1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 class Arvados::V1::LinksController < ApplicationController
7 def check_uuid_kind uuid, kind
8 if kind and ArvadosModel::resource_class_for_uuid(uuid).andand.kind != kind
9 send_error("'#{kind}' does not match uuid '#{uuid}', expected '#{ArvadosModel::resource_class_for_uuid(uuid).andand.kind}'",
18 return if ! check_uuid_kind resource_attrs[:head_uuid], resource_attrs[:head_kind]
19 return if ! check_uuid_kind resource_attrs[:tail_uuid], resource_attrs[:tail_kind]
21 resource_attrs.delete :head_kind
22 resource_attrs.delete :tail_kind
27 if current_user.andand.can?(manage: @object)
28 # find all links and return them
29 @objects = Link.unscoped.where(link_class: "permission",
30 head_uuid: params[:uuid])
32 @limit = @objects.count
35 render :json => { errors: ['Forbidden'] }.to_json, status: 403
41 def find_object_by_uuid
42 if params[:id] && params[:id].match(/\D/)
43 params[:uuid] = params.delete :id
45 if action_name == 'get_permissions'
46 # get_permissions accepts a UUID for any kind of object.
47 @object = ArvadosModel::resource_class_for_uuid(params[:uuid])
48 .readable_by(*@read_users)
49 .where(uuid: params[:uuid])
54 # The usual permission-filtering index query is unnecessarily
55 # inefficient, and doesn't match all permission links that
56 # should be visible (see #18865). Instead, we look up the link
57 # by UUID, then check whether (a) its tail_uuid is the current
58 # user or (b) its head_uuid is an object the current_user
60 link = Link.unscoped.where(uuid: params[:uuid]).first
61 if link && link.link_class != 'permission'
62 # Not a permission link. Re-fetch using generic
63 # permission-filtering query.
65 elsif link && (current_user.uuid == link.tail_uuid ||
66 current_user.can?(manage: link.head_uuid))
70 # Permission denied, i.e., link is invisible => 404.
76 # Overrides ApplicationController load_where_param
80 # head_kind and tail_kind columns are now virtual,
81 # equivalent functionality is now provided by
82 # 'is_a', so fix up any old-style 'where' clauses.
86 @filters << ['head_uuid', 'is_a', @where[:head_kind]]
87 @where.delete :head_kind
90 @filters << ['tail_uuid', 'is_a', @where[:tail_kind]]
91 @where.delete :tail_kind
96 # Overrides ApplicationController load_filters_param
97 def load_filters_param
100 # head_kind and tail_kind columns are now virtual,
101 # equivalent functionality is now provided by
102 # 'is_a', so fix up any old-style 'filter' clauses.
103 @filters = @filters.map do |k|
104 if k[0] == 'head_kind' and k[1] == '='
105 ['head_uuid', 'is_a', k[2]]
106 elsif k[0] == 'tail_kind' and k[1] == '='
107 ['tail_uuid', 'is_a', k[2]]
113 # If the provided filters are enough to limit the results to
114 # permission links with specific head_uuids or
115 # tail_uuid=current_user, bypass the normal readable_by query
116 # (which doesn't match all can_manage-able items, see #18865) --
117 # just ensure the current user actually has can_manage permission
118 # for the provided head_uuids, removing any that don't. At that
119 # point the caller's filters are an effective permission filter.
120 if @filters.include?(['link_class', '=', 'permission'])
122 if k[0] == 'tail_uuid' && k[1] == '=' && k[2] == current_user.uuid
123 @objects = Link.unscoped
124 elsif k[0] == 'head_uuid'
125 if k[1] == '=' && current_user.can?(manage: k[2])
126 @objects = Link.unscoped
128 # Modify the filter operand element (k[2]) in place,
129 # removing any non-permitted UUIDs.
130 k[2].select! do |head_uuid|
131 current_user.can?(manage: head_uuid)
133 @objects = Link.unscoped