[ARVADOS] created: 5eae182afd14464656cb602f03925be0e0a0483d

[Git user]

        at  5eae182afd14464656cb602f03925be0e0a0483d (commit)


commit 5eae182afd14464656cb602f03925be0e0a0483d
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Mar 7 17:18:37 2017 -0500

    3853: Do not try to look up collections by PDH for update/delete actions.

diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb
index 2beb1e7..33159f7 100644
--- a/services/api/app/controllers/arvados/v1/collections_controller.rb
+++ b/services/api/app/controllers/arvados/v1/collections_controller.rb
@@ -23,7 +23,8 @@ class Arvados::V1::CollectionsController < ApplicationController
   end
 
   def find_object_by_uuid
-    if loc = Keep::Locator.parse(params[:id])
+    if %w(show provenance used_by).include?(action_name) &&
+        (loc = Keep::Locator.parse(params[:id]))
       loc.strip_hints!
       if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first
         @object = {
diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb
index 2391fc1..af8bbb3 100644
--- a/services/api/test/functional/arvados/v1/collections_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb
@@ -293,6 +293,18 @@ EOS
     end
   end
 
+  test "cannot update collection using portable data hash" do
+    authorize_with :active
+    foo_collection = collections(:foo_file)
+    post :update, {
+      id: collections(:foo_file)[:portable_data_hash],
+      collection: {
+        name: "foo_file",
+      }
+    }
+    assert_response 404
+  end
+
   test "create with owner_uuid set to owned group" do
     permit_unsigned_manifests
     authorize_with :active

-----------------------------------------------------------------------


hooks/post-receive
--