[ARVADOS] updated: 1.3.0-2388-g1ea668718
Git user
git at public.arvados.org
Tue Mar 31 21:12:43 UTC 2020
Summary of changes:
services/api/app/controllers/application_controller.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
via 1ea6687187c259c726d1525845323f51ef3a8017 (commit)
from 60b966e8d07eab537d1855c455d477fc57ee6734 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 1ea6687187c259c726d1525845323f51ef3a8017
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Tue Mar 31 17:12:31 2020 -0400
16263: Fix only_admin_can_bypass_federation
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index a3435d0b6..83a233cd5 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -141,7 +141,7 @@ class ApplicationController < ActionController::Base
end
def only_admin_can_bypass_federation
- if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+ unless !params[:bypass_federation] || current_user.andand.is_admin
send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
end
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list