services/api/lib/current_api_client.rb

   1 module CurrentApiClient
   2   def current_user
   3     Thread.current[:user]
   4   end
   5
   6   def current_api_client
   7     Thread.current[:api_client]
   8   end
   9
  10   def current_api_client_authorization
  11     Thread.current[:api_client_authorization]
  12   end
  13
  14   def current_api_base
  15     Thread.current[:api_url_base]
  16   end
  17
  18   def current_default_owner
  19     # owner_uuid for newly created objects
  20     ((current_api_client_authorization &&
  21       current_api_client_authorization.default_owner_uuid) ||
  22      (current_user && current_user.default_owner_uuid) ||
  23      (current_user && current_user.uuid) ||
  24      nil)
  25   end
  26
  27   # Where is the client connecting from?
  28   def current_api_client_ip_address
  29     Thread.current[:api_client_ip_address]
  30   end
  31
  32   # Does the current API client authorization include any of ok_scopes?
  33   def current_api_client_auth_has_scope(ok_scopes)
  34     auth_scopes = current_api_client_authorization.andand.scopes || []
  35     unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
  36       logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
  37       return false
  38     end
  39     true
  40   end
  41
  42   def system_user_uuid
  43     [Server::Application.config.uuid_prefix,
  44      User.uuid_prefix,
  45      '000000000000000'].join('-')
  46   end
  47
  48   def system_group_uuid
  49     [Server::Application.config.uuid_prefix,
  50      Group.uuid_prefix,
  51      '000000000000000'].join('-')
  52   end
  53
  54   def system_user
  55     if not $system_user
  56       real_current_user = Thread.current[:user]
  57       Thread.current[:user] = User.new(is_admin: true, is_active: true)
  58       $system_user = User.where('uuid=?', system_user_uuid).first
  59       if !$system_user
  60         $system_user = User.new(uuid: system_user_uuid,
  61                                 is_active: true,
  62                                 is_admin: true,
  63                                 email: 'root',
  64                                 first_name: 'root',
  65                                 last_name: '')
  66         $system_user.save!
  67         $system_user.reload
  68       end
  69       Thread.current[:user] = real_current_user
  70     end
  71     $system_user
  72   end
  73
  74   def system_group
  75     if not $system_group
  76       act_as_system_user do
  77         ActiveRecord::Base.transaction do
  78           $system_group = Group.
  79             where(uuid: system_group_uuid).first_or_create do |g|
  80             g.update_attributes(name: "System group",
  81                                 description: "System group")
  82             User.all.collect(&:uuid).each do |user_uuid|
  83               Link.create(link_class: 'permission',
  84                           name: 'can_manage',
  85                           tail_kind: 'arvados#group',
  86                           tail_uuid: system_group_uuid,
  87                           head_kind: 'arvados#user',
  88                           head_uuid: user_uuid)
  89             end
  90           end
  91         end
  92       end
  93     end
  94     $system_group
  95   end
  96
  97   def act_as_system_user
  98     if block_given?
  99       user_was = Thread.current[:user]
 100       Thread.current[:user] = system_user
 101       ret = yield
 102       Thread.current[:user] = user_was
 103       ret
 104     else
 105       Thread.current[:user] = system_user
 106     end
 107   end
 108 end