1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
10 $anonymous_group_read_permission = nil
11 $empty_collection = nil
12 $public_project_group = nil
13 $public_project_group_read_permission = nil
15 module CurrentApiClient
20 def current_api_client
21 Thread.current[:api_client]
24 def current_api_client_authorization
25 Thread.current[:api_client_authorization]
29 Thread.current[:api_url_base]
32 def current_default_owner
33 # owner_uuid for newly created objects
34 ((current_api_client_authorization &&
35 current_api_client_authorization.default_owner_uuid) ||
36 (current_user && current_user.default_owner_uuid) ||
37 (current_user && current_user.uuid) ||
41 # Where is the client connecting from?
42 def current_api_client_ip_address
43 Thread.current[:api_client_ip_address]
47 [Rails.configuration.ClusterID,
49 '000000000000000'].join('-')
53 [Rails.configuration.ClusterID,
55 '000000000000000'].join('-')
58 def anonymous_group_uuid
59 [Rails.configuration.ClusterID,
61 'anonymouspublic'].join('-')
64 def anonymous_user_uuid
65 [Rails.configuration.ClusterID,
67 'anonymouspublic'].join('-')
70 def public_project_uuid
71 [Rails.configuration.ClusterID,
73 'publicfavorites'].join('-')
77 $system_user = check_cache $system_user do
78 real_current_user = Thread.current[:user]
80 Thread.current[:user] = User.new(is_admin: true,
82 uuid: system_user_uuid)
83 User.where(uuid: system_user_uuid).
84 first_or_create!(is_active: true,
90 Thread.current[:user] = real_current_user
96 $system_group = check_cache $system_group do
98 ActiveRecord::Base.transaction do
99 Group.where(uuid: system_group_uuid).
100 first_or_create!(name: "System group",
101 description: "System group",
102 group_class: "role") do |g|
104 User.all.collect(&:uuid).each do |user_uuid|
105 Link.create!(link_class: 'permission',
107 tail_uuid: system_group_uuid,
108 head_uuid: user_uuid)
116 def all_users_group_uuid
117 [Rails.configuration.ClusterID,
119 'fffffffffffffff'].join('-')
123 $all_users_group = check_cache $all_users_group do
124 act_as_system_user do
125 ActiveRecord::Base.transaction do
126 Group.where(uuid: all_users_group_uuid).
127 first_or_create!(name: "All users",
128 description: "All users",
135 def act_as_system_user
137 act_as_user system_user do
141 Thread.current[:user] = system_user
146 user_was = Thread.current[:user]
147 Thread.current[:user] = user
151 Thread.current[:user] = user_was
153 user_was.forget_cached_group_perms
159 $anonymous_group = check_cache $anonymous_group do
160 act_as_system_user do
161 ActiveRecord::Base.transaction do
162 Group.where(uuid: anonymous_group_uuid).
163 first_or_create!(group_class: "role",
164 name: "Anonymous users",
165 description: "Anonymous users")
171 def anonymous_group_read_permission
172 $anonymous_group_read_permission =
173 check_cache $anonymous_group_read_permission do
174 act_as_system_user do
175 Link.where(tail_uuid: all_users_group.uuid,
176 head_uuid: anonymous_group.uuid,
177 link_class: "permission",
178 name: "can_read").first_or_create!
184 $anonymous_user = check_cache $anonymous_user do
185 act_as_system_user do
186 User.where(uuid: anonymous_user_uuid).
187 first_or_create!(is_active: false,
190 first_name: 'Anonymous',
191 last_name: '') do |u|
193 Link.where(tail_uuid: anonymous_user_uuid,
194 head_uuid: anonymous_group.uuid,
195 link_class: 'permission',
203 def public_project_group
204 $public_project_group = check_cache $public_project_group do
205 act_as_system_user do
206 ActiveRecord::Base.transaction do
207 Group.where(uuid: public_project_uuid).
208 first_or_create!(group_class: "project",
209 name: "Public favorites",
210 description: "Public favorites")
216 def public_project_read_permission
217 $public_project_group_read_permission =
218 check_cache $public_project_group_read_permission do
219 act_as_system_user do
220 Link.where(tail_uuid: anonymous_group.uuid,
221 head_uuid: public_project_group.uuid,
222 link_class: "permission",
223 name: "can_read").first_or_create!
228 def system_root_token_api_client
229 $system_root_token_api_client = check_cache $system_root_token_api_client do
230 act_as_system_user do
231 ActiveRecord::Base.transaction do
232 ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken")
238 def empty_collection_pdh
239 'd41d8cd98f00b204e9800998ecf8427e+0'
243 $empty_collection = check_cache $empty_collection do
244 act_as_system_user do
245 ActiveRecord::Base.transaction do
247 where(portable_data_hash: empty_collection_pdh).
248 first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c|
250 Link.where(tail_uuid: anonymous_group.uuid,
252 link_class: 'permission',
264 # If the given value is nil, or the cache has been cleared since it
265 # was set, yield. Otherwise, return the given value.
266 def check_cache value
267 if not Rails.env.test? and
268 ActionController::Base.cache_store.is_a? ActiveSupport::Cache::FileStore and
269 not File.owned? ActionController::Base.cache_store.cache_path
270 # If we don't own the cache dir, we're probably
271 # crunch-dispatch. Whoever we are, using this cache is likely to
272 # either fail or screw up the cache for someone else. So we'll
273 # just assume the $globals are OK to live forever.
275 # The reason for making the globals expire with the cache in the
276 # first place is to avoid leaking state between test cases: in
277 # production, we don't expect the database seeds to ever go away
278 # even when the cache is cleared, so there's no particular
279 # reason to expire our global variables.
281 Rails.cache.fetch "CurrentApiClient.$globals" do
286 return value unless value.nil?