services/api/lib/current_api_client.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 $system_user = nil
   6 $system_group = nil
   7 $all_users_group = nil
   8 $anonymous_user = nil
   9 $anonymous_group = nil
  10 $anonymous_group_read_permission = nil
  11 $empty_collection = nil
  12
  13 module CurrentApiClient
  14   def current_user
  15     Thread.current[:user]
  16   end
  17
  18   def current_api_client
  19     Thread.current[:api_client]
  20   end
  21
  22   def current_api_client_authorization
  23     Thread.current[:api_client_authorization]
  24   end
  25
  26   def current_api_base
  27     Thread.current[:api_url_base]
  28   end
  29
  30   def current_default_owner
  31     # owner_uuid for newly created objects
  32     ((current_api_client_authorization &&
  33       current_api_client_authorization.default_owner_uuid) ||
  34      (current_user && current_user.default_owner_uuid) ||
  35      (current_user && current_user.uuid) ||
  36      nil)
  37   end
  38
  39   # Where is the client connecting from?
  40   def current_api_client_ip_address
  41     Thread.current[:api_client_ip_address]
  42   end
  43
  44   def system_user_uuid
  45     [Server::Application.config.uuid_prefix,
  46      User.uuid_prefix,
  47      '000000000000000'].join('-')
  48   end
  49
  50   def system_group_uuid
  51     [Server::Application.config.uuid_prefix,
  52      Group.uuid_prefix,
  53      '000000000000000'].join('-')
  54   end
  55
  56   def anonymous_group_uuid
  57     [Server::Application.config.uuid_prefix,
  58      Group.uuid_prefix,
  59      'anonymouspublic'].join('-')
  60   end
  61
  62   def anonymous_user_uuid
  63     [Server::Application.config.uuid_prefix,
  64      User.uuid_prefix,
  65      'anonymouspublic'].join('-')
  66   end
  67
  68   def system_user
  69     $system_user = check_cache $system_user do
  70       real_current_user = Thread.current[:user]
  71       begin
  72         Thread.current[:user] = User.new(is_admin: true,
  73                                          is_active: true,
  74                                          uuid: system_user_uuid)
  75         User.where(uuid: system_user_uuid).
  76           first_or_create!(is_active: true,
  77                            is_admin: true,
  78                            email: 'root',
  79                            first_name: 'root',
  80                            last_name: '')
  81       ensure
  82         Thread.current[:user] = real_current_user
  83       end
  84     end
  85   end
  86
  87   def system_group
  88     $system_group = check_cache $system_group do
  89       act_as_system_user do
  90         ActiveRecord::Base.transaction do
  91           Group.where(uuid: system_group_uuid).
  92             first_or_create!(name: "System group",
  93                              description: "System group") do |g|
  94             g.save!
  95             User.all.collect(&:uuid).each do |user_uuid|
  96               Link.create!(link_class: 'permission',
  97                            name: 'can_manage',
  98                            tail_uuid: system_group_uuid,
  99                            head_uuid: user_uuid)
 100             end
 101           end
 102         end
 103       end
 104     end
 105   end
 106
 107   def all_users_group_uuid
 108     [Server::Application.config.uuid_prefix,
 109      Group.uuid_prefix,
 110      'fffffffffffffff'].join('-')
 111   end
 112
 113   def all_users_group
 114     $all_users_group = check_cache $all_users_group do
 115       act_as_system_user do
 116         ActiveRecord::Base.transaction do
 117           Group.where(uuid: all_users_group_uuid).
 118             first_or_create!(name: "All users",
 119                              description: "All users",
 120                              group_class: "role")
 121         end
 122       end
 123     end
 124   end
 125
 126   def act_as_system_user
 127     if block_given?
 128       act_as_user system_user do
 129         yield
 130       end
 131     else
 132       Thread.current[:user] = system_user
 133     end
 134   end
 135
 136   def act_as_user user
 137     #auth_was = Thread.current[:api_client_authorization]
 138     user_was = Thread.current[:user]
 139     Thread.current[:user] = user
 140     #Thread.current[:api_client_authorization] = ApiClientAuthorization.
 141     #  where('user_id=? and scopes is null', user.id).
 142     #  order('expires_at desc').
 143     #  first
 144     begin
 145       yield
 146     ensure
 147       Thread.current[:user] = user_was
 148       #Thread.current[:api_client_authorization] = auth_was
 149     end
 150   end
 151
 152   def anonymous_group
 153     $anonymous_group = check_cache $anonymous_group do
 154       act_as_system_user do
 155         ActiveRecord::Base.transaction do
 156           Group.where(uuid: anonymous_group_uuid).
 157             first_or_create!(group_class: "role",
 158                              name: "Anonymous users",
 159                              description: "Anonymous users")
 160         end
 161       end
 162     end
 163   end
 164
 165   def anonymous_group_read_permission
 166     $anonymous_group_read_permission =
 167         check_cache $anonymous_group_read_permission do
 168       act_as_system_user do
 169         Link.where(tail_uuid: all_users_group.uuid,
 170                    head_uuid: anonymous_group.uuid,
 171                    link_class: "permission",
 172                    name: "can_read").first_or_create!
 173       end
 174     end
 175   end
 176
 177   def anonymous_user
 178     $anonymous_user = check_cache $anonymous_user do
 179       act_as_system_user do
 180         User.where(uuid: anonymous_user_uuid).
 181           first_or_create!(is_active: false,
 182                            is_admin: false,
 183                            email: 'anonymous',
 184                            first_name: 'Anonymous',
 185                            last_name: '') do |u|
 186           u.save!
 187           Link.where(tail_uuid: anonymous_user_uuid,
 188                      head_uuid: anonymous_group.uuid,
 189                      link_class: 'permission',
 190                      name: 'can_read').
 191             first_or_create!
 192         end
 193       end
 194     end
 195   end
 196
 197   def empty_collection_uuid
 198     'd41d8cd98f00b204e9800998ecf8427e+0'
 199   end
 200
 201   def empty_collection
 202     $empty_collection = check_cache $empty_collection do
 203       act_as_system_user do
 204         ActiveRecord::Base.transaction do
 205           Collection.
 206             where(portable_data_hash: empty_collection_uuid).
 207             first_or_create!(manifest_text: '', owner_uuid: anonymous_group.uuid)
 208         end
 209       end
 210     end
 211   end
 212
 213   private
 214
 215   # If the given value is nil, or the cache has been cleared since it
 216   # was set, yield. Otherwise, return the given value.
 217   def check_cache value
 218     if not Rails.env.test? and
 219         ActionController::Base.cache_store.is_a? ActiveSupport::Cache::FileStore and
 220         not File.owned? ActionController::Base.cache_store.cache_path
 221       # If we don't own the cache dir, we're probably
 222       # crunch-dispatch. Whoever we are, using this cache is likely to
 223       # either fail or screw up the cache for someone else. So we'll
 224       # just assume the $globals are OK to live forever.
 225       #
 226       # The reason for making the globals expire with the cache in the
 227       # first place is to avoid leaking state between test cases: in
 228       # production, we don't expect the database seeds to ever go away
 229       # even when the cache is cleared, so there's no particular
 230       # reason to expire our global variables.
 231     else
 232       Rails.cache.fetch "CurrentApiClient.$globals" do
 233         value = nil
 234         true
 235       end
 236     end
 237     return value unless value.nil?
 238     yield
 239   end
 240 end