collection: {
+ name: "foo_file",
+ }
+ }
+ assert_response 404
+ end
+
test "create with owner_uuid set to owned group" do
permit_unsigned_manifests
authorize_with :active
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list