Merge branch 'jszlenk/create_new_subproject' refs #21937
[arvados.git] / services / api / lib / current_api_client.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 module CurrentApiClient
6   def current_user
7     Thread.current[:user]
8   end
9
10   def current_api_client
11     Thread.current[:api_client]
12   end
13
14   def current_api_client_authorization
15     Thread.current[:api_client_authorization]
16   end
17
18   def current_api_base
19     Thread.current[:api_url_base]
20   end
21
22   # Where is the client connecting from?
23   def current_api_client_ip_address
24     Thread.current[:api_client_ip_address]
25   end
26
27   def system_user_uuid
28     [Rails.configuration.ClusterID,
29      User.uuid_prefix,
30      '000000000000000'].join('-')
31   end
32
33   def system_group_uuid
34     [Rails.configuration.ClusterID,
35      Group.uuid_prefix,
36      '000000000000000'].join('-')
37   end
38
39   def anonymous_group_uuid
40     [Rails.configuration.ClusterID,
41      Group.uuid_prefix,
42      'anonymouspublic'].join('-')
43   end
44
45   def anonymous_user_uuid
46     [Rails.configuration.ClusterID,
47      User.uuid_prefix,
48      'anonymouspublic'].join('-')
49   end
50
51   def public_project_uuid
52     [Rails.configuration.ClusterID,
53      Group.uuid_prefix,
54      'publicfavorites'].join('-')
55   end
56
57   def system_user
58     real_current_user = Thread.current[:user]
59     begin
60       Thread.current[:user] = User.new(is_admin: true,
61                                        is_active: true,
62                                        uuid: system_user_uuid)
63       $system_user = check_cache($system_user) do
64         User.where(uuid: system_user_uuid).
65           first_or_create!(is_active: true,
66                            is_admin: true,
67                            email: 'root',
68                            first_name: 'root',
69                            last_name: '')
70       end
71     ensure
72       Thread.current[:user] = real_current_user
73     end
74   end
75
76   def system_group
77     $system_group = check_cache($system_group) do
78       act_as_system_user do
79         ActiveRecord::Base.transaction do
80           Group.where(uuid: system_group_uuid).
81             first_or_create!(name: "System group",
82                              description: "System group",
83                              group_class: "role") do |g|
84             g.save!
85             User.all.collect(&:uuid).each do |user_uuid|
86               Link.create!(link_class: 'permission',
87                            name: 'can_manage',
88                            tail_uuid: system_group_uuid,
89                            head_uuid: user_uuid)
90             end
91           end
92         end
93       end
94     end
95   end
96
97   def all_users_group_uuid
98     [Rails.configuration.ClusterID,
99      Group.uuid_prefix,
100      'fffffffffffffff'].join('-')
101   end
102
103   def all_users_group
104     $all_users_group = check_cache($all_users_group) do
105       act_as_system_user do
106         ActiveRecord::Base.transaction do
107           Group.where(uuid: all_users_group_uuid).
108             first_or_create!(name: "All users",
109                              description: "All users",
110                              group_class: "role")
111         end
112       end
113     end
114   end
115
116   def act_as_system_user
117     if block_given?
118       act_as_user system_user do
119         yield
120       end
121     else
122       Thread.current[:user] = system_user
123     end
124   end
125
126   def act_as_user user
127     user_was = Thread.current[:user]
128     Thread.current[:user] = user
129     begin
130       yield
131     ensure
132       Thread.current[:user] = user_was
133       if user_was
134         user_was.forget_cached_group_perms
135       end
136     end
137   end
138
139   def anonymous_group
140     $anonymous_group = check_cache($anonymous_group) do
141       act_as_system_user do
142         ActiveRecord::Base.transaction do
143           Group.where(uuid: anonymous_group_uuid).
144             first_or_create!(group_class: "role",
145                              name: "Anonymous users",
146                              description: "Anonymous users")
147         end
148       end
149     end
150   end
151
152   def anonymous_group_read_permission
153     $anonymous_group_read_permission = check_cache($anonymous_group_read_permission) do
154       act_as_system_user do
155         Link.where(tail_uuid: all_users_group.uuid,
156                    head_uuid: anonymous_group.uuid,
157                    link_class: "permission",
158                    name: "can_read").first_or_create!
159       end
160     end
161   end
162
163   def anonymous_user
164     $anonymous_user = check_cache($anonymous_user) do
165       act_as_system_user do
166         User.where(uuid: anonymous_user_uuid).
167           first_or_create!(is_active: false,
168                            is_admin: false,
169                            email: 'anonymous',
170                            first_name: 'Anonymous',
171                            last_name: '') do |u|
172           u.save!
173           Link.where(tail_uuid: anonymous_user_uuid,
174                      head_uuid: anonymous_group.uuid,
175                      link_class: 'permission',
176                      name: 'can_read').
177             first_or_create!
178         end
179       end
180     end
181   end
182
183   def public_project_group
184     $public_project_group = check_cache($public_project_group) do
185       act_as_system_user do
186         ActiveRecord::Base.transaction do
187           Group.where(uuid: public_project_uuid).
188             first_or_create!(group_class: "project",
189                              name: "Public favorites",
190                              description: "Public favorites")
191         end
192       end
193     end
194   end
195
196   def public_project_read_permission
197     $public_project_group_read_permission = check_cache($public_project_group_read_permission) do
198       act_as_system_user do
199         Link.where(tail_uuid: anonymous_group.uuid,
200                    head_uuid: public_project_group.uuid,
201                    link_class: "permission",
202                    name: "can_read").first_or_create!
203       end
204     end
205   end
206
207   def anonymous_user_token_api_client
208     $anonymous_user_token_api_client = check_cache($anonymous_user_token_api_client) do
209       act_as_system_user do
210         ActiveRecord::Base.transaction do
211           ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken")
212         end
213       end
214     end
215   end
216
217   def system_root_token_api_client
218     $system_root_token_api_client = check_cache($system_root_token_api_client) do
219       act_as_system_user do
220         ActiveRecord::Base.transaction do
221           ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken")
222         end
223       end
224     end
225   end
226
227   def empty_collection_pdh
228     'd41d8cd98f00b204e9800998ecf8427e+0'
229   end
230
231   def empty_collection
232     $empty_collection = check_cache($empty_collection) do
233       act_as_system_user do
234         ActiveRecord::Base.transaction do
235           Collection.
236             where(portable_data_hash: empty_collection_pdh).
237             first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c|
238             c.save!
239             Link.where(tail_uuid: anonymous_group.uuid,
240                        head_uuid: c.uuid,
241                        link_class: 'permission',
242                        name: 'can_read').
243                   first_or_create!
244             c
245           end
246         end
247       end
248     end
249   end
250
251   # Purge the module globals if necessary. If the cached value is
252   # non-nil and the globals weren't purged, return the cached
253   # value. Otherwise, call the block.
254   #
255   # Purge is only done in test mode.
256   def check_cache(cached)
257     if Rails.env != 'test'
258       return (cached || yield)
259     end
260     t = Rails.cache.fetch "CurrentApiClient.$system_globals_reset" do
261       Time.now.to_f
262     end
263     if t != $system_globals_reset
264       reset_system_globals(t)
265       yield
266     else
267       cached || yield
268     end
269   end
270
271   def reset_system_globals(t)
272     $system_globals_reset = t
273     $system_user = nil
274     $system_group = nil
275     $all_users_group = nil
276     $anonymous_group = nil
277     $anonymous_group_read_permission = nil
278     $anonymous_user = nil
279     $public_project_group = nil
280     $public_project_group_read_permission = nil
281     $anonymous_user_token_api_client = nil
282     $system_root_token_api_client = nil
283     $empty_collection = nil
284   end
285   module_function :reset_system_globals
286 end
287
288 CurrentApiClient.reset_system_globals(0)