projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
11870: link repositories menu item in user menu to repositories index page.
[arvados.git] / apps / workbench / app / controllers / collections_controller.rb
1 require "arvados/keep"
2 require "arvados/collection"
3 require "uri"
4
5 class CollectionsController < ApplicationController
6   include ActionController::Live
7
8   skip_around_filter :require_thread_api_token, if: proc { |ctrl|
9     Rails.configuration.anonymous_user_token and
10     'show' == ctrl.action_name
11   }
12   skip_around_filter(:require_thread_api_token,
13                      only: [:show_file, :show_file_links])
14   skip_before_filter(:find_object_by_uuid,
15                      only: [:provenance, :show_file, :show_file_links])
16   # We depend on show_file to display the user agreement:
17   skip_before_filter :check_user_agreements, only: :show_file
18   skip_before_filter :check_user_profile, only: :show_file
19
20   RELATION_LIMIT = 5
21
22   def show_pane_list
23     panes = %w(Files Upload Tags Provenance_graph Used_by Advanced)
24     panes = panes - %w(Upload) unless (@object.editable? rescue false)
25     panes
26   end
27
28   def set_persistent
29     case params[:value]
30     when 'persistent', 'cache'
31       persist_links = Link.filter([['owner_uuid', '=', current_user.uuid],
32                                    ['link_class', '=', 'resources'],
33                                    ['name', '=', 'wants'],
34                                    ['tail_uuid', '=', current_user.uuid],
35                                    ['head_uuid', '=', @object.uuid]])
36       logger.debug persist_links.inspect
37     else
38       return unprocessable "Invalid value #{value.inspect}"
39     end
40     if params[:value] == 'persistent'
41       if not persist_links.any?
42         Link.create(link_class: 'resources',
43                     name: 'wants',
44                     tail_uuid: current_user.uuid,
45                     head_uuid: @object.uuid)
46       end
47     else
48       persist_links.each do |link|
49         link.destroy || raise
50       end
51     end
52
53     respond_to do |f|
54       f.json { render json: @object }
55     end
56   end
57
58   def index
59     # API server index doesn't return manifest_text by default, but our
60     # callers want it unless otherwise specified.
61     @select ||= Collection.columns.map(&:name)
62     base_search = Collection.select(@select)
63     if params[:search].andand.length.andand > 0
64       tags = Link.where(any: ['contains', params[:search]])
65       @objects = (base_search.where(uuid: tags.collect(&:head_uuid)) |
66                       base_search.where(any: ['contains', params[:search]])).
67         uniq { |c| c.uuid }
68     else
69       if params[:limit]
70         limit = params[:limit].to_i
71       else
72         limit = 100
73       end
74
75       if params[:offset]
76         offset = params[:offset].to_i
77       else
78         offset = 0
79       end
80
81       @objects = base_search.limit(limit).offset(offset)
82     end
83     @links = Link.where(head_uuid: @objects.collect(&:uuid))
84     @collection_info = {}
85     @objects.each do |c|
86       @collection_info[c.uuid] = {
87         tag_links: [],
88         wanted: false,
89         wanted_by_me: false,
90         provenance: [],
91         links: []
92       }
93     end
94     @links.each do |link|
95       @collection_info[link.head_uuid] ||= {}
96       info = @collection_info[link.head_uuid]
97       case link.link_class
98       when 'tag'
99         info[:tag_links] << link
100       when 'resources'
101         info[:wanted] = true
102         info[:wanted_by_me] ||= link.tail_uuid == current_user.uuid
103       when 'provenance'
104         info[:provenance] << link.name
105       end
106       info[:links] << link
107     end
108     @request_url = request.url
109
110     render_index
111   end
112
113   def show_file_links
114     Thread.current[:reader_tokens] = [params[:reader_token]]
115     return if false.equal?(find_object_by_uuid)
116     render layout: false
117   end
118
119   def show_file
120     # We pipe from arv-get to send the file to the user.  Before we start it,
121     # we ask the API server if the file actually exists.  This serves two
122     # purposes: it lets us return a useful status code for common errors, and
123     # helps us figure out which token to provide to arv-get.
124     # The order of searched tokens is important: because the anonymous user
125     # token is passed along with every API request, we have to check it first.
126     # Otherwise, it's impossible to know whether any other request succeeded
127     # because of the reader token.
128     coll = nil
129     tokens = [(Rails.configuration.anonymous_user_token || nil),
130               params[:reader_token],
131               Thread.current[:arvados_api_token]].compact
132     usable_token = find_usable_token(tokens) do
133       coll = Collection.find(params[:uuid])
134     end
135     if usable_token.nil?
136       # Response already rendered.
137       return
138     end
139
140     # If we are configured to use a keep-web server, just redirect to
141     # the appropriate URL.
142     if Rails.configuration.keep_web_url or
143         Rails.configuration.keep_web_download_url
144       opts = {}
145       if usable_token == params[:reader_token]
146         opts[:path_token] = usable_token
147       elsif usable_token == Rails.configuration.anonymous_user_token
148         # Don't pass a token at all
149       else
150         # We pass the current user's real token only if it's necessary
151         # to read the collection.
152         opts[:query_token] = usable_token
153       end
154       opts[:disposition] = params[:disposition] if params[:disposition]
155       return redirect_to keep_web_url(params[:uuid], params[:file], opts)
156     end
157
158     # No keep-web server available. Get the file data with arv-get,
159     # and serve it through Rails.
160
161     file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
162     if file_name.nil? or not coll.manifest.has_file?(file_name)
163       return render_not_found
164     end
165
166     opts = params.merge(arvados_api_token: usable_token)
167
168     # Handle Range requests. Currently we support only 'bytes=0-....'
169     if request.headers.include? 'HTTP_RANGE'
170       if m = /^bytes=0-(\d+)/.match(request.headers['HTTP_RANGE'])
171         opts[:maxbytes] = m[1]
172         size = params[:size] || '*'
173         self.response.status = 206
174         self.response.headers['Content-Range'] = "bytes 0-#{m[1]}/#{size}"
175       end
176     end
177
178     ext = File.extname(params[:file])
179     self.response.headers['Content-Type'] =
180       Rack::Mime::MIME_TYPES[ext] || 'application/octet-stream'
181     if params[:size]
182       size = params[:size].to_i
183       if opts[:maxbytes]
184         size = [size, opts[:maxbytes].to_i].min
185       end
186       self.response.headers['Content-Length'] = size.to_s
187     end
188     self.response.headers['Content-Disposition'] = params[:disposition] if params[:disposition]
189     begin
190       file_enumerator(opts).each do |bytes|
191         response.stream.write bytes
192       end
193     ensure
194       response.stream.close
195     end
196   end
197
198   def sharing_scopes
199     ["GET /arvados/v1/collections/#{@object.uuid}", "GET /arvados/v1/collections/#{@object.uuid}/", "GET /arvados/v1/keep_services/accessible"]
200   end
201
202   def search_scopes
203     begin
204       ApiClientAuthorization.filter([['scopes', '=', sharing_scopes]]).results
205     rescue ArvadosApiClient::AccessForbiddenException
206       nil
207     end
208   end
209
210   def find_object_by_uuid
211     if not Keep::Locator.parse params[:id]
212       super
213     end
214   end
215
216   def show
217     return super if !@object
218
219     @logs = []
220
221     if params["tab_pane"] == "Provenance_graph"
222       @prov_svg = ProvenanceHelper::create_provenance_graph(@object.provenance, "provenance_svg",
223                                                             {:request => request,
224                                                              :direction => :top_down,
225                                                              :combine_jobs => :script_only}) rescue nil
226     end
227
228     if current_user
229       if Keep::Locator.parse params["uuid"]
230         @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
231         if @same_pdh.results.size == 1
232           redirect_to collection_path(@same_pdh[0]["uuid"])
233           return
234         end
235         owners = @same_pdh.map(&:owner_uuid).to_a.uniq
236         preload_objects_for_dataclass Group, owners
237         preload_objects_for_dataclass User, owners
238         uuids = @same_pdh.map(&:uuid).to_a.uniq
239         preload_links_for_objects uuids
240         render 'hash_matches'
241         return
242       else
243         if Job.api_exists?(:index)
244           jobs_with = lambda do |conds|
245             Job.limit(RELATION_LIMIT).where(conds)
246               .results.sort_by { |j| j.finished_at || j.created_at }
247           end
248           @output_of = jobs_with.call(output: @object.portable_data_hash)
249           @log_of = jobs_with.call(log: @object.portable_data_hash)
250         end
251
252         @project_links = Link.limit(RELATION_LIMIT).order("modified_at DESC")
253           .where(head_uuid: @object.uuid, link_class: 'name').results
254         project_hash = Group.where(uuid: @project_links.map(&:tail_uuid)).to_hash
255         @projects = project_hash.values
256
257         @permissions = Link.limit(RELATION_LIMIT).order("modified_at DESC")
258           .where(head_uuid: @object.uuid, link_class: 'permission',
259                  name: 'can_read').results
260         @search_sharing = search_scopes
261
262         if params["tab_pane"] == "Used_by"
263           @used_by_svg = ProvenanceHelper::create_provenance_graph(@object.used_by, "used_by_svg",
264                                                                    {:request => request,
265                                                                     :direction => :top_down,
266                                                                     :combine_jobs => :script_only,
267                                                                     :pdata_only => true}) rescue nil
268         end
269       end
270     end
271     super
272   end
273
274   def sharing_popup
275     @search_sharing = search_scopes
276     render("sharing_popup.js", content_type: "text/javascript")
277   end
278
279   helper_method :download_link
280
281   def download_link
282     collections_url + "/download/#{@object.uuid}/#{@search_sharing.first.api_token}/"
283   end
284
285   def share
286     ApiClientAuthorization.create(scopes: sharing_scopes)
287     sharing_popup
288   end
289
290   def unshare
291     search_scopes.each do |s|
292       s.destroy
293     end
294     sharing_popup
295   end
296
297   def remove_selected_files
298     uuids, source_paths = selected_collection_files params
299
300     arv_coll = Arv::Collection.new(@object.manifest_text)
301     source_paths[uuids[0]].each do |p|
302       arv_coll.rm "."+p
303     end
304
305     if @object.update_attributes manifest_text: arv_coll.manifest_text
306       show
307     else
308       self.render_error status: 422
309     end
310   end
311
312   def update
313     updated_attr = params[:collection].each.select {|a| a[0].andand.start_with? 'rename-file-path:'}
314
315     if updated_attr.size > 0
316       # Is it file rename?
317       file_path = updated_attr[0][0].split('rename-file-path:')[-1]
318
319       new_file_path = updated_attr[0][1]
320       if new_file_path.start_with?('./')
321         # looks good
322       elsif new_file_path.start_with?('/')
323         new_file_path = '.' + new_file_path
324       else
325         new_file_path = './' + new_file_path
326       end
327
328       arv_coll = Arv::Collection.new(@object.manifest_text)
329
330       if arv_coll.exist?(new_file_path)
331         @errors = 'Duplicate file path. Please use a different name.'
332         self.render_error status: 422
333       else
334         arv_coll.rename "./"+file_path, new_file_path
335
336         if @object.update_attributes manifest_text: arv_coll.manifest_text
337           show
338         else
339           self.render_error status: 422
340         end
341       end
342     else
343       # Not a file rename; use default
344       super
345     end
346   end
347
348   def tags
349     render
350   end
351
352   def save_tags
353     tags_param = params['tag_data']
354     if tags_param
355       if tags_param.is_a?(String) && tags_param == "empty"
356         tags = {}
357       else
358         tags = tags_param
359       end
360     end
361
362     if tags
363       if @object.update_attributes properties: tags
364         @saved_tags = true
365         render
366       else
367         self.render_error status: 422
368       end
369     end
370   end
371
372   protected
373
374   def find_usable_token(token_list)
375     # Iterate over every given token to make it the current token and
376     # yield the given block.
377     # If the block succeeds, return the token it used.
378     # Otherwise, render an error response based on the most specific
379     # error we encounter, and return nil.
380     most_specific_error = [401]
381     token_list.each do |api_token|
382       begin
383         # We can't load the corresponding user, because the token may not
384         # be scoped for that.
385         using_specific_api_token(api_token, load_user: false) do
386           yield
387           return api_token
388         end
389       rescue ArvadosApiClient::ApiError => error
390         if error.api_status >= most_specific_error.first
391           most_specific_error = [error.api_status, error]
392         end
393       end
394     end
395     case most_specific_error.shift
396     when 401, 403
397       redirect_to_login
398     when 404
399       render_not_found(*most_specific_error)
400     end
401     return nil
402   end
403
404   def keep_web_url(uuid_or_pdh, file, opts)
405     munged_id = uuid_or_pdh.sub('+', '-')
406     fmt = {uuid_or_pdh: munged_id}
407
408     tmpl = Rails.configuration.keep_web_url
409     if Rails.configuration.keep_web_download_url and
410         (!tmpl or opts[:disposition] == 'attachment')
411       # Prefer the attachment-only-host when we want an attachment
412       # (and when there is no preview link configured)
413       tmpl = Rails.configuration.keep_web_download_url
414     elsif not Rails.configuration.trust_all_content
415       check_uri = URI.parse(tmpl % fmt)
416       if opts[:query_token] and
417           not check_uri.host.start_with?(munged_id + "--") and
418           not check_uri.host.start_with?(munged_id + ".")
419         # We're about to pass a token in the query string, but
420         # keep-web can't accept that safely at a single-origin URL
421         # template (unless it's -attachment-only-host).
422         tmpl = Rails.configuration.keep_web_download_url
423         if not tmpl
424           raise ArgumentError, "Download precluded by site configuration"
425         end
426         logger.warn("Using download link, even though inline content " \
427                     "was requested: #{check_uri.to_s}")
428       end
429     end
430
431     if tmpl == Rails.configuration.keep_web_download_url
432       # This takes us to keep-web's -attachment-only-host so there is
433       # no need to add ?disposition=attachment.
434       opts.delete :disposition
435     end
436
437     uri = URI.parse(tmpl % fmt)
438     uri.path += '/' unless uri.path.end_with? '/'
439     if opts[:path_token]
440       uri.path += 't=' + opts[:path_token] + '/'
441     end
442     uri.path += '_/'
443     uri.path += URI.escape(file)
444
445     query = Hash[URI.decode_www_form(uri.query || '')]
446     { query_token: 'api_token',
447       disposition: 'disposition' }.each do |opt, param|
448       if opts.include? opt
449         query[param] = opts[opt]
450       end
451     end
452     unless query.empty?
453       uri.query = URI.encode_www_form(query)
454     end
455
456     uri.to_s
457   end
458
459   # Note: several controller and integration tests rely on stubbing
460   # file_enumerator to return fake file content.
461   def file_enumerator opts
462     FileStreamer.new opts
463   end
464
465   class FileStreamer
466     include ArvadosApiClientHelper
467     def initialize(opts={})
468       @opts = opts
469     end
470     def each
471       return unless @opts[:uuid] && @opts[:file]
472
473       env = Hash[ENV].dup
474
475       require 'uri'
476       u = URI.parse(arvados_api_client.arvados_v1_base)
477       env['ARVADOS_API_HOST'] = "#{u.host}:#{u.port}"
478       env['ARVADOS_API_TOKEN'] = @opts[:arvados_api_token]
479       env['ARVADOS_API_HOST_INSECURE'] = "true" if Rails.configuration.arvados_insecure_https
480
481       bytesleft = @opts[:maxbytes].andand.to_i || 2**16
482       io = IO.popen([env, 'arv-get', "#{@opts[:uuid]}/#{@opts[:file]}"], 'rb')
483       while bytesleft > 0 && (buf = io.read([bytesleft, 2**16].min)) != nil
484         # shrink the bytesleft count, if we were given a maximum byte
485         # count to read
486         if @opts.include? :maxbytes
487           bytesleft = bytesleft - buf.length
488         end
489         yield buf
490       end
491       io.close
492       # "If ios is opened by IO.popen, close sets $?."
493       # http://www.ruby-doc.org/core-2.1.3/IO.html#method-i-close
494       Rails.logger.warn("#{@opts[:uuid]}/#{@opts[:file]}: #{$?}") if $? != 0
495     end
496   end
497 end