services/api/app/controllers/arvados/v1/users_controller.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 class Arvados::V1::UsersController < ApplicationController
   6   accept_attribute_as_json :prefs, Hash
   7
   8   skip_before_filter :find_object_by_uuid, only:
   9     [:activate, :current, :system, :setup]
  10   skip_before_filter :render_404_if_no_object, only:
  11     [:activate, :current, :system, :setup]
  12   before_filter :admin_required, only: [:setup, :unsetup]
  13
  14   def current
  15     if current_user
  16       @object = current_user
  17       show
  18     else
  19       send_error("Not logged in", status: 401)
  20     end
  21   end
  22
  23   def system
  24     @object = system_user
  25     show
  26   end
  27
  28   def activate
  29     if current_user.andand.is_admin && params[:uuid]
  30       @object = User.find params[:uuid]
  31     else
  32       @object = current_user
  33     end
  34     if not @object.is_active
  35       if not (current_user.is_admin or @object.is_invited)
  36         logger.warn "User #{@object.uuid} called users.activate " +
  37           "but is not invited"
  38         raise ArgumentError.new "Cannot activate without being invited."
  39       end
  40       act_as_system_user do
  41         required_uuids = Link.where("owner_uuid = ? and link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
  42                                     system_user_uuid,
  43                                     'signature',
  44                                     'require',
  45                                     system_user_uuid,
  46                                     Collection.uuid_like_pattern).
  47           collect(&:head_uuid)
  48         signed_uuids = Link.where(owner_uuid: system_user_uuid,
  49                                   link_class: 'signature',
  50                                   name: 'click',
  51                                   tail_uuid: @object.uuid,
  52                                   head_uuid: required_uuids).
  53           collect(&:head_uuid)
  54         todo_uuids = required_uuids - signed_uuids
  55         if todo_uuids.empty?
  56           @object.update_attributes is_active: true
  57           logger.info "User #{@object.uuid} activated"
  58         else
  59           logger.warn "User #{@object.uuid} called users.activate " +
  60             "before signing agreements #{todo_uuids.inspect}"
  61           raise ArvadosModel::PermissionDeniedError.new \
  62           "Cannot activate without user agreements #{todo_uuids.inspect}."
  63         end
  64       end
  65     end
  66     show
  67   end
  68
  69   # create user object and all the needed links
  70   def setup
  71     if params[:uuid]
  72       @object = User.find_by_uuid(params[:uuid])
  73       if !@object
  74         return render_404_if_no_object
  75       end
  76     elsif !params[:user]
  77       raise ArgumentError.new "Required uuid or user"
  78     elsif !params[:user]['email']
  79       raise ArgumentError.new "Require user email"
  80     elsif !params[:openid_prefix]
  81       raise ArgumentError.new "Required openid_prefix parameter is missing."
  82     else
  83       @object = model_class.create! resource_attrs
  84     end
  85
  86     # It's not always possible for the client to know the user's
  87     # username when submitting this request: the username might have
  88     # been assigned automatically in create!() above. If client
  89     # provided a plain repository name, prefix it with the username
  90     # now that we know what it is.
  91     if params[:repo_name].nil?
  92       full_repo_name = nil
  93     elsif @object.username.nil?
  94       raise ArgumentError.
  95         new("cannot setup a repository because user has no username")
  96     elsif params[:repo_name].index("/")
  97       full_repo_name = params[:repo_name]
  98     else
  99       full_repo_name = "#{@object.username}/#{params[:repo_name]}"
 100     end
 101
 102     @response = @object.setup(repo_name: full_repo_name,
 103                               vm_uuid: params[:vm_uuid],
 104                               openid_prefix: params[:openid_prefix])
 105
 106     # setup succeeded. send email to user
 107     if params[:send_notification_email]
 108       UserNotifier.account_is_setup(@object).deliver_now
 109     end
 110
 111     send_json kind: "arvados#HashList", items: @response.as_api_response(nil)
 112   end
 113
 114   # delete user agreements, vm, repository, login links; set state to inactive
 115   def unsetup
 116     reload_object_before_update
 117     @object.unsetup
 118     show
 119   end
 120
 121   protected
 122
 123   def self._setup_requires_parameters
 124     {
 125       user: {
 126         type: 'object', required: false
 127       },
 128       openid_prefix: {
 129         type: 'string', required: false
 130       },
 131       repo_name: {
 132         type: 'string', required: false
 133       },
 134       vm_uuid: {
 135         type: 'string', required: false
 136       },
 137       send_notification_email: {
 138         type: 'boolean', required: false, default: false
 139       },
 140     }
 141   end
 142
 143   def apply_filters(model_class=nil)
 144     return super if @read_users.any?(&:is_admin)
 145     if params[:uuid] != current_user.andand.uuid
 146       # Non-admin index/show returns very basic information about readable users.
 147       safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name"]
 148       if @select
 149         @select = @select & safe_attrs
 150       else
 151         @select = safe_attrs
 152       end
 153       @filters += [['is_active', '=', true]]
 154     end
 155     super
 156   end
 157 end