5416: Merge branch 'master' into 5416-arv-git-httpd
[arvados.git] / services / api / app / controllers / arvados / v1 / repositories_controller.rb
1 class Arvados::V1::RepositoriesController < ApplicationController
2   skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
3   skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
4   before_filter :admin_required, :only => :get_all_permissions
5   def get_all_permissions
6     @users = {}
7     User.includes(:authorized_keys).all.each do |u|
8       @users[u.uuid] = u
9     end
10     admins = @users.select { |k,v| v.is_admin }
11     @user_aks = {}
12     @repo_info = {}
13     @repos = Repository.includes(:permissions).all
14     @repos.each do |repo|
15       gitolite_permissions = ''
16       perms = []
17       repo.permissions.each do |perm|
18         if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
19           @users.each do |user_uuid, user|
20             user.group_permissions.each do |group_uuid, perm_mask|
21               if perm_mask[:manage]
22                 perms << {name: 'can_manage', user_uuid: user_uuid}
23               elsif perm_mask[:write]
24                 perms << {name: 'can_write', user_uuid: user_uuid}
25               elsif perm_mask[:read]
26                 perms << {name: 'can_read', user_uuid: user_uuid}
27               end
28             end
29           end
30         else
31           perms << {name: perm.name, user_uuid: perm.tail_uuid}
32         end
33       end
34       # Owner of the repository, and all admins, can RW
35       ([repo.owner_uuid] + admins.keys).each do |user_uuid|
36         perms << {name: 'can_write', user_uuid: user_uuid}
37       end
38       perms.each do |perm|
39         user_uuid = perm[:user_uuid]
40         @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
41           collect do |ak|
42           {
43             public_key: ak.public_key,
44             authorized_key_uuid: ak.uuid
45           }
46         end || []
47         if @user_aks[user_uuid].any?
48           @repo_info[repo.uuid] ||= {
49             uuid: repo.uuid,
50             name: repo.name,
51             push_url: repo.push_url,
52             fetch_url: repo.fetch_url,
53             user_permissions: {}
54           }
55           ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
56           ri[perm[:name]] = true
57         end
58       end
59     end
60     @repo_info.values.each do |repo_users|
61       repo_users[:user_permissions].each do |user_uuid,perms|
62         if perms['can_manage']
63           perms[:gitolite_permissions] = 'RW'
64           perms['can_write'] = true
65           perms['can_read'] = true
66         elsif perms['can_write']
67           perms[:gitolite_permissions] = 'RW'
68           perms['can_read'] = true
69         elsif perms['can_read']
70           perms[:gitolite_permissions] = 'R'
71         end
72       end
73     end
74     send_json(kind: 'arvados#RepositoryPermissionSnapshot',
75               repositories: @repo_info.values,
76               user_keys: @user_aks)
77   end
78 end