services/api/lib/current_api_client.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 module CurrentApiClient
   6   def current_user
   7     Thread.current[:user]
   8   end
   9
  10   def current_api_client_authorization
  11     Thread.current[:api_client_authorization]
  12   end
  13
  14   def current_api_base
  15     Thread.current[:api_url_base]
  16   end
  17
  18   # Where is the client connecting from?
  19   def current_api_client_ip_address
  20     Thread.current[:api_client_ip_address]
  21   end
  22
  23   def system_user_uuid
  24     [Rails.configuration.ClusterID,
  25      User.uuid_prefix,
  26      '000000000000000'].join('-')
  27   end
  28
  29   def system_group_uuid
  30     [Rails.configuration.ClusterID,
  31      Group.uuid_prefix,
  32      '000000000000000'].join('-')
  33   end
  34
  35   def anonymous_group_uuid
  36     [Rails.configuration.ClusterID,
  37      Group.uuid_prefix,
  38      'anonymouspublic'].join('-')
  39   end
  40
  41   def anonymous_user_uuid
  42     [Rails.configuration.ClusterID,
  43      User.uuid_prefix,
  44      'anonymouspublic'].join('-')
  45   end
  46
  47   def public_project_uuid
  48     [Rails.configuration.ClusterID,
  49      Group.uuid_prefix,
  50      'publicfavorites'].join('-')
  51   end
  52
  53   def system_user
  54     real_current_user = Thread.current[:user]
  55     begin
  56       Thread.current[:user] = User.new(is_admin: true,
  57                                        is_active: true,
  58                                        uuid: system_user_uuid)
  59       $system_user = check_cache($system_user) do
  60         User.where(uuid: system_user_uuid).
  61           first_or_create!(is_active: true,
  62                            is_admin: true,
  63                            email: 'root',
  64                            first_name: 'root',
  65                            last_name: '')
  66       end
  67     ensure
  68       Thread.current[:user] = real_current_user
  69     end
  70   end
  71
  72   def system_group
  73     $system_group = check_cache($system_group) do
  74       act_as_system_user do
  75         ActiveRecord::Base.transaction do
  76           Group.where(uuid: system_group_uuid).
  77             first_or_create!(name: "System group",
  78                              description: "System group",
  79                              group_class: "role") do |g|
  80             g.save!
  81             User.all.collect(&:uuid).each do |user_uuid|
  82               Link.create!(link_class: 'permission',
  83                            name: 'can_manage',
  84                            tail_uuid: system_group_uuid,
  85                            head_uuid: user_uuid)
  86             end
  87           end
  88         end
  89       end
  90     end
  91   end
  92
  93   def all_users_group_uuid
  94     [Rails.configuration.ClusterID,
  95      Group.uuid_prefix,
  96      'fffffffffffffff'].join('-')
  97   end
  98
  99   def all_users_group
 100     $all_users_group = check_cache($all_users_group) do
 101       act_as_system_user do
 102         ActiveRecord::Base.transaction do
 103           Group.where(uuid: all_users_group_uuid).
 104             first_or_create!(name: "All users",
 105                              description: "All users",
 106                              group_class: "role")
 107         end
 108       end
 109     end
 110   end
 111
 112   def act_as_system_user
 113     if block_given?
 114       act_as_user system_user do
 115         yield
 116       end
 117     else
 118       Thread.current[:user] = system_user
 119     end
 120   end
 121
 122   def act_as_user user
 123     user_was = Thread.current[:user]
 124     Thread.current[:user] = user
 125     begin
 126       yield
 127     ensure
 128       Thread.current[:user] = user_was
 129       if user_was
 130         user_was.forget_cached_group_perms
 131       end
 132     end
 133   end
 134
 135   def anonymous_group
 136     $anonymous_group = check_cache($anonymous_group) do
 137       act_as_system_user do
 138         ActiveRecord::Base.transaction do
 139           Group.where(uuid: anonymous_group_uuid).
 140             first_or_create!(group_class: "role",
 141                              name: "Anonymous users",
 142                              description: "Anonymous users")
 143         end
 144       end
 145     end
 146   end
 147
 148   def anonymous_group_read_permission
 149     $anonymous_group_read_permission = check_cache($anonymous_group_read_permission) do
 150       act_as_system_user do
 151         Link.where(tail_uuid: all_users_group.uuid,
 152                    head_uuid: anonymous_group.uuid,
 153                    link_class: "permission",
 154                    name: "can_read").first_or_create!
 155       end
 156     end
 157   end
 158
 159   def anonymous_user
 160     $anonymous_user = check_cache($anonymous_user) do
 161       act_as_system_user do
 162         User.where(uuid: anonymous_user_uuid).
 163           first_or_create!(is_active: false,
 164                            is_admin: false,
 165                            email: 'anonymous',
 166                            first_name: 'Anonymous',
 167                            last_name: '') do |u|
 168           u.save!
 169           Link.where(tail_uuid: anonymous_user_uuid,
 170                      head_uuid: anonymous_group.uuid,
 171                      link_class: 'permission',
 172                      name: 'can_read').
 173             first_or_create!
 174         end
 175       end
 176     end
 177   end
 178
 179   def public_project_group
 180     $public_project_group = check_cache($public_project_group) do
 181       act_as_system_user do
 182         ActiveRecord::Base.transaction do
 183           Group.where(uuid: public_project_uuid).
 184             first_or_create!(group_class: "project",
 185                              name: "Public favorites",
 186                              description: "Public favorites")
 187         end
 188       end
 189     end
 190   end
 191
 192   def public_project_read_permission
 193     $public_project_group_read_permission = check_cache($public_project_group_read_permission) do
 194       act_as_system_user do
 195         Link.where(tail_uuid: anonymous_group.uuid,
 196                    head_uuid: public_project_group.uuid,
 197                    link_class: "permission",
 198                    name: "can_read").first_or_create!
 199       end
 200     end
 201   end
 202
 203   def empty_collection_pdh
 204     'd41d8cd98f00b204e9800998ecf8427e+0'
 205   end
 206
 207   def empty_collection
 208     $empty_collection = check_cache($empty_collection) do
 209       act_as_system_user do
 210         ActiveRecord::Base.transaction do
 211           Collection.
 212             where(portable_data_hash: empty_collection_pdh).
 213             first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c|
 214             c.save!
 215             Link.where(tail_uuid: anonymous_group.uuid,
 216                        head_uuid: c.uuid,
 217                        link_class: 'permission',
 218                        name: 'can_read').
 219                   first_or_create!
 220             c
 221           end
 222         end
 223       end
 224     end
 225   end
 226
 227   # Purge the module globals if necessary. If the cached value is
 228   # non-nil and the globals weren't purged, return the cached
 229   # value. Otherwise, call the block.
 230   #
 231   # Purge is only done in test mode.
 232   def check_cache(cached)
 233     if Rails.env != 'test'
 234       return (cached || yield)
 235     end
 236     t = Rails.cache.fetch "CurrentApiClient.$system_globals_reset" do
 237       Time.now.to_f
 238     end
 239     if t != $system_globals_reset
 240       reset_system_globals(t)
 241       yield
 242     else
 243       cached || yield
 244     end
 245   end
 246
 247   def reset_system_globals(t)
 248     $system_globals_reset = t
 249     $system_user = nil
 250     $system_group = nil
 251     $all_users_group = nil
 252     $anonymous_group = nil
 253     $anonymous_group_read_permission = nil
 254     $anonymous_user = nil
 255     $public_project_group = nil
 256     $public_project_group_read_permission = nil
 257     $empty_collection = nil
 258   end
 259   module_function :reset_system_globals
 260 end
 261
 262 CurrentApiClient.reset_system_globals(0)