airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject airavata-php-gateway git commit: AIRAVATA-2223 Only load project when owned by user
Date Thu, 26 Jan 2017 21:04:03 GMT
Repository: airavata-php-gateway
Updated Branches:
  refs/heads/develop dc971cb41 -> 9b300d66c


AIRAVATA-2223 Only load project when owned by user


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/9b300d66
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/9b300d66
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/9b300d66

Branch: refs/heads/develop
Commit: 9b300d66c9e0f3bc27c1cf5cb7e04a1365c3c21c
Parents: dc971cb
Author: Marcus Christie <machrist@iu.edu>
Authored: Thu Jan 26 16:03:15 2017 -0500
Committer: Marcus Christie <machrist@iu.edu>
Committed: Thu Jan 26 16:03:15 2017 -0500

----------------------------------------------------------------------
 app/controllers/ExperimentController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9b300d66/app/controllers/ExperimentController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php
index 29004d1..bd214bf 100755
--- a/app/controllers/ExperimentController.php
+++ b/app/controllers/ExperimentController.php
@@ -144,7 +144,11 @@ class ExperimentController extends BaseController
             if (SharingUtilities::userCanRead(Session::get("username"), $experiment->projectId,
ResourceType::PROJECT)) {
                 $project = ProjectUtilities::get_project($experiment->projectId);
             }
-        } else {
+        } elseif ($experiment->userName == Session::get("username")){
+            // When sharing is disabled the backend checks the auth token claims map
+            // to make sure the authenticating user is the same as the project
+            // owner. So the project can only be loaded when the user is the
+            // project owner, which can be inferred from the experiment's owner.
             $project = ProjectUtilities::get_project($experiment->projectId);
         }
         $expVal = ExperimentUtilities::get_experiment_values($experiment);


Mime
View raw message