projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Arvados-DCO-1.1-Signed-off-by: Radhika Chippada <radhika@curoverse.com>
[arvados.git] / apps / workbench / app / controllers / collections_controller.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 require "arvados/keep"
6 require "arvados/collection"
7 require "uri"
8
9 class CollectionsController < ApplicationController
10   include ActionController::Live
11
12   skip_around_filter :require_thread_api_token, if: proc { |ctrl|
13     Rails.configuration.anonymous_user_token and
14     'show' == ctrl.action_name
15   }
16   skip_around_filter(:require_thread_api_token,
17                      only: [:show_file, :show_file_links])
18   skip_before_filter(:find_object_by_uuid,
19                      only: [:provenance, :show_file, :show_file_links])
20   # We depend on show_file to display the user agreement:
21   skip_before_filter :check_user_agreements, only: :show_file
22   skip_before_filter :check_user_profile, only: :show_file
23
24   RELATION_LIMIT = 5
25
26   def show_pane_list
27     panes = %w(Files Upload Tags Provenance_graph Used_by Advanced)
28     panes = panes - %w(Upload) unless (@object.editable? rescue false)
29     panes
30   end
31
32   def set_persistent
33     case params[:value]
34     when 'persistent', 'cache'
35       persist_links = Link.filter([['owner_uuid', '=', current_user.uuid],
36                                    ['link_class', '=', 'resources'],
37                                    ['name', '=', 'wants'],
38                                    ['tail_uuid', '=', current_user.uuid],
39                                    ['head_uuid', '=', @object.uuid]])
40       logger.debug persist_links.inspect
41     else
42       return unprocessable "Invalid value #{value.inspect}"
43     end
44     if params[:value] == 'persistent'
45       if not persist_links.any?
46         Link.create(link_class: 'resources',
47                     name: 'wants',
48                     tail_uuid: current_user.uuid,
49                     head_uuid: @object.uuid)
50       end
51     else
52       persist_links.each do |link|
53         link.destroy || raise
54       end
55     end
56
57     respond_to do |f|
58       f.json { render json: @object }
59     end
60   end
61
62   def index
63     # API server index doesn't return manifest_text by default, but our
64     # callers want it unless otherwise specified.
65     @select ||= Collection.columns.map(&:name)
66     base_search = Collection.select(@select)
67     if params[:search].andand.length.andand > 0
68       tags = Link.where(any: ['contains', params[:search]])
69       @objects = (base_search.where(uuid: tags.collect(&:head_uuid)) |
70                       base_search.where(any: ['contains', params[:search]])).
71         uniq { |c| c.uuid }
72     else
73       if params[:limit]
74         limit = params[:limit].to_i
75       else
76         limit = 100
77       end
78
79       if params[:offset]
80         offset = params[:offset].to_i
81       else
82         offset = 0
83       end
84
85       @objects = base_search.limit(limit).offset(offset)
86     end
87     @links = Link.where(head_uuid: @objects.collect(&:uuid))
88     @collection_info = {}
89     @objects.each do |c|
90       @collection_info[c.uuid] = {
91         tag_links: [],
92         wanted: false,
93         wanted_by_me: false,
94         provenance: [],
95         links: []
96       }
97     end
98     @links.each do |link|
99       @collection_info[link.head_uuid] ||= {}
100       info = @collection_info[link.head_uuid]
101       case link.link_class
102       when 'tag'
103         info[:tag_links] << link
104       when 'resources'
105         info[:wanted] = true
106         info[:wanted_by_me] ||= link.tail_uuid == current_user.uuid
107       when 'provenance'
108         info[:provenance] << link.name
109       end
110       info[:links] << link
111     end
112     @request_url = request.url
113
114     render_index
115   end
116
117   def show_file_links
118     Thread.current[:reader_tokens] = [params[:reader_token]]
119     return if false.equal?(find_object_by_uuid)
120     render layout: false
121   end
122
123   def show_file
124     # We pipe from arv-get to send the file to the user.  Before we start it,
125     # we ask the API server if the file actually exists.  This serves two
126     # purposes: it lets us return a useful status code for common errors, and
127     # helps us figure out which token to provide to arv-get.
128     # The order of searched tokens is important: because the anonymous user
129     # token is passed along with every API request, we have to check it first.
130     # Otherwise, it's impossible to know whether any other request succeeded
131     # because of the reader token.
132     coll = nil
133     tokens = [(Rails.configuration.anonymous_user_token || nil),
134               params[:reader_token],
135               Thread.current[:arvados_api_token]].compact
136     usable_token = find_usable_token(tokens) do
137       coll = Collection.find(params[:uuid])
138     end
139     if usable_token.nil?
140       # Response already rendered.
141       return
142     end
143
144     # If we are configured to use a keep-web server, just redirect to
145     # the appropriate URL.
146     if Rails.configuration.keep_web_url or
147         Rails.configuration.keep_web_download_url
148       opts = {}
149       if usable_token == params[:reader_token]
150         opts[:path_token] = usable_token
151       elsif usable_token == Rails.configuration.anonymous_user_token
152         # Don't pass a token at all
153       else
154         # We pass the current user's real token only if it's necessary
155         # to read the collection.
156         opts[:query_token] = usable_token
157       end
158       opts[:disposition] = params[:disposition] if params[:disposition]
159       return redirect_to keep_web_url(params[:uuid], params[:file], opts)
160     end
161
162     # No keep-web server available. Get the file data with arv-get,
163     # and serve it through Rails.
164
165     file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
166     if file_name.nil? or not coll.manifest.has_file?(file_name)
167       return render_not_found
168     end
169
170     opts = params.merge(arvados_api_token: usable_token)
171
172     # Handle Range requests. Currently we support only 'bytes=0-....'
173     if request.headers.include? 'HTTP_RANGE'
174       if m = /^bytes=0-(\d+)/.match(request.headers['HTTP_RANGE'])
175         opts[:maxbytes] = m[1]
176         size = params[:size] || '*'
177         self.response.status = 206
178         self.response.headers['Content-Range'] = "bytes 0-#{m[1]}/#{size}"
179       end
180     end
181
182     ext = File.extname(params[:file])
183     self.response.headers['Content-Type'] =
184       Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
185     if params[:size]
186       size = params[:size].to_i
187       if opts[:maxbytes]
188         size = [size, opts[:maxbytes].to_i].min
189       end
190       self.response.headers['Content-Length'] = size.to_s
191     end
192     self.response.headers['Content-Disposition'] = params[:disposition] if params[:disposition]
193     begin
194       file_enumerator(opts).each do |bytes|
195         response.stream.write bytes
196       end
197     ensure
198       response.stream.close
199     end
200   end
201
202   def sharing_scopes
203     ["GET /arvados/v1/collections/#{@object.uuid}", "GET /arvados/v1/collections/#{@object.uuid}/", "GET /arvados/v1/keep_services/accessible"]
204   end
205
206   def search_scopes
207     begin
208       ApiClientAuthorization.filter([['scopes', '=', sharing_scopes]]).results
209     rescue ArvadosApiClient::AccessForbiddenException
210       nil
211     end
212   end
213
214   def find_object_by_uuid
215     if not Keep::Locator.parse params[:id]
216       super
217     end
218   end
219
220   def show
221     return super if !@object
222
223     @logs = []
224
225     if params["tab_pane"] == "Provenance_graph"
226       @prov_svg = ProvenanceHelper::create_provenance_graph(@object.provenance, "provenance_svg",
227                                                             {:request => request,
228                                                              :direction => :top_down,
229                                                              :combine_jobs => :script_only}) rescue nil
230     end
231
232     if current_user
233       if Keep::Locator.parse params["uuid"]
234         @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
235         if @same_pdh.results.size == 1
236           redirect_to collection_path(@same_pdh[0]["uuid"])
237           return
238         end
239         owners = @same_pdh.map(&:owner_uuid).to_a.uniq
240         preload_objects_for_dataclass Group, owners
241         preload_objects_for_dataclass User, owners
242         uuids = @same_pdh.map(&:uuid).to_a.uniq
243         preload_links_for_objects uuids
244         render 'hash_matches'
245         return
246       else
247         if Job.api_exists?(:index)
248           jobs_with = lambda do |conds|
249             Job.limit(RELATION_LIMIT).where(conds)
250               .results.sort_by { |j| j.finished_at || j.created_at }
251           end
252           @output_of = jobs_with.call(output: @object.portable_data_hash)
253           @log_of = jobs_with.call(log: @object.portable_data_hash)
254         end
255
256         @project_links = Link.limit(RELATION_LIMIT).order("modified_at DESC")
257           .where(head_uuid: @object.uuid, link_class: 'name').results
258         project_hash = Group.where(uuid: @project_links.map(&:tail_uuid)).to_hash
259         @projects = project_hash.values
260
261         @permissions = Link.limit(RELATION_LIMIT).order("modified_at DESC")
262           .where(head_uuid: @object.uuid, link_class: 'permission',
263                  name: 'can_read').results
264         @search_sharing = search_scopes
265
266         if params["tab_pane"] == "Used_by"
267           @used_by_svg = ProvenanceHelper::create_provenance_graph(@object.used_by, "used_by_svg",
268                                                                    {:request => request,
269                                                                     :direction => :top_down,
270                                                                     :combine_jobs => :script_only,
271                                                                     :pdata_only => true}) rescue nil
272         end
273       end
274     end
275     super
276   end
277
278   def sharing_popup
279     @search_sharing = search_scopes
280     render("sharing_popup.js", content_type: "text/javascript")
281   end
282
283   helper_method :download_link
284
285   def download_link
286     collections_url + "/download/#{@object.uuid}/#{@search_sharing.first.api_token}/"
287   end
288
289   def share
290     ApiClientAuthorization.create(scopes: sharing_scopes)
291     sharing_popup
292   end
293
294   def unshare
295     search_scopes.each do |s|
296       s.destroy
297     end
298     sharing_popup
299   end
300
301   def remove_selected_files
302     uuids, source_paths = selected_collection_files params
303
304     arv_coll = Arv::Collection.new(@object.manifest_text)
305     source_paths[uuids[0]].each do |p|
306       arv_coll.rm "."+p
307     end
308
309     if @object.update_attributes manifest_text: arv_coll.manifest_text
310       show
311     else
312       self.render_error status: 422
313     end
314   end
315
316   def update
317     updated_attr = params[:collection].each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
318
319     if updated_attr.size > 0
320       # Is it file rename?
321       file_path = updated_attr[0][0].split('rename-file-path:')[-1]
322
323       new_file_path = updated_attr[0][1]
324       if new_file_path.start_with?('./')
325         # looks good
326       elsif new_file_path.start_with?('/')
327         new_file_path = '.' + new_file_path
328       else
329         new_file_path = './' + new_file_path
330       end
331
332       arv_coll = Arv::Collection.new(@object.manifest_text)
333
334       if arv_coll.exist?(new_file_path)
335         @errors = 'Duplicate file path. Please use a different name.'
336         self.render_error status: 422
337       else
338         arv_coll.rename "./"+file_path, new_file_path
339
340         if @object.update_attributes manifest_text: arv_coll.manifest_text
341           show
342         else
343           self.render_error status: 422
344         end
345       end
346     else
347       # Not a file rename; use default
348       super
349     end
350   end
351
352   def tags
353     render
354   end
355
356   def save_tags
357     tags_param = params['tag_data']
358     if tags_param
359       if tags_param.is_a?(String) && tags_param == "empty"
360         tags = {}
361       else
362         tags = tags_param
363       end
364     end
365
366     if tags
367       if @object.update_attributes properties: tags
368         @saved_tags = true
369         render
370       else
371         self.render_error status: 422
372       end
373     end
374   end
375
376   protected
377
378   def find_usable_token(token_list)
379     # Iterate over every given token to make it the current token and
380     # yield the given block.
381     # If the block succeeds, return the token it used.
382     # Otherwise, render an error response based on the most specific
383     # error we encounter, and return nil.
384     most_specific_error = [401]
385     token_list.each do |api_token|
386       begin
387         # We can't load the corresponding user, because the token may not
388         # be scoped for that.
389         using_specific_api_token(api_token, load_user: false) do
390           yield
391           return api_token
392         end
393       rescue ArvadosApiClient::ApiError => error
394         if error.api_status >= most_specific_error.first
395           most_specific_error = [error.api_status, error]
396         end
397       end
398     end
399     case most_specific_error.shift
400     when 401, 403
401       redirect_to_login
402     when 404
403       render_not_found(*most_specific_error)
404     end
405     return nil
406   end
407
408   def keep_web_url(uuid_or_pdh, file, opts)
409     munged_id = uuid_or_pdh.sub('+', '-')
410     fmt = {uuid_or_pdh: munged_id}
411
412     tmpl = Rails.configuration.keep_web_url
413     if Rails.configuration.keep_web_download_url and
414         (!tmpl or opts[:disposition] == 'attachment')
415       # Prefer the attachment-only-host when we want an attachment
416       # (and when there is no preview link configured)
417       tmpl = Rails.configuration.keep_web_download_url
418     elsif not Rails.configuration.trust_all_content
419       check_uri = URI.parse(tmpl % fmt)
420       if opts[:query_token] and
421           not check_uri.host.start_with?(munged_id + "--") and
422           not check_uri.host.start_with?(munged_id + ".")
423         # We're about to pass a token in the query string, but
424         # keep-web can't accept that safely at a single-origin URL
425         # template (unless it's -attachment-only-host).
426         tmpl = Rails.configuration.keep_web_download_url
427         if not tmpl
428           raise ArgumentError, "Download precluded by site configuration"
429         end
430         logger.warn("Using download link, even though inline content " \
431                     "was requested: #{check_uri.to_s}")
432       end
433     end
434
435     if tmpl == Rails.configuration.keep_web_download_url
436       # This takes us to keep-web's -attachment-only-host so there is
437       # no need to add ?disposition=attachment.
438       opts.delete :disposition
439     end
440
441     uri = URI.parse(tmpl % fmt)
442     uri.path += '/' unless uri.path.end_with? '/'
443     if opts[:path_token]
444       uri.path += 't=' + opts[:path_token] + '/'
445     end
446     uri.path += '_/'
447     uri.path += URI.escape(file)
448
449     query = Hash[URI.decode_www_form(uri.query || '')]
450     { query_token: 'api_token',
451       disposition: 'disposition' }.each do |opt, param|
452       if opts.include? opt
453         query[param] = opts[opt]
454       end
455     end
456     unless query.empty?
457       uri.query = URI.encode_www_form(query)
458     end
459
460     uri.to_s
461   end
462
463   # Note: several controller and integration tests rely on stubbing
464   # file_enumerator to return fake file content.
465   def file_enumerator opts
466     FileStreamer.new opts
467   end
468
469   class FileStreamer
470     include ArvadosApiClientHelper
471     def initialize(opts={})
472       @opts = opts
473     end
474     def each
475       return unless @opts[:uuid] && @opts[:file]
476
477       env = Hash[ENV].dup
478
479       require 'uri'
480       u = URI.parse(arvados_api_client.arvados_v1_base)
481       env['ARVADOS_API_HOST'] = "#{u.host}:#{u.port}"
482       env['ARVADOS_API_TOKEN'] = @opts[:arvados_api_token]
483       env['ARVADOS_API_HOST_INSECURE'] = "true" if Rails.configuration.arvados_insecure_https
484
485       bytesleft = @opts[:maxbytes].andand.to_i || 2**16
486       io = IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"], 'rb')
487       while bytesleft > 0 && (buf = io.read([bytesleft, 2**16].min)) != nil
488         # shrink the bytesleft count, if we were given a maximum byte
489         # count to read
490         if @opts.include? :maxbytes
491           bytesleft = bytesleft - buf.length
492         end
493         yield buf
494       end
495       io.close
496       # "If ios is opened by IO.popen, close sets $?."
497       # http://www.ruby-doc.org/core-2.1.3/IO.html#method-i-close
498       Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: #{$?}") if $? != 0
499     end
500   end
501 end