1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 require 'can_be_an_owner'
8 class Group < ArvadosModel
11 include CommonApiTemplate
15 # Posgresql JSONB columns should NOT be declared as serialized, Rails 5
16 # already know how to properly treat them.
17 attribute :properties, :jsonbHash, default: {}
19 validate :ensure_filesystem_compatible_name
20 after_create :invalidate_permissions_cache
21 after_update :maybe_invalidate_permissions_cache
22 before_create :assign_name
24 api_accessible :user, extend: :common do |t|
35 def ensure_filesystem_compatible_name
36 # project groups need filesystem-compatible names, but others
38 super if group_class == 'project'
41 def maybe_invalidate_permissions_cache
42 if trash_at_changed? or owner_uuid_changed?
43 # The group was added or removed from the trash.
46 # Determine the time this goes in the trash
47 # (or null, if it does not belong in the trash)
48 # Compute subtree to determine the time each subproject goes
50 # Remove groups that don't belong from trash
51 # Add/update groups that do belong in the trash
53 temptable = "group_subtree_#{rand(2**64).to_s(10)}"
54 ActiveRecord::Base.connection.exec_query %{
55 create temporary table #{temptable} on commit drop
56 as select * from project_subtree_with_trash_at($1, LEAST($2, $3)::timestamp)
60 [nil, TrashedGroup.find_by_group_uuid(self.owner_uuid).andand.trash_at],
63 ActiveRecord::Base.connection.exec_query %{
64 delete from trashed_groups where group_uuid in (select target_uuid from #{temptable} where trash_at is NULL);
67 ActiveRecord::Base.connection.exec_query %{
68 insert into trashed_groups (group_uuid, trash_at)
69 select target_uuid as group_uuid, trash_at from #{temptable} where trash_at is not NULL
70 on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at;
73 if uuid_changed? or owner_uuid_changed?
74 # This can change users' permissions on other groups as well as
76 invalidate_permissions_cache
80 def invalidate_permissions_cache
81 # Ensure a new group can be accessed by the appropriate users
82 # immediately after being created.
83 User.invalidate_permissions_cache self.async_permissions_update
87 if self.new_record? and (self.name.nil? or self.name.empty?)