1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
6 require "arvados/collection"
9 class CollectionsController < ApplicationController
10 include ActionController::Live
12 skip_around_filter :require_thread_api_token, if: proc { |ctrl|
13 Rails.configuration.anonymous_user_token and
14 'show' == ctrl.action_name
16 skip_around_filter(:require_thread_api_token,
17 only: [:show_file, :show_file_links])
18 skip_before_filter(:find_object_by_uuid,
19 only: [:provenance, :show_file, :show_file_links])
20 # We depend on show_file to display the user agreement:
21 skip_before_filter :check_user_agreements, only: :show_file
22 skip_before_filter :check_user_profile, only: :show_file
27 panes = %w(Files Upload Tags Provenance_graph Used_by Advanced)
28 panes = panes - %w(Upload) unless (@object.editable? rescue false)
34 when 'persistent', 'cache'
35 persist_links = Link.filter([['owner_uuid', '=', current_user.uuid],
36 ['link_class', '=', 'resources'],
37 ['name', '=', 'wants'],
38 ['tail_uuid', '=', current_user.uuid],
39 ['head_uuid', '=', @object.uuid]])
40 logger.debug persist_links.inspect
42 return unprocessable "Invalid value #{value.inspect}"
44 if params[:value] == 'persistent'
45 if not persist_links.any?
46 Link.create(link_class: 'resources',
48 tail_uuid: current_user.uuid,
49 head_uuid: @object.uuid)
52 persist_links.each do |link|
58 f.json { render json: @object }
63 # API server index doesn't return manifest_text by default, but our
64 # callers want it unless otherwise specified.
65 @select ||= Collection.columns.map(&:name)
66 base_search = Collection.select(@select)
67 if params[:search].andand.length.andand > 0
68 tags = Link.where(any: ['contains', params[:search]])
69 @objects = (base_search.where(uuid: tags.collect(&:head_uuid)) |
70 base_search.where(any: ['contains', params[:search]])).
74 limit = params[:limit].to_i
80 offset = params[:offset].to_i
85 @objects = base_search.limit(limit).offset(offset)
87 @links = Link.where(head_uuid: @objects.collect(&:uuid))
90 @collection_info[c.uuid] = {
99 @collection_info[link.head_uuid] ||= {}
100 info = @collection_info[link.head_uuid]
103 info[:tag_links] << link
106 info[:wanted_by_me] ||= link.tail_uuid == current_user.uuid
108 info[:provenance] << link.name
112 @request_url = request.url
118 Thread.current[:reader_tokens] = [params[:reader_token]]
119 return if false.equal?(find_object_by_uuid)
124 # We pipe from arv-get to send the file to the user. Before we start it,
125 # we ask the API server if the file actually exists. This serves two
126 # purposes: it lets us return a useful status code for common errors, and
127 # helps us figure out which token to provide to arv-get.
128 # The order of searched tokens is important: because the anonymous user
129 # token is passed along with every API request, we have to check it first.
130 # Otherwise, it's impossible to know whether any other request succeeded
131 # because of the reader token.
133 tokens = [(Rails.configuration.anonymous_user_token || nil),
134 params[:reader_token],
135 Thread.current[:arvados_api_token]].compact
136 usable_token = find_usable_token(tokens) do
137 coll = Collection.find(params[:uuid])
140 # Response already rendered.
144 # If we are configured to use a keep-web server, just redirect to
145 # the appropriate URL.
146 if Rails.configuration.keep_web_url or
147 Rails.configuration.keep_web_download_url
149 if usable_token == params[:reader_token]
150 opts[:path_token] = usable_token
151 elsif usable_token == Rails.configuration.anonymous_user_token
152 # Don't pass a token at all
154 # We pass the current user's real token only if it's necessary
155 # to read the collection.
156 opts[:query_token] = usable_token
158 opts[:disposition] = params[:disposition] if params[:disposition]
159 return redirect_to keep_web_url(params[:uuid], params[:file], opts)
162 # No keep-web server available. Get the file data with arv-get,
163 # and serve it through Rails.
165 file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
166 if file_name.nil? or not coll.manifest.has_file?(file_name)
167 return render_not_found
170 opts = params.merge(arvados_api_token: usable_token)
172 # Handle Range requests. Currently we support only 'bytes=0-....'
173 if request.headers.include? 'HTTP_RANGE'
174 if m = /^bytes=0-(\d+)/.match(request.headers['HTTP_RANGE'])
175 opts[:maxbytes] = m[1]
176 size = params[:size] || '*'
177 self.response.status = 206
178 self.response.headers['Content-Range'] = "bytes 0-#{m[1]}/#{size}"
182 ext = File.extname(params[:file])
183 self.response.headers['Content-Type'] =
184 Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
186 size = params[:size].to_i
188 size = [size, opts[:maxbytes].to_i].min
190 self.response.headers['Content-Length'] = size.to_s
192 self.response.headers['Content-Disposition'] = params[:disposition] if params[:disposition]
194 file_enumerator(opts).each do |bytes|
195 response.stream.write bytes
198 response.stream.close
203 ["GET /arvados/v1/collections/#{@object.uuid}", "GET /arvados/v1/collections/#{@object.uuid}/", "GET /arvados/v1/keep_services/accessible"]
208 ApiClientAuthorization.filter([['scopes', '=', sharing_scopes]]).results
209 rescue ArvadosApiClient::AccessForbiddenException
214 def find_object_by_uuid
215 if not Keep::Locator.parse params[:id]
221 return super if !@object
225 if params["tab_pane"] == "Provenance_graph"
226 @prov_svg = ProvenanceHelper::create_provenance_graph(@object.provenance, "provenance_svg",
227 {:request => request,
228 :direction => :top_down,
229 :combine_jobs => :script_only}) rescue nil
233 if Keep::Locator.parse params["uuid"]
234 @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
235 if @same_pdh.results.size == 1
236 redirect_to collection_path(@same_pdh[0]["uuid"])
239 owners = @same_pdh.map(&:owner_uuid).to_a.uniq
240 preload_objects_for_dataclass Group, owners
241 preload_objects_for_dataclass User, owners
242 uuids = @same_pdh.map(&:uuid).to_a.uniq
243 preload_links_for_objects uuids
244 render 'hash_matches'
247 if Job.api_exists?(:index)
248 jobs_with = lambda do |conds|
249 Job.limit(RELATION_LIMIT).where(conds)
250 .results.sort_by { |j| j.finished_at || j.created_at }
252 @output_of = jobs_with.call(output: @object.portable_data_hash)
253 @log_of = jobs_with.call(log: @object.portable_data_hash)
256 @project_links = Link.limit(RELATION_LIMIT).order("modified_at DESC")
257 .where(head_uuid: @object.uuid, link_class: 'name').results
258 project_hash = Group.where(uuid: @project_links.map(&:tail_uuid)).to_hash
259 @projects = project_hash.values
261 @permissions = Link.limit(RELATION_LIMIT).order("modified_at DESC")
262 .where(head_uuid: @object.uuid, link_class: 'permission',
263 name: 'can_read').results
264 @search_sharing = search_scopes
266 if params["tab_pane"] == "Used_by"
267 @used_by_svg = ProvenanceHelper::create_provenance_graph(@object.used_by, "used_by_svg",
268 {:request => request,
269 :direction => :top_down,
270 :combine_jobs => :script_only,
271 :pdata_only => true}) rescue nil
279 @search_sharing = search_scopes
280 render("sharing_popup.js", content_type: "text/javascript")
283 helper_method :download_link
286 collections_url + "/download/#{@object.uuid}/#{@search_sharing.first.api_token}/"
290 ApiClientAuthorization.create(scopes: sharing_scopes)
295 search_scopes.each do |s|
301 def remove_selected_files
302 uuids, source_paths = selected_collection_files params
304 arv_coll = Arv::Collection.new(@object.manifest_text)
305 source_paths[uuids[0]].each do |p|
309 if @object.update_attributes manifest_text: arv_coll.manifest_text
312 self.render_error status: 422
317 updated_attr = params[:collection].each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
319 if updated_attr.size > 0
321 file_path = updated_attr[0][0].split('rename-file-path:')[-1]
323 new_file_path = updated_attr[0][1]
324 if new_file_path.start_with?('./')
326 elsif new_file_path.start_with?('/')
327 new_file_path = '.' + new_file_path
329 new_file_path = './' + new_file_path
332 arv_coll = Arv::Collection.new(@object.manifest_text)
334 if arv_coll.exist?(new_file_path)
335 @errors = 'Duplicate file path. Please use a different name.'
336 self.render_error status: 422
338 arv_coll.rename "./"+file_path, new_file_path
340 if @object.update_attributes manifest_text: arv_coll.manifest_text
343 self.render_error status: 422
347 # Not a file rename; use default
357 tags_param = params['tag_data']
359 if tags_param.is_a?(String) && tags_param == "empty"
367 if @object.update_attributes properties: tags
371 self.render_error status: 422
378 def find_usable_token(token_list)
379 # Iterate over every given token to make it the current token and
380 # yield the given block.
381 # If the block succeeds, return the token it used.
382 # Otherwise, render an error response based on the most specific
383 # error we encounter, and return nil.
384 most_specific_error = [401]
385 token_list.each do |api_token|
387 # We can't load the corresponding user, because the token may not
388 # be scoped for that.
389 using_specific_api_token(api_token, load_user: false) do
393 rescue ArvadosApiClient::ApiError => error
394 if error.api_status >= most_specific_error.first
395 most_specific_error = [error.api_status, error]
399 case most_specific_error.shift
403 render_not_found(*most_specific_error)
408 def keep_web_url(uuid_or_pdh, file, opts)
409 munged_id = uuid_or_pdh.sub('+', '-')
410 fmt = {uuid_or_pdh: munged_id}
412 tmpl = Rails.configuration.keep_web_url
413 if Rails.configuration.keep_web_download_url and
414 (!tmpl or opts[:disposition] == 'attachment')
415 # Prefer the attachment-only-host when we want an attachment
416 # (and when there is no preview link configured)
417 tmpl = Rails.configuration.keep_web_download_url
418 elsif not Rails.configuration.trust_all_content
419 check_uri = URI.parse(tmpl % fmt)
420 if opts[:query_token] and
421 not check_uri.host.start_with?(munged_id + "--") and
422 not check_uri.host.start_with?(munged_id + ".")
423 # We're about to pass a token in the query string, but
424 # keep-web can't accept that safely at a single-origin URL
425 # template (unless it's -attachment-only-host).
426 tmpl = Rails.configuration.keep_web_download_url
428 raise ArgumentError, "Download precluded by site configuration"
430 logger.warn("Using download link, even though inline content " \
431 "was requested: #{check_uri.to_s}")
435 if tmpl == Rails.configuration.keep_web_download_url
436 # This takes us to keep-web's -attachment-only-host so there is
437 # no need to add ?disposition=attachment.
438 opts.delete :disposition
441 uri = URI.parse(tmpl % fmt)
442 uri.path += '/' unless uri.path.end_with? '/'
444 uri.path += 't=' + opts[:path_token] + '/'
447 uri.path += URI.escape(file)
449 query = Hash[URI.decode_www_form(uri.query || '')]
450 { query_token: 'api_token',
451 disposition: 'disposition' }.each do |opt, param|
453 query[param] = opts[opt]
457 uri.query = URI.encode_www_form(query)
463 # Note: several controller and integration tests rely on stubbing
464 # file_enumerator to return fake file content.
465 def file_enumerator opts
466 FileStreamer.new opts
470 include ArvadosApiClientHelper
471 def initialize(opts={})
475 return unless @opts[:uuid] && @opts[:file]
480 u = URI.parse(arvados_api_client.arvados_v1_base)
481 env['ARVADOS_API_HOST'] = "#{u.host}:#{u.port}"
482 env['ARVADOS_API_TOKEN'] = @opts[:arvados_api_token]
483 env['ARVADOS_API_HOST_INSECURE'] = "true" if Rails.configuration.arvados_insecure_https
485 bytesleft = @opts[:maxbytes].andand.to_i || 2**16
486 io = IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"], 'rb')
487 while bytesleft > 0 && (buf = io.read([bytesleft, 2**16].min)) != nil
488 # shrink the bytesleft count, if we were given a maximum byte
490 if @opts.include? :maxbytes
491 bytesleft = bytesleft - buf.length
496 # "If ios is opened by IO.popen, close sets $?."
497 # http://www.ruby-doc.org/core-2.1.3/IO.html#method-i-close
498 Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: #{$?}") if $? != 0