services/api/app/models/log.rb

   1 require 'audit_logs'
   2
   3 class Log < ArvadosModel
   4   include HasUuid
   5   include KindAndEtag
   6   include CommonApiTemplate
   7   serialize :properties, Hash
   8   before_validation :set_default_event_at
   9   after_save :send_notify
  10   after_commit { AuditLogs.tidy_in_background }
  11
  12   api_accessible :user, extend: :common do |t|
  13     t.add :id
  14     t.add :object_uuid
  15     t.add :object_owner_uuid
  16     t.add :object_kind
  17     t.add :event_at
  18     t.add :event_type
  19     t.add :summary
  20     t.add :properties
  21   end
  22
  23   def object_kind
  24     if k = ArvadosModel::resource_class_for_uuid(object_uuid)
  25       k.kind
  26     end
  27   end
  28
  29   def fill_object(thing)
  30     self.object_uuid ||= thing.uuid
  31     if respond_to? :object_owner_uuid=
  32       # Skip this if the object_owner_uuid migration hasn't happened
  33       # yet, i.e., we're in the process of migrating an old database.
  34       self.object_owner_uuid = thing.owner_uuid
  35     end
  36     self.summary ||= "#{self.event_type} of #{thing.uuid}"
  37     self
  38   end
  39
  40   def fill_properties(age, etag_prop, attrs_prop)
  41     self.properties.merge!({"#{age}_etag" => etag_prop,
  42                              "#{age}_attributes" => attrs_prop})
  43   end
  44
  45   def update_to(thing)
  46     fill_properties('new', thing.andand.etag, thing.andand.logged_attributes)
  47     case event_type
  48     when "create"
  49       self.event_at = thing.created_at
  50     when "update"
  51       self.event_at = thing.modified_at
  52     when "delete"
  53       self.event_at = db_current_time
  54     end
  55     self
  56   end
  57
  58   def self.readable_by(*users_list)
  59     if users_list.select { |u| u.is_admin }.any?
  60       return self
  61     end
  62     user_uuids = users_list.map { |u| u.uuid }
  63     uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
  64     uuid_list.uniq!
  65     permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
  66     joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
  67       where("logs.object_uuid IN #{permitted} OR "+
  68             "container_requests.uuid IN (:uuids) OR "+
  69             "container_requests.owner_uuid IN (:uuids) OR "+
  70             "logs.object_uuid IN (:uuids) OR "+
  71             "logs.owner_uuid IN (:uuids) OR "+
  72             "logs.object_owner_uuid IN (:uuids)",
  73             uuids: uuid_list)
  74   end
  75
  76   protected
  77
  78   def permission_to_create
  79     true
  80   end
  81
  82   def permission_to_update
  83     current_user.andand.is_admin
  84   end
  85
  86   alias_method :permission_to_delete, :permission_to_update
  87
  88   def set_default_event_at
  89     self.event_at ||= db_current_time
  90   end
  91
  92   def log_start_state
  93     # don't log start state on logs
  94   end
  95
  96   def log_change(event_type)
  97     # Don't log changes to logs.
  98   end
  99
 100   def ensure_valid_uuids
 101     # logs can have references to deleted objects
 102   end
 103
 104   def send_notify
 105     ActiveRecord::Base.connection.execute "NOTIFY logs, '#{self.id}'"
 106   end
 107 end