16923: user/pass api_client is trusted by default
[arvados.git] / services / api / app / models / log.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 require 'audit_logs'
6
7 class Log < ArvadosModel
8   include HasUuid
9   include KindAndEtag
10   include CommonApiTemplate
11   serialize :properties, Hash
12   before_validation :set_default_event_at
13   after_save :send_notify
14   after_commit { AuditLogs.tidy_in_background }
15
16   api_accessible :user, extend: :common do |t|
17     t.add :id
18     t.add :object_uuid
19     t.add :object_owner_uuid
20     t.add :object_kind
21     t.add :event_at
22     t.add :event_type
23     t.add :summary
24     t.add :properties
25   end
26
27   def object_kind
28     if k = ArvadosModel::resource_class_for_uuid(object_uuid)
29       k.kind
30     end
31   end
32
33   def fill_object(thing)
34     self.object_uuid ||= thing.uuid
35     if respond_to? :object_owner_uuid=
36       # Skip this if the object_owner_uuid migration hasn't happened
37       # yet, i.e., we're in the process of migrating an old database.
38       self.object_owner_uuid = thing.owner_uuid
39     end
40     self.summary ||= "#{self.event_type} of #{thing.uuid}"
41     self
42   end
43
44   def fill_properties(age, etag_prop, attrs_prop)
45     self.properties.merge!({"#{age}_etag" => etag_prop,
46                              "#{age}_attributes" => attrs_prop})
47   end
48
49   def update_to(thing)
50     fill_properties('new', thing.andand.etag, thing.andand.logged_attributes)
51     case event_type
52     when "create"
53       self.event_at = thing.created_at
54     when "update"
55       self.event_at = thing.modified_at
56     when "delete"
57       self.event_at = db_current_time
58     end
59     self
60   end
61
62   def self.readable_by(*users_list)
63     if users_list.last.is_a? Hash
64       users_list.pop
65     end
66     if users_list.select { |u| u.is_admin }.any?
67       return self
68     end
69     user_uuids = users_list.map { |u| u.uuid }
70
71     joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
72       where("EXISTS(SELECT target_uuid FROM #{PERMISSION_VIEW} "+
73             "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND "+
74             "target_uuid IN (container_requests.uuid, container_requests.owner_uuid, logs.object_uuid, logs.owner_uuid, logs.object_owner_uuid))",
75             user_uuids: user_uuids)
76   end
77
78   protected
79
80   def permission_to_create
81     true
82   end
83
84   def permission_to_update
85     current_user.andand.is_admin
86   end
87
88   alias_method :permission_to_delete, :permission_to_update
89
90   def set_default_event_at
91     self.event_at ||= db_current_time
92   end
93
94   def log_start_state
95     # don't log start state on logs
96   end
97
98   def log_change(event_type)
99     # Don't log changes to logs.
100   end
101
102   def ensure_valid_uuids
103     # logs can have references to deleted objects
104   end
105
106   def send_notify
107     ActiveRecord::Base.connection.execute "NOTIFY logs, '#{self.id}'"
108   end
109 end