services/api/lib/can_be_an_owner.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 # Protect referential integrity of owner_uuid columns in other tables
   6 # that can refer to the uuid column in this table.
   7
   8 module CanBeAnOwner
   9
  10   def self.included(base)
  11     base.extend(ClassMethods)
  12
  13     # Rails' "has_many" can prevent us from destroying the owner
  14     # record when other objects refer to it.
  15     ActiveRecord::Base.connection.tables.each do |t|
  16       next if t == base.table_name
  17       next if t == 'schema_migrations'
  18       next if t == 'permission_refresh_lock'
  19       next if t == 'ar_internal_metadata'
  20       next if t == 'commit_ancestors'
  21       next if t == 'commits'
  22       klass = t.classify.constantize
  23       next unless klass and 'owner_uuid'.in?(klass.columns.collect(&:name))
  24       base.has_many(t.to_sym,
  25                     foreign_key: :owner_uuid,
  26                     primary_key: :uuid,
  27                     dependent: :restrict_with_exception)
  28     end
  29     # We need custom protection for changing an owner's primary
  30     # key. (Apart from this restriction, admins are allowed to change
  31     # UUIDs.)
  32     base.validate :restrict_uuid_change_breaking_associations
  33   end
  34
  35   module ClassMethods
  36     def install_view(type)
  37       conn = ActiveRecord::Base.connection
  38       transaction do
  39         # Check whether the temporary view has already been created
  40         # during this connection. If not, create it.
  41         conn.exec_query "SAVEPOINT check_#{type}_view"
  42         begin
  43           conn.exec_query("SELECT 1 FROM #{type}_view LIMIT 0")
  44         rescue
  45           conn.exec_query "ROLLBACK TO SAVEPOINT check_#{type}_view"
  46           sql = File.read(Rails.root.join("lib", "create_#{type}_view.sql"))
  47           conn.exec_query(sql)
  48         ensure
  49           conn.exec_query "RELEASE SAVEPOINT check_#{type}_view"
  50         end
  51       end
  52     end
  53   end
  54
  55   def descendant_project_uuids
  56     self.class.install_view('ancestor')
  57     ActiveRecord::Base.connection.
  58       exec_query('SELECT ancestor_view.uuid
  59                   FROM ancestor_view
  60                   LEFT JOIN groups ON groups.uuid=ancestor_view.uuid
  61                   WHERE ancestor_uuid = $1 AND groups.group_class = $2',
  62                   # "name" arg is a query label that appears in logs:
  63                   "descendant_project_uuids for #{self.uuid}",
  64                   # "binds" arg is an array of [col_id, value] for '$1' vars:
  65                   [[nil, self.uuid], [nil, 'project']],
  66                   ).rows.map do |project_uuid,|
  67       project_uuid
  68     end
  69   end
  70
  71   protected
  72
  73   def restrict_uuid_change_breaking_associations
  74     return true if new_record? or not uuid_changed?
  75
  76     # Check for objects that have my old uuid listed as their owner.
  77     self.class.reflect_on_all_associations(:has_many).each do |assoc|
  78       next unless assoc.foreign_key == :owner_uuid
  79       if assoc.klass.where(owner_uuid: uuid_was).any?
  80         errors.add(:uuid,
  81                    "cannot be changed on a #{self.class} that owns objects")
  82         return false
  83       end
  84     end
  85
  86     # if I owned myself before, I'll just continue to own myself with
  87     # my new uuid.
  88     if owner_uuid == uuid_was
  89       self.owner_uuid = uuid
  90     end
  91   end
  92 end