apps/workbench/app/controllers/collections_controller.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 require "arvados/keep"
   6 require "arvados/collection"
   7 require "uri"
   8
   9 class CollectionsController < ApplicationController
  10   include ActionController::Live
  11
  12   skip_around_filter :require_thread_api_token, if: proc { |ctrl|
  13     Rails.configuration.anonymous_user_token and
  14     'show' == ctrl.action_name
  15   }
  16   skip_around_filter(:require_thread_api_token,
  17                      only: [:show_file, :show_file_links])
  18   skip_before_filter(:find_object_by_uuid,
  19                      only: [:provenance, :show_file, :show_file_links])
  20   # We depend on show_file to display the user agreement:
  21   skip_before_filter :check_user_agreements, only: :show_file
  22   skip_before_filter :check_user_profile, only: :show_file
  23
  24   RELATION_LIMIT = 5
  25
  26   def show_pane_list
  27     panes = %w(Files Upload Tags Provenance_graph Used_by Advanced)
  28     panes = panes - %w(Upload) unless (@object.editable? rescue false)
  29     panes
  30   end
  31
  32   def set_persistent
  33     case params[:value]
  34     when 'persistent', 'cache'
  35       persist_links = Link.filter([['owner_uuid', '=', current_user.uuid],
  36                                    ['link_class', '=', 'resources'],
  37                                    ['name', '=', 'wants'],
  38                                    ['tail_uuid', '=', current_user.uuid],
  39                                    ['head_uuid', '=', @object.uuid]])
  40       logger.debug persist_links.inspect
  41     else
  42       return unprocessable "Invalid value #{value.inspect}"
  43     end
  44     if params[:value] == 'persistent'
  45       if not persist_links.any?
  46         Link.create(link_class: 'resources',
  47                     name: 'wants',
  48                     tail_uuid: current_user.uuid,
  49                     head_uuid: @object.uuid)
  50       end
  51     else
  52       persist_links.each do |link|
  53         link.destroy || raise
  54       end
  55     end
  56
  57     respond_to do |f|
  58       f.json { render json: @object }
  59     end
  60   end
  61
  62   def index
  63     # API server index doesn't return manifest_text by default, but our
  64     # callers want it unless otherwise specified.
  65     @select ||= Collection.columns.map(&:name)
  66     base_search = Collection.select(@select)
  67     if params[:search].andand.length.andand > 0
  68       tags = Link.where(any: ['contains', params[:search]])
  69       @objects = (base_search.where(uuid: tags.collect(&:head_uuid)) |
  70                       base_search.where(any: ['contains', params[:search]])).
  71         uniq { |c| c.uuid }
  72     else
  73       if params[:limit]
  74         limit = params[:limit].to_i
  75       else
  76         limit = 100
  77       end
  78
  79       if params[:offset]
  80         offset = params[:offset].to_i
  81       else
  82         offset = 0
  83       end
  84
  85       @objects = base_search.limit(limit).offset(offset)
  86     end
  87     @links = Link.where(head_uuid: @objects.collect(&:uuid))
  88     @collection_info = {}
  89     @objects.each do |c|
  90       @collection_info[c.uuid] = {
  91         tag_links: [],
  92         wanted: false,
  93         wanted_by_me: false,
  94         provenance: [],
  95         links: []
  96       }
  97     end
  98     @links.each do |link|
  99       @collection_info[link.head_uuid] ||= {}
 100       info = @collection_info[link.head_uuid]
 101       case link.link_class
 102       when 'tag'
 103         info[:tag_links] << link
 104       when 'resources'
 105         info[:wanted] = true
 106         info[:wanted_by_me] ||= link.tail_uuid == current_user.uuid
 107       when 'provenance'
 108         info[:provenance] << link.name
 109       end
 110       info[:links] << link
 111     end
 112     @request_url = request.url
 113
 114     render_index
 115   end
 116
 117   def show_file_links
 118     if Rails.configuration.keep_web_url || Rails.configuration.keep_web_download_url
 119       # show_file will redirect to keep-web's directory listing
 120       return show_file
 121     end
 122     Thread.current[:reader_tokens] = [params[:reader_token]]
 123     return if false.equal?(find_object_by_uuid)
 124     render layout: false
 125   end
 126
 127   def show_file
 128     # We pipe from arv-get to send the file to the user.  Before we start it,
 129     # we ask the API server if the file actually exists.  This serves two
 130     # purposes: it lets us return a useful status code for common errors, and
 131     # helps us figure out which token to provide to arv-get.
 132     # The order of searched tokens is important: because the anonymous user
 133     # token is passed along with every API request, we have to check it first.
 134     # Otherwise, it's impossible to know whether any other request succeeded
 135     # because of the reader token.
 136     coll = nil
 137     tokens = [(Rails.configuration.anonymous_user_token || nil),
 138               params[:reader_token],
 139               Thread.current[:arvados_api_token]].compact
 140     usable_token = find_usable_token(tokens) do
 141       coll = Collection.find(params[:uuid])
 142     end
 143     if usable_token.nil?
 144       # Response already rendered.
 145       return
 146     end
 147
 148     # If we are configured to use a keep-web server, just redirect to
 149     # the appropriate URL.
 150     if Rails.configuration.keep_web_url or
 151         Rails.configuration.keep_web_download_url
 152       opts = {}
 153       if usable_token == params[:reader_token]
 154         opts[:path_token] = usable_token
 155       elsif usable_token == Rails.configuration.anonymous_user_token
 156         # Don't pass a token at all
 157       else
 158         # We pass the current user's real token only if it's necessary
 159         # to read the collection.
 160         opts[:query_token] = usable_token
 161       end
 162       opts[:disposition] = params[:disposition] if params[:disposition]
 163       return redirect_to keep_web_url(params[:uuid], params[:file], opts)
 164     end
 165
 166     # No keep-web server available. Get the file data with arv-get,
 167     # and serve it through Rails.
 168
 169     file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
 170     if file_name.nil? or not coll.manifest.has_file?(file_name)
 171       return render_not_found
 172     end
 173
 174     opts = params.merge(arvados_api_token: usable_token)
 175
 176     # Handle Range requests. Currently we support only 'bytes=0-....'
 177     if request.headers.include? 'HTTP_RANGE'
 178       if m = /^bytes=0-(\d+)/.match(request.headers['HTTP_RANGE'])
 179         opts[:maxbytes] = m[1]
 180         size = params[:size] || '*'
 181         self.response.status = 206
 182         self.response.headers['Content-Range'] = "bytes 0-#{m[1]}/#{size}"
 183       end
 184     end
 185
 186     ext = File.extname(params[:file])
 187     self.response.headers['Content-Type'] =
 188       Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
 189     if params[:size]
 190       size = params[:size].to_i
 191       if opts[:maxbytes]
 192         size = [size, opts[:maxbytes].to_i].min
 193       end
 194       self.response.headers['Content-Length'] = size.to_s
 195     end
 196     self.response.headers['Content-Disposition'] = params[:disposition] if params[:disposition]
 197     begin
 198       file_enumerator(opts).each do |bytes|
 199         response.stream.write bytes
 200       end
 201     ensure
 202       response.stream.close
 203     end
 204   end
 205
 206   def sharing_scopes
 207     ["GET /arvados/v1/collections/#{@object.uuid}", "GET /arvados/v1/collections/#{@object.uuid}/", "GET /arvados/v1/keep_services/accessible"]
 208   end
 209
 210   def search_scopes
 211     begin
 212       ApiClientAuthorization.filter([['scopes', '=', sharing_scopes]]).results
 213     rescue ArvadosApiClient::AccessForbiddenException
 214       nil
 215     end
 216   end
 217
 218   def find_object_by_uuid
 219     if not Keep::Locator.parse params[:id]
 220       super
 221     end
 222   end
 223
 224   def show
 225     return super if !@object
 226
 227     @logs = []
 228
 229     if params["tab_pane"] == "Provenance_graph"
 230       @prov_svg = ProvenanceHelper::create_provenance_graph(@object.provenance, "provenance_svg",
 231                                                             {:request => request,
 232                                                              :direction => :top_down,
 233                                                              :combine_jobs => :script_only}) rescue nil
 234     end
 235
 236     if current_user
 237       if Keep::Locator.parse params["uuid"]
 238         @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
 239         if @same_pdh.results.size == 1
 240           redirect_to collection_path(@same_pdh[0]["uuid"])
 241           return
 242         end
 243         owners = @same_pdh.map(&:owner_uuid).to_a.uniq
 244         preload_objects_for_dataclass Group, owners
 245         preload_objects_for_dataclass User, owners
 246         uuids = @same_pdh.map(&:uuid).to_a.uniq
 247         preload_links_for_objects uuids
 248         render 'hash_matches'
 249         return
 250       else
 251         if Job.api_exists?(:index)
 252           jobs_with = lambda do |conds|
 253             Job.limit(RELATION_LIMIT).where(conds)
 254               .results.sort_by { |j| j.finished_at || j.created_at }
 255           end
 256           @output_of = jobs_with.call(output: @object.portable_data_hash)
 257           @log_of = jobs_with.call(log: @object.portable_data_hash)
 258         end
 259
 260         @project_links = Link.limit(RELATION_LIMIT).order("modified_at DESC")
 261           .where(head_uuid: @object.uuid, link_class: 'name').results
 262         project_hash = Group.where(uuid: @project_links.map(&:tail_uuid)).to_hash
 263         @projects = project_hash.values
 264
 265         @permissions = Link.limit(RELATION_LIMIT).order("modified_at DESC")
 266           .where(head_uuid: @object.uuid, link_class: 'permission',
 267                  name: 'can_read').results
 268         @search_sharing = search_scopes
 269
 270         if params["tab_pane"] == "Used_by"
 271           @used_by_svg = ProvenanceHelper::create_provenance_graph(@object.used_by, "used_by_svg",
 272                                                                    {:request => request,
 273                                                                     :direction => :top_down,
 274                                                                     :combine_jobs => :script_only,
 275                                                                     :pdata_only => true}) rescue nil
 276         end
 277       end
 278     end
 279     super
 280   end
 281
 282   def sharing_popup
 283     @search_sharing = search_scopes
 284     render("sharing_popup.js", content_type: "text/javascript")
 285   end
 286
 287   helper_method :download_link
 288
 289   def download_link
 290     token = @search_sharing.first.api_token
 291     if Rails.configuration.keep_web_url || Rails.configuration.keep_web_download_url
 292       keep_web_url(@object.uuid, nil, {path_token: token})
 293     else
 294       collections_url + "/download/#{@object.uuid}/#{token}/"
 295     end
 296   end
 297
 298   def share
 299     ApiClientAuthorization.create(scopes: sharing_scopes)
 300     sharing_popup
 301   end
 302
 303   def unshare
 304     search_scopes.each do |s|
 305       s.destroy
 306     end
 307     sharing_popup
 308   end
 309
 310   def remove_selected_files
 311     uuids, source_paths = selected_collection_files params
 312
 313     arv_coll = Arv::Collection.new(@object.manifest_text)
 314     source_paths[uuids[0]].each do |p|
 315       arv_coll.rm "."+p
 316     end
 317
 318     if @object.update_attributes manifest_text: arv_coll.manifest_text
 319       show
 320     else
 321       self.render_error status: 422
 322     end
 323   end
 324
 325   def update
 326     updated_attr = params[:collection].each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
 327
 328     if updated_attr.size > 0
 329       # Is it file rename?
 330       file_path = updated_attr[0][0].split('rename-file-path:')[-1]
 331
 332       new_file_path = updated_attr[0][1]
 333       if new_file_path.start_with?('./')
 334         # looks good
 335       elsif new_file_path.start_with?('/')
 336         new_file_path = '.' + new_file_path
 337       else
 338         new_file_path = './' + new_file_path
 339       end
 340
 341       arv_coll = Arv::Collection.new(@object.manifest_text)
 342
 343       if arv_coll.exist?(new_file_path)
 344         @errors = 'Duplicate file path. Please use a different name.'
 345         self.render_error status: 422
 346       else
 347         arv_coll.rename "./"+file_path, new_file_path
 348
 349         if @object.update_attributes manifest_text: arv_coll.manifest_text
 350           show
 351         else
 352           self.render_error status: 422
 353         end
 354       end
 355     else
 356       # Not a file rename; use default
 357       super
 358     end
 359   end
 360
 361   def tags
 362     render
 363   end
 364
 365   def save_tags
 366     tags_param = params['tag_data']
 367     if tags_param
 368       if tags_param.is_a?(String) && tags_param == "empty"
 369         tags = {}
 370       else
 371         tags = tags_param
 372       end
 373     end
 374
 375     if tags
 376       if @object.update_attributes properties: tags
 377         @saved_tags = true
 378         render
 379       else
 380         self.render_error status: 422
 381       end
 382     end
 383   end
 384
 385   protected
 386
 387   def find_usable_token(token_list)
 388     # Iterate over every given token to make it the current token and
 389     # yield the given block.
 390     # If the block succeeds, return the token it used.
 391     # Otherwise, render an error response based on the most specific
 392     # error we encounter, and return nil.
 393     most_specific_error = [401]
 394     token_list.each do |api_token|
 395       begin
 396         # We can't load the corresponding user, because the token may not
 397         # be scoped for that.
 398         using_specific_api_token(api_token, load_user: false) do
 399           yield
 400           return api_token
 401         end
 402       rescue ArvadosApiClient::ApiError => error
 403         if error.api_status >= most_specific_error.first
 404           most_specific_error = [error.api_status, error]
 405         end
 406       end
 407     end
 408     case most_specific_error.shift
 409     when 401, 403
 410       redirect_to_login
 411     when 404
 412       render_not_found(*most_specific_error)
 413     end
 414     return nil
 415   end
 416
 417   def keep_web_url(uuid_or_pdh, file, opts)
 418     munged_id = uuid_or_pdh.sub('+', '-')
 419     fmt = {uuid_or_pdh: munged_id}
 420
 421     tmpl = Rails.configuration.keep_web_url
 422     if Rails.configuration.keep_web_download_url and
 423         (!tmpl or opts[:disposition] == 'attachment')
 424       # Prefer the attachment-only-host when we want an attachment
 425       # (and when there is no preview link configured)
 426       tmpl = Rails.configuration.keep_web_download_url
 427     elsif not Rails.configuration.trust_all_content
 428       check_uri = URI.parse(tmpl % fmt)
 429       if opts[:query_token] and
 430           not check_uri.host.start_with?(munged_id + "--") and
 431           not check_uri.host.start_with?(munged_id + ".")
 432         # We're about to pass a token in the query string, but
 433         # keep-web can't accept that safely at a single-origin URL
 434         # template (unless it's -attachment-only-host).
 435         tmpl = Rails.configuration.keep_web_download_url
 436         if not tmpl
 437           raise ArgumentError, "Download precluded by site configuration"
 438         end
 439         logger.warn("Using download link, even though inline content " \
 440                     "was requested: #{check_uri.to_s}")
 441       end
 442     end
 443
 444     if tmpl == Rails.configuration.keep_web_download_url
 445       # This takes us to keep-web's -attachment-only-host so there is
 446       # no need to add ?disposition=attachment.
 447       opts.delete :disposition
 448     end
 449
 450     uri = URI.parse(tmpl % fmt)
 451     uri.path += '/' unless uri.path.end_with? '/'
 452     if opts[:path_token]
 453       uri.path += 't=' + opts[:path_token] + '/'
 454     end
 455     uri.path += '_/'
 456     uri.path += URI.escape(file) if file
 457
 458     query = Hash[URI.decode_www_form(uri.query || '')]
 459     { query_token: 'api_token',
 460       disposition: 'disposition' }.each do |opt, param|
 461       if opts.include? opt
 462         query[param] = opts[opt]
 463       end
 464     end
 465     unless query.empty?
 466       uri.query = URI.encode_www_form(query)
 467     end
 468
 469     uri.to_s
 470   end
 471
 472   # Note: several controller and integration tests rely on stubbing
 473   # file_enumerator to return fake file content.
 474   def file_enumerator opts
 475     FileStreamer.new opts
 476   end
 477
 478   class FileStreamer
 479     include ArvadosApiClientHelper
 480     def initialize(opts={})
 481       @opts = opts
 482     end
 483     def each
 484       return unless @opts[:uuid] && @opts[:file]
 485
 486       env = Hash[ENV].dup
 487
 488       require 'uri'
 489       u = URI.parse(arvados_api_client.arvados_v1_base)
 490       env['ARVADOS_API_HOST'] = "#{u.host}:#{u.port}"
 491       env['ARVADOS_API_TOKEN'] = @opts[:arvados_api_token]
 492       env['ARVADOS_API_HOST_INSECURE'] = "true" if Rails.configuration.arvados_insecure_https
 493
 494       bytesleft = @opts[:maxbytes].andand.to_i || 2**16
 495       io = IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"], 'rb')
 496       while bytesleft > 0 && (buf = io.read([bytesleft, 2**16].min)) != nil
 497         # shrink the bytesleft count, if we were given a maximum byte
 498         # count to read
 499         if @opts.include? :maxbytes
 500           bytesleft = bytesleft - buf.length
 501         end
 502         yield buf
 503       end
 504       io.close
 505       # "If ios is opened by IO.popen, close sets $?."
 506       # http://www.ruby-doc.org/core-2.1.3/IO.html#method-i-close
 507       Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: #{$?}") if $? != 0
 508     end
 509   end
 510 end