[ARVADOS] updated: 1.1.4-191-g4b4bb33
Git user
git at public.curoverse.com
Fri May 4 15:12:35 EDT 2018
Summary of changes:
build/run-tests.sh | 2 +-
.../app/controllers/arvados/v1/users_controller.rb | 32 +++++++++++++-----
services/api/app/models/user.rb | 38 ++++++++++++++++++----
3 files changed, 56 insertions(+), 16 deletions(-)
via 4b4bb33aca0e12ae06bce395f02031890d6ef8bc (commit)
via c7cb2008660e30725a73b8c3ce5034d904e758c1 (commit)
via 6a07b65a896407afa11d0cd4deef78d779e6725a (commit)
via 70bdd5059c6a312956164eb4c257ee39c4bca0cb (commit)
via 6a7c542a065b79f3506b4a21ae5f791d99615efd (commit)
from 26538afdf1c8fdad14208d08a19bafb41e42044c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 4b4bb33aca0e12ae06bce395f02031890d6ef8bc
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Fri May 4 15:09:46 2018 -0400
12626: Advertise required params for users#merge in discovery doc.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index f473b92..d2126ec 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -165,6 +165,20 @@ class Arvados::V1::UsersController < ApplicationController
protected
+ def self._merge_requires_parameters
+ {
+ new_owner_uuid: {
+ type: 'string', required: true,
+ },
+ new_user_token: {
+ type: 'string', required: true,
+ },
+ redirect_to_new_user: {
+ type: 'boolean', required: false,
+ },
+ }
+ end
+
def self._setup_requires_parameters
{
user: {
commit c7cb2008660e30725a73b8c3ce5034d904e758c1
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Fri May 4 15:09:36 2018 -0400
12626: Improve error message.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index d1f0ad4..f473b92 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -148,7 +148,7 @@ class Arvados::V1::UsersController < ApplicationController
end
if !new_user.can?(write: params[:new_owner_uuid])
- return send_error("new_owner_uuid is not writable", status: 403)
+ return send_error("cannot move objects into supplied new_owner_uuid: new user does not have write permission", status: 403)
end
redirect = params[:redirect_to_new_user]
commit 6a07b65a896407afa11d0cd4deef78d779e6725a
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Fri May 4 14:59:41 2018 -0400
12626: Change variable dst_user -> new_user for consistency.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 3a2b347..d1f0ad4 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -132,22 +132,22 @@ class Arvados::V1::UsersController < ApplicationController
return send_error("cannot merge with a scoped token", status: 403)
end
- dst_auth = ApiClientAuthorization.validate(token: params[:new_user_token])
- if !dst_auth
+ new_auth = ApiClientAuthorization.validate(token: params[:new_user_token])
+ if !new_auth
return send_error("invalid new_user_token", status: 401)
end
- if !dst_auth.api_client.andand.is_trusted
+ if !new_auth.api_client.andand.is_trusted
return send_error("supplied new_user_token is not from a trusted client", status: 403)
- elsif dst_auth.scopes != ['all']
+ elsif new_auth.scopes != ['all']
return send_error("supplied new_user_token has restricted scope", status: 403)
end
- dst_user = dst_auth.user
+ new_user = new_auth.user
- if current_user.uuid == dst_user.uuid
+ if current_user.uuid == new_user.uuid
return send_error("cannot merge user to self", status: 422)
end
- if !dst_user.can?(write: params[:new_owner_uuid])
+ if !new_user.can?(write: params[:new_owner_uuid])
return send_error("new_owner_uuid is not writable", status: 403)
end
@@ -158,7 +158,7 @@ class Arvados::V1::UsersController < ApplicationController
@object = current_user
act_as_system_user do
- @object.merge(new_owner_uuid: params[:new_owner_uuid], redirect_to_user_uuid: redirect && dst_user.uuid)
+ @object.merge(new_owner_uuid: params[:new_owner_uuid], redirect_to_user_uuid: redirect && new_user.uuid)
end
show
end
commit 70bdd5059c6a312956164eb4c257ee39c4bca0cb
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Fri May 4 14:56:23 2018 -0400
12626: Be more selective/explicit about changing various UUIDs.
Update comments.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 4296d61..a9a6a23 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -275,31 +275,57 @@ class User < ArvadosModel
end
end
- # Merge this user's owned items into dst_user.
+ # Move this user's (i.e., self's) owned items into new_owner_uuid.
+ # Also redirect future uses of this account to
+ # redirect_to_user_uuid, i.e., when a caller authenticates to this
+ # account in the future, the account redirect_to_user_uuid account
+ # will be used instead.
+ #
+ # current_user must have admin privileges, i.e., the caller is
+ # responsible for checking permission to do this.
def merge(new_owner_uuid:, redirect_to_user_uuid:)
raise PermissionDeniedError if !current_user.andand.is_admin
raise "not implemented" if !redirect_to_user_uuid
transaction(requires_new: true) do
reload
+ raise "cannot merge an already merged user" if self.redirect_to_user_uuid
+
new_user = User.where(uuid: redirect_to_user_uuid).first
raise "user does not exist" if !new_user
- if User.where('uuid in (?) and redirect_to_user_uuid is not null',
- [new_owner_uuid, redirect_to_user_uuid]).any?
- raise "cannot merge to/from an already merged user"
- end
+ raise "cannot merge to an already merged user" if new_user.redirect_to_user_uuid
+
+ # Existing API tokens are updated to authenticate to the new
+ # user.
ApiClientAuthorization.
where(user_id: id).
update_all(user_id: new_user.id)
+
+ # References to the old user UUID in the context of a user ID
+ # (rather than a "home project" in the project hierarchy) are
+ # updated to point to the new user.
[
[AuthorizedKey, :owner_uuid],
[AuthorizedKey, :authorized_user_uuid],
[Repository, :owner_uuid],
+ [Link, :owner_uuid],
[Link, :tail_uuid],
[Link, :head_uuid],
].each do |klass, column|
klass.where(column => uuid).update_all(column => new_user.uuid)
end
- change_all_uuid_refs(old_uuid: uuid, new_uuid: new_owner_uuid)
+
+ # References to the merged user's "home project" are updated to
+ # point to new_owner_uuid.
+ ActiveRecord::Base.descendants.reject(&:abstract_class?).each do |klass|
+ next if [ApiClientAuthorization,
+ AuthorizedKey,
+ Link,
+ Log,
+ Repository].include?(klass)
+ next if !klass.columns.collect(&:name).include?('owner_uuid')
+ klass.where(owner_uuid: uuid).update_all(owner_uuid: new_owner_uuid)
+ end
+
update_attributes!(redirect_to_user_uuid: new_user.uuid)
end
end
commit 6a7c542a065b79f3506b4a21ae5f791d99615efd
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Fri May 4 14:41:39 2018 -0400
12626: Update pg_terminate_backend recipe for PostgreSQL >= 9.2.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/build/run-tests.sh b/build/run-tests.sh
index a050d38..693a434 100755
--- a/build/run-tests.sh
+++ b/build/run-tests.sh
@@ -863,7 +863,7 @@ install_apiserver() {
# is a postgresql superuser.
cd "$WORKSPACE/services/api" \
&& test_database=$(python -c "import yaml; print yaml.load(file('config/database.yml'))['test']['database']") \
- && psql "$test_database" -c "SELECT pg_terminate_backend (pg_stat_activity.procpid::int) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$test_database';" 2>/dev/null
+ && psql "$test_database" -c "SELECT pg_terminate_backend (pg_stat_activity.pid::int) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$test_database';" 2>/dev/null
mkdir -p "$WORKSPACE/services/api/tmp/pids"
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list