1 class Arvados::V1::RepositoriesController < ApplicationController
2 skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
3 skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
4 before_filter :admin_required, :only => :get_all_permissions
5 def get_all_permissions
7 User.includes(:authorized_keys).find_each do |u|
10 admins = @users.select { |k,v| v.is_admin }
13 Repository.includes(:permissions).find_each do |repo|
14 @repo_info[repo.uuid] = {
17 push_url: repo.push_url,
18 fetch_url: repo.fetch_url,
21 gitolite_permissions = ''
23 repo.permissions.each do |perm|
24 if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
25 @users.each do |user_uuid, user|
26 user.group_permissions.each do |group_uuid, perm_mask|
28 perms << {name: 'can_manage', user_uuid: user_uuid}
29 elsif perm_mask[:write]
30 perms << {name: 'can_write', user_uuid: user_uuid}
31 elsif perm_mask[:read]
32 perms << {name: 'can_read', user_uuid: user_uuid}
37 perms << {name: perm.name, user_uuid: perm.tail_uuid}
40 # Owner of the repository, and all admins, can RW
41 ([repo.owner_uuid] + admins.keys).each do |user_uuid|
42 perms << {name: 'can_write', user_uuid: user_uuid}
45 user_uuid = perm[:user_uuid]
46 @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
49 public_key: ak.public_key,
50 authorized_key_uuid: ak.uuid
53 if @user_aks[user_uuid].any?
54 ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
55 ri[perm[:name]] = true
59 @repo_info.values.each do |repo_users|
60 repo_users[:user_permissions].each do |user_uuid,perms|
61 if perms['can_manage']
62 perms[:gitolite_permissions] = 'RW'
63 perms['can_write'] = true
64 perms['can_read'] = true
65 elsif perms['can_write']
66 perms[:gitolite_permissions] = 'RW'
67 perms['can_read'] = true
68 elsif perms['can_read']
69 perms[:gitolite_permissions] = 'R'
73 send_json(kind: 'arvados#RepositoryPermissionSnapshot',
74 repositories: @repo_info.values,