services/api/lib/current_api_client.rb

   1 module CurrentApiClient
   2   def current_user
   3     Thread.current[:user]
   4   end
   5
   6   def current_api_client
   7     Thread.current[:api_client]
   8   end
   9
  10   def current_api_client_authorization
  11     Thread.current[:api_client_authorization]
  12   end
  13
  14   def current_api_base
  15     Thread.current[:api_url_base]
  16   end
  17
  18   def current_default_owner
  19     # owner_uuid for newly created objects
  20     ((current_api_client_authorization &&
  21       current_api_client_authorization.default_owner_uuid) ||
  22      (current_user && current_user.default_owner_uuid) ||
  23      (current_user && current_user.uuid) ||
  24      nil)
  25   end
  26
  27   # Where is the client connecting from?
  28   def current_api_client_ip_address
  29     Thread.current[:api_client_ip_address]
  30   end
  31
  32   # Is the current API client authorization scoped for the request?
  33   def current_api_client_auth_has_scope(req_s)
  34     (current_api_client_authorization.andand.scopes || []).select { |scope|
  35       if scope == 'all'
  36         true
  37       elsif scope.end_with? '/'
  38         req_s.start_with? scope
  39       else
  40         req_s == scope
  41       end
  42     }.any?
  43   end
  44
  45   def system_user_uuid
  46     [Server::Application.config.uuid_prefix,
  47      User.uuid_prefix,
  48      '000000000000000'].join('-')
  49   end
  50
  51   def system_group_uuid
  52     [Server::Application.config.uuid_prefix,
  53      Group.uuid_prefix,
  54      '000000000000000'].join('-')
  55   end
  56
  57   def system_user
  58     if not $system_user
  59       real_current_user = Thread.current[:user]
  60       Thread.current[:user] = User.new(is_admin: true, is_active: true)
  61       $system_user = User.where('uuid=?', system_user_uuid).first
  62       if !$system_user
  63         $system_user = User.new(uuid: system_user_uuid,
  64                                 is_active: true,
  65                                 is_admin: true,
  66                                 email: 'root',
  67                                 first_name: 'root',
  68                                 last_name: '')
  69         $system_user.save!
  70         $system_user.reload
  71       end
  72       Thread.current[:user] = real_current_user
  73     end
  74     $system_user
  75   end
  76
  77   def system_group
  78     if not $system_group
  79       act_as_system_user do
  80         ActiveRecord::Base.transaction do
  81           $system_group = Group.
  82             where(uuid: system_group_uuid).first_or_create do |g|
  83             g.update_attributes(name: "System group",
  84                                 description: "System group")
  85             User.all.collect(&:uuid).each do |user_uuid|
  86               Link.create(link_class: 'permission',
  87                           name: 'can_manage',
  88                           tail_kind: 'arvados#group',
  89                           tail_uuid: system_group_uuid,
  90                           head_kind: 'arvados#user',
  91                           head_uuid: user_uuid)
  92             end
  93           end
  94         end
  95       end
  96     end
  97     $system_group
  98   end
  99
 100   def act_as_system_user
 101     if block_given?
 102       user_was = Thread.current[:user]
 103       Thread.current[:user] = system_user
 104       begin
 105         yield
 106       ensure
 107         Thread.current[:user] = user_was
 108       end
 109     else
 110       Thread.current[:user] = system_user
 111     end
 112   end
 113 end