projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added rescue AccessForbiddenException to collections controller and view to
[arvados.git] / apps / workbench / app / controllers / collections_controller.rb
1 class CollectionsController < ApplicationController
2   skip_around_filter(:thread_with_mandatory_api_token,
3                      only: [:show_file, :show_file_links])
4   skip_before_filter(:find_object_by_uuid,
5                      only: [:provenance, :show_file, :show_file_links])
6
7   RELATION_LIMIT = 5
8
9   def show_pane_list
10     %w(Files Attributes Metadata Provenance_graph Used_by JSON API)
11   end
12
13   def set_persistent
14     case params[:value]
15     when 'persistent', 'cache'
16       persist_links = Link.filter([['owner_uuid', '=', current_user.uuid],
17                                    ['link_class', '=', 'resources'],
18                                    ['name', '=', 'wants'],
19                                    ['tail_uuid', '=', current_user.uuid],
20                                    ['head_uuid', '=', @object.uuid]])
21       logger.debug persist_links.inspect
22     else
23       return unprocessable "Invalid value #{value.inspect}"
24     end
25     if params[:value] == 'persistent'
26       if not persist_links.any?
27         Link.create(link_class: 'resources',
28                     name: 'wants',
29                     tail_uuid: current_user.uuid,
30                     head_uuid: @object.uuid)
31       end
32     else
33       persist_links.each do |link|
34         link.destroy || raise
35       end
36     end
37
38     respond_to do |f|
39       f.json { render json: @object }
40     end
41   end
42
43   def index
44     if params[:search].andand.length.andand > 0
45       tags = Link.where(any: ['contains', params[:search]])
46       @collections = (Collection.where(uuid: tags.collect(&:head_uuid)) |
47                       Collection.where(any: ['contains', params[:search]])).
48         uniq { |c| c.uuid }
49     else
50       if params[:limit]
51         limit = params[:limit].to_i
52       else
53         limit = 100
54       end
55
56       if params[:offset]
57         offset = params[:offset].to_i
58       else
59         offset = 0
60       end
61
62       @collections = Collection.limit(limit).offset(offset)
63     end
64     @links = Link.limit(1000).
65       where(head_uuid: @collections.collect(&:uuid))
66     @collection_info = {}
67     @collections.each do |c|
68       @collection_info[c.uuid] = {
69         tag_links: [],
70         wanted: false,
71         wanted_by_me: false,
72         provenance: [],
73         links: []
74       }
75     end
76     @links.each do |link|
77       @collection_info[link.head_uuid] ||= {}
78       info = @collection_info[link.head_uuid]
79       case link.link_class
80       when 'tag'
81         info[:tag_links] << link
82       when 'resources'
83         info[:wanted] = true
84         info[:wanted_by_me] ||= link.tail_uuid == current_user.uuid
85       when 'provenance'
86         info[:provenance] << link.name
87       end
88       info[:links] << link
89     end
90     @request_url = request.url
91   end
92
93   def show_file_links
94     Thread.current[:reader_tokens] = [params[:reader_token]]
95     find_object_by_uuid
96     render layout: false
97   end
98
99   def show_file
100     # We pipe from arv-get to send the file to the user.  Before we start it,
101     # we ask the API server if the file actually exists.  This serves two
102     # purposes: it lets us return a useful status code for common errors, and
103     # helps us figure out which token to provide to arv-get.
104     coll = nil
105     tokens = [Thread.current[:arvados_api_token], params[:reader_token]].compact
106     usable_token = find_usable_token(tokens) do
107       coll = Collection.find(params[:uuid])
108     end
109     if usable_token.nil?
110       return  # Response already rendered.
111     elsif params[:file].nil? or not file_in_collection?(coll, params[:file])
112       return render_not_found
113     end
114     opts = params.merge(arvados_api_token: usable_token)
115     ext = File.extname(params[:file])
116     self.response.headers['Content-Type'] =
117       Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
118     self.response.headers['Content-Length'] = params[:size] if params[:size]
119     self.response.headers['Content-Disposition'] = params[:disposition] if params[:disposition]
120     self.response_body = file_enumerator opts
121   end
122
123   def sharing_scopes
124     ["GET /arvados/v1/collections/#{@object.uuid}", "GET /arvados/v1/keep_services"]
125   end
126
127   def search_scopes
128     begin
129       ApiClientAuthorization.filter([['scopes', '=', sharing_scopes]]).results
130     rescue ArvadosApiClient::AccessForbiddenException
131       nil
132     end
133   end
134
135   def show
136     return super if !@object
137     if current_user
138       jobs_with = lambda do |conds|
139         Job.limit(RELATION_LIMIT).where(conds)
140           .results.sort_by { |j| j.finished_at || j.created_at }
141       end
142       @output_of = jobs_with.call(output: @object.uuid)
143       @log_of = jobs_with.call(log: @object.uuid)
144       folder_links = Link.limit(RELATION_LIMIT).order("modified_at DESC")
145         .where(head_uuid: @object.uuid, link_class: 'name').results
146       folder_hash = Group.where(uuid: folder_links.map(&:tail_uuid)).to_hash
147       @folders = folder_links.map { |link| folder_hash[link.tail_uuid] }
148       @permissions = Link.limit(RELATION_LIMIT).order("modified_at DESC")
149         .where(head_uuid: @object.uuid, link_class: 'permission',
150                name: 'can_read').results
151       @logs = Log.limit(RELATION_LIMIT).order("created_at DESC")
152         .where(object_uuid: @object.uuid).results
153       @is_persistent = Link.limit(1)
154         .where(head_uuid: @object.uuid, tail_uuid: current_user.uuid,
155                link_class: 'resources', name: 'wants')
156         .results.any?
157       @search_sharing = search_scopes
158     end
159     @prov_svg = ProvenanceHelper::create_provenance_graph(@object.provenance, "provenance_svg",
160                                                           {:request => request,
161                                                             :direction => :bottom_up,
162                                                             :combine_jobs => :script_only}) rescue nil
163     @used_by_svg = ProvenanceHelper::create_provenance_graph(@object.used_by, "used_by_svg",
164                                                              {:request => request,
165                                                                :direction => :top_down,
166                                                                :combine_jobs => :script_only,
167                                                                :pdata_only => true}) rescue nil
168   end
169
170   def sharing_popup
171     @search_sharing = search_scopes
172     respond_to do |format|
173       format.html
174       format.js
175     end
176   end
177
178   helper_method :download_link
179
180   def download_link
181     collections_url + "/download/#{@object.uuid}/#{@search_sharing.first.api_token}"
182   end
183
184   def share
185     a = ApiClientAuthorization.create(scopes: sharing_scopes)
186     @search_sharing = search_scopes
187     render 'sharing_popup'
188   end
189
190   def unshare
191     @search_sharing = search_scopes
192     @search_sharing.each do |s|
193       s.destroy
194     end
195     @search_sharing = search_scopes
196     render 'sharing_popup'
197   end
198
199   protected
200
201   def find_usable_token(token_list)
202     # Iterate over every given token to make it the current token and
203     # yield the given block.
204     # If the block succeeds, return the token it used.
205     # Otherwise, render an error response based on the most specific
206     # error we encounter, and return nil.
207     most_specific_error = [401]
208     token_list.each do |api_token|
209       using_specific_api_token(api_token) do
210         begin
211           yield
212           return api_token
213         rescue ArvadosApiClient::NotLoggedInException => error
214           status = 401
215         rescue => error
216           status = (error.message =~ /\[API: (\d+)\]$/) ? $1.to_i : nil
217           raise unless [401, 403, 404].include?(status)
218         end
219         if status >= most_specific_error.first
220           most_specific_error = [status, error]
221         end
222       end
223     end
224     case most_specific_error.shift
225     when 401, 403
226       redirect_to_login
227     when 404
228       render_not_found(*most_specific_error)
229     end
230     return nil
231   end
232
233   def file_in_collection?(collection, filename)
234     target = CollectionsHelper.file_path(File.split(filename))
235     collection.files.each do |file_spec|
236       return true if (CollectionsHelper.file_path(file_spec) == target)
237     end
238     false
239   end
240
241   def file_enumerator(opts)
242     FileStreamer.new opts
243   end
244
245   class FileStreamer
246     include ArvadosApiClientHelper
247     def initialize(opts={})
248       @opts = opts
249     end
250     def each
251       return unless @opts[:uuid] && @opts[:file]
252
253       env = Hash[ENV].dup
254
255       require 'uri'
256       u = URI.parse(arvados_api_client.arvados_v1_base)
257       env['ARVADOS_API_HOST'] = "#{u.host}:#{u.port}"
258       env['ARVADOS_API_TOKEN'] = @opts[:arvados_api_token]
259       env['ARVADOS_API_HOST_INSECURE'] = "true" if Rails.configuration.arvados_insecure_https
260
261       IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"],
262                'rb') do |io|
263         while buf = io.read(2**16)
264           yield buf
265         end
266       end
267       Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: #{$?}") if $? != 0
268     end
269   end
270 end