[ARVADOS] updated: 1.3.0-2857-g78444f2fb
Git user
git at public.arvados.org
Fri Aug 14 16:08:20 UTC 2020
Summary of changes:
services/api/app/models/arvados_model.rb | 2 --
services/api/app/models/link.rb | 1 +
services/api/test/unit/link_test.rb | 8 ++++++++
3 files changed, 9 insertions(+), 2 deletions(-)
via 78444f2fb480801787e486d4b65198d72ab4fe15 (commit)
via 2580743536835baedf91288dfb3599c0b11a3464 (commit)
from 877689fc26b0b69a94ca525a3bca1ed2236fb4b2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 78444f2fb480801787e486d4b65198d72ab4fe15
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Aug 14 12:07:56 2020 -0400
16683: Add test, remove useless check for PDH pattern
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 18a5c9f24..67794208d 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -758,8 +758,6 @@ class ArvadosModel < ApplicationRecord
if r.where(uuid: attr_value).count == 0
errors.add(attr, "'#{attr_value}' not found")
end
- elsif attr_value =~ Keep::Locator::LOCATOR_REGEXP
- true
else
# Not a valid uuid or PDH, but that (currently) is not an error.
end
diff --git a/services/api/test/unit/link_test.rb b/services/api/test/unit/link_test.rb
index 00f3cc291..c7d21bdc4 100644
--- a/services/api/test/unit/link_test.rb
+++ b/services/api/test/unit/link_test.rb
@@ -58,6 +58,14 @@ class LinkTest < ActiveSupport::TestCase
users(:active).uuid.sub(/-\w+$/, "-#{'z' * 15}"))
end
+ test "link granting permission to remote user is valid" do
+ refute new_active_link_valid?(tail_uuid:
+ users(:active).uuid.sub(/^\w+-/, "foooo-"))
+ Rails.configuration.RemoteClusters = Rails.configuration.RemoteClusters.merge({foooo: ActiveSupport::InheritableOptions.new({Host: "bar.com"})})
+ assert new_active_link_valid?(tail_uuid:
+ users(:active).uuid.sub(/^\w+-/, "foooo-"))
+ end
+
test "link granting non-project permission to unreadable user is invalid" do
refute new_active_link_valid?(tail_uuid: users(:admin).uuid,
head_uuid: collections(:bar_file).uuid)
commit 2580743536835baedf91288dfb3599c0b11a3464
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Aug 14 09:57:53 2020 -0400
16683: Check that remote cluster id is presumed valid
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/app/models/link.rb b/services/api/app/models/link.rb
index 7f4433dd7..0d7334e44 100644
--- a/services/api/app/models/link.rb
+++ b/services/api/app/models/link.rb
@@ -48,6 +48,7 @@ class Link < ArvadosModel
!attr_value.nil? &&
self.link_class == 'permission' &&
attr_value[0..4] != Rails.configuration.ClusterID &&
+ ApiClientAuthorization.remote_host(uuid_prefix: attr_value[0..4]) &&
ArvadosModel::resource_class_for_uuid(attr_value) == User
# Permission link tail is a remote user (the user permissions
# are being granted to), so bypass the standard check that a
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list