[ARVADOS] updated: 1.3.0-2542-geddba1916

Git user git at public.arvados.org
Wed May 6 19:41:44 UTC 2020 

Summary of changes:
 services/api/app/controllers/arvados/v1/users_controller.rb |  7 ++++---
 services/api/app/models/user.rb                             | 11 ++++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

       via  eddba1916c4667a3de89f632b2b840dbc1d281fc (commit)
      from  95e9d44b567a92664939f0f89bd45eedd6db67ab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit eddba1916c4667a3de89f632b2b840dbc1d281fc
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Wed May 6 15:39:30 2020 -0400

    16387: Allow setting is_active=false only on LoginCluster users.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 62da35ae8..867b9a6e6 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -54,9 +54,10 @@ class Arvados::V1::UsersController < ApplicationController
       @object = current_user
     end
     if not @object.is_active
-      if @object.uuid[0..4] != Rails.configuration.ClusterID
-        logger.warn "Remote user #{@object.uuid} called users.activate"
-        raise ArgumentError.new "cannot activate remote account"
+      if @object.uuid[0..4] == Rails.configuration.Login.LoginCluster &&
+         @object.uuid[0..4] != Rails.configuration.ClusterID
+        logger.warn "Local user #{@object.uuid} called users#activate but only LoginCluster can do that"
+        raise ArgumentError.new "cannot activate user #{@object.uuid} here, only the #{@object.uuid[0..4]} cluster can do that"
       elsif not (current_user.is_admin or @object.is_invited)
         logger.warn "User #{@object.uuid} called users.activate " +
           "but is not invited"
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index ba451eb18..c3641b64e 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -238,10 +238,15 @@ class User < ArvadosModel
   end
 
   def must_unsetup_to_deactivate
-    if self.is_active_changed? &&
+    if !self.new_record? &&
+       self.uuid[0..4] == Rails.configuration.Login.LoginCluster &&
+       self.uuid[0..4] != Rails.configuration.ClusterID
+      # OK to update our local record to whatever the LoginCluster
+      # reports, because self-activate is not allowed.
+      return
+    elsif self.is_active_changed? &&
        self.is_active_was &&
-       !self.is_active &&
-       self.uuid[0..4] == Rails.configuration.ClusterID
+       !self.is_active
 
       group = Group.where(name: 'All users').select do |g|
         g[:uuid].match(/-f+$/)

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list