services/api/lib/current_api_client.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 $system_user = nil
   6 $system_group = nil
   7 $all_users_group = nil
   8 $anonymous_user = nil
   9 $anonymous_group = nil
  10 $anonymous_group_read_permission = nil
  11 $empty_collection = nil
  12 $public_project_group = nil
  13 $public_project_group_read_permission = nil
  14
  15 module CurrentApiClient
  16   def current_user
  17     Thread.current[:user]
  18   end
  19
  20   def current_api_client
  21     Thread.current[:api_client]
  22   end
  23
  24   def current_api_client_authorization
  25     Thread.current[:api_client_authorization]
  26   end
  27
  28   def current_api_base
  29     Thread.current[:api_url_base]
  30   end
  31
  32   def current_default_owner
  33     # owner_uuid for newly created objects
  34     ((current_api_client_authorization &&
  35       current_api_client_authorization.default_owner_uuid) ||
  36      (current_user && current_user.default_owner_uuid) ||
  37      (current_user && current_user.uuid) ||
  38      nil)
  39   end
  40
  41   # Where is the client connecting from?
  42   def current_api_client_ip_address
  43     Thread.current[:api_client_ip_address]
  44   end
  45
  46   def system_user_uuid
  47     [Rails.configuration.ClusterID,
  48      User.uuid_prefix,
  49      '000000000000000'].join('-')
  50   end
  51
  52   def system_group_uuid
  53     [Rails.configuration.ClusterID,
  54      Group.uuid_prefix,
  55      '000000000000000'].join('-')
  56   end
  57
  58   def anonymous_group_uuid
  59     [Rails.configuration.ClusterID,
  60      Group.uuid_prefix,
  61      'anonymouspublic'].join('-')
  62   end
  63
  64   def anonymous_user_uuid
  65     [Rails.configuration.ClusterID,
  66      User.uuid_prefix,
  67      'anonymouspublic'].join('-')
  68   end
  69
  70   def public_project_uuid
  71     [Rails.configuration.ClusterID,
  72      Group.uuid_prefix,
  73      'publicfavorites'].join('-')
  74   end
  75
  76   def system_user
  77     $system_user = check_cache $system_user do
  78       real_current_user = Thread.current[:user]
  79       begin
  80         Thread.current[:user] = User.new(is_admin: true,
  81                                          is_active: true,
  82                                          uuid: system_user_uuid)
  83         User.where(uuid: system_user_uuid).
  84           first_or_create!(is_active: true,
  85                            is_admin: true,
  86                            email: 'root',
  87                            first_name: 'root',
  88                            last_name: '')
  89       ensure
  90         Thread.current[:user] = real_current_user
  91       end
  92     end
  93   end
  94
  95   def system_group
  96     $system_group = check_cache $system_group do
  97       act_as_system_user do
  98         ActiveRecord::Base.transaction do
  99           Group.where(uuid: system_group_uuid).
 100             first_or_create!(name: "System group",
 101                              description: "System group",
 102                              group_class: "role") do |g|
 103             g.save!
 104             User.all.collect(&:uuid).each do |user_uuid|
 105               Link.create!(link_class: 'permission',
 106                            name: 'can_manage',
 107                            tail_uuid: system_group_uuid,
 108                            head_uuid: user_uuid)
 109             end
 110           end
 111         end
 112       end
 113     end
 114   end
 115
 116   def all_users_group_uuid
 117     [Rails.configuration.ClusterID,
 118      Group.uuid_prefix,
 119      'fffffffffffffff'].join('-')
 120   end
 121
 122   def all_users_group
 123     $all_users_group = check_cache $all_users_group do
 124       act_as_system_user do
 125         ActiveRecord::Base.transaction do
 126           Group.where(uuid: all_users_group_uuid).
 127             first_or_create!(name: "All users",
 128                              description: "All users",
 129                              group_class: "role")
 130         end
 131       end
 132     end
 133   end
 134
 135   def act_as_system_user
 136     if block_given?
 137       act_as_user system_user do
 138         yield
 139       end
 140     else
 141       Thread.current[:user] = system_user
 142     end
 143   end
 144
 145   def act_as_user user
 146     user_was = Thread.current[:user]
 147     Thread.current[:user] = user
 148     begin
 149       yield
 150     ensure
 151       Thread.current[:user] = user_was
 152       if user_was
 153         user_was.forget_cached_group_perms
 154       end
 155     end
 156   end
 157
 158   def anonymous_group
 159     $anonymous_group = check_cache $anonymous_group do
 160       act_as_system_user do
 161         ActiveRecord::Base.transaction do
 162           Group.where(uuid: anonymous_group_uuid).
 163             first_or_create!(group_class: "role",
 164                              name: "Anonymous users",
 165                              description: "Anonymous users")
 166         end
 167       end
 168     end
 169   end
 170
 171   def anonymous_group_read_permission
 172     $anonymous_group_read_permission =
 173         check_cache $anonymous_group_read_permission do
 174       act_as_system_user do
 175         Link.where(tail_uuid: all_users_group.uuid,
 176                    head_uuid: anonymous_group.uuid,
 177                    link_class: "permission",
 178                    name: "can_read").first_or_create!
 179       end
 180     end
 181   end
 182
 183   def anonymous_user
 184     $anonymous_user = check_cache $anonymous_user do
 185       act_as_system_user do
 186         User.where(uuid: anonymous_user_uuid).
 187           first_or_create!(is_active: false,
 188                            is_admin: false,
 189                            email: 'anonymous',
 190                            first_name: 'Anonymous',
 191                            last_name: '') do |u|
 192           u.save!
 193           Link.where(tail_uuid: anonymous_user_uuid,
 194                      head_uuid: anonymous_group.uuid,
 195                      link_class: 'permission',
 196                      name: 'can_read').
 197             first_or_create!
 198         end
 199       end
 200     end
 201   end
 202
 203   def public_project_group
 204     $public_project_group = check_cache $public_project_group do
 205       act_as_system_user do
 206         ActiveRecord::Base.transaction do
 207           Group.where(uuid: public_project_uuid).
 208             first_or_create!(group_class: "project",
 209                              name: "Public favorites",
 210                              description: "Public favorites")
 211         end
 212       end
 213     end
 214   end
 215
 216   def public_project_read_permission
 217     $public_project_group_read_permission =
 218         check_cache $public_project_group_read_permission do
 219       act_as_system_user do
 220         Link.where(tail_uuid: anonymous_group.uuid,
 221                    head_uuid: public_project_group.uuid,
 222                    link_class: "permission",
 223                    name: "can_read").first_or_create!
 224       end
 225     end
 226   end
 227
 228   def anonymous_user_token_api_client
 229     $anonymous_user_token_api_client = check_cache $anonymous_user_token_api_client do
 230       act_as_system_user do
 231         ActiveRecord::Base.transaction do
 232           ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken")
 233         end
 234       end
 235     end
 236   end
 237
 238   def system_root_token_api_client
 239     $system_root_token_api_client = check_cache $system_root_token_api_client do
 240       act_as_system_user do
 241         ActiveRecord::Base.transaction do
 242           ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken")
 243         end
 244       end
 245     end
 246   end
 247
 248   def empty_collection_pdh
 249     'd41d8cd98f00b204e9800998ecf8427e+0'
 250   end
 251
 252   def empty_collection
 253     $empty_collection = check_cache $empty_collection do
 254       act_as_system_user do
 255         ActiveRecord::Base.transaction do
 256           Collection.
 257             where(portable_data_hash: empty_collection_pdh).
 258             first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c|
 259             c.save!
 260             Link.where(tail_uuid: anonymous_group.uuid,
 261                        head_uuid: c.uuid,
 262                        link_class: 'permission',
 263                        name: 'can_read').
 264                   first_or_create!
 265             c
 266           end
 267         end
 268       end
 269     end
 270   end
 271
 272   private
 273
 274   # If the given value is nil, or the cache has been cleared since it
 275   # was set, yield. Otherwise, return the given value.
 276   def check_cache value
 277     if not Rails.env.test? and
 278         ActionController::Base.cache_store.is_a? ActiveSupport::Cache::FileStore and
 279         not File.owned? ActionController::Base.cache_store.cache_path
 280       # If we don't own the cache dir, we're probably
 281       # crunch-dispatch. Whoever we are, using this cache is likely to
 282       # either fail or screw up the cache for someone else. So we'll
 283       # just assume the $globals are OK to live forever.
 284       #
 285       # The reason for making the globals expire with the cache in the
 286       # first place is to avoid leaking state between test cases: in
 287       # production, we don't expect the database seeds to ever go away
 288       # even when the cache is cleared, so there's no particular
 289       # reason to expire our global variables.
 290     else
 291       Rails.cache.fetch "CurrentApiClient.$globals" do
 292         value = nil
 293         true
 294       end
 295     end
 296     return value unless value.nil?
 297     yield
 298   end
 299 end