services/api/lib/can_be_an_owner.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 # Protect referential integrity of owner_uuid columns in other tables
   6 # that can refer to the uuid column in this table.
   7
   8 module CanBeAnOwner
   9
  10   def self.included(base)
  11     base.extend(ClassMethods)
  12
  13     # Rails' "has_many" can prevent us from destroying the owner
  14     # record when other objects refer to it.
  15     ActiveRecord::Base.connection.tables.each do |t|
  16       next if t == base.table_name
  17       next if t == 'schema_migrations'
  18       next if t == 'permission_refresh_lock'
  19       klass = t.classify.constantize
  20       next unless klass and 'owner_uuid'.in?(klass.columns.collect(&:name))
  21       base.has_many(t.to_sym,
  22                     foreign_key: :owner_uuid,
  23                     primary_key: :uuid,
  24                     dependent: :restrict_with_exception)
  25     end
  26     # We need custom protection for changing an owner's primary
  27     # key. (Apart from this restriction, admins are allowed to change
  28     # UUIDs.)
  29     base.validate :restrict_uuid_change_breaking_associations
  30   end
  31
  32   module ClassMethods
  33     def install_view(type)
  34       conn = ActiveRecord::Base.connection
  35       transaction do
  36         # Check whether the temporary view has already been created
  37         # during this connection. If not, create it.
  38         conn.exec_query "SAVEPOINT check_#{type}_view"
  39         begin
  40           conn.exec_query("SELECT 1 FROM #{type}_view LIMIT 0")
  41         rescue
  42           conn.exec_query "ROLLBACK TO SAVEPOINT check_#{type}_view"
  43           sql = File.read(Rails.root.join("lib", "create_#{type}_view.sql"))
  44           conn.exec_query(sql)
  45         ensure
  46           conn.exec_query "RELEASE SAVEPOINT check_#{type}_view"
  47         end
  48       end
  49     end
  50   end
  51
  52   def descendant_project_uuids
  53     self.class.install_view('ancestor')
  54     ActiveRecord::Base.connection.
  55       exec_query('SELECT ancestor_view.uuid
  56                   FROM ancestor_view
  57                   LEFT JOIN groups ON groups.uuid=ancestor_view.uuid
  58                   WHERE ancestor_uuid = $1 AND groups.group_class = $2',
  59                   # "name" arg is a query label that appears in logs:
  60                   "descendant_project_uuids for #{self.uuid}",
  61                   # "binds" arg is an array of [col_id, value] for '$1' vars:
  62                   [[nil, self.uuid], [nil, 'project']],
  63                   ).rows.map do |project_uuid,|
  64       project_uuid
  65     end
  66   end
  67
  68   protected
  69
  70   def restrict_uuid_change_breaking_associations
  71     return true if new_record? or not uuid_changed?
  72
  73     # Check for objects that have my old uuid listed as their owner.
  74     self.class.reflect_on_all_associations(:has_many).each do |assoc|
  75       next unless assoc.foreign_key == :owner_uuid
  76       if assoc.klass.where(owner_uuid: uuid_was).any?
  77         errors.add(:uuid,
  78                    "cannot be changed on a #{self.class} that owns objects")
  79         return false
  80       end
  81     end
  82
  83     # if I owned myself before, I'll just continue to own myself with
  84     # my new uuid.
  85     if owner_uuid == uuid_was
  86       self.owner_uuid = uuid
  87     end
  88   end
  89 end