class Arvados::V1::GroupsController < ApplicationController
include TrashableController
- skip_before_filter :find_object_by_uuid, only: :shared
- skip_before_filter :render_404_if_no_object, only: :shared
+ skip_before_action :find_object_by_uuid, only: :shared
+ skip_before_action :render_404_if_no_object, only: :shared
def self._index_requires_parameters
(super rescue {}).
})
end
+ def self._show_requires_parameters
+ (super rescue {}).
+ merge({
+ include_trash: {
+ type: 'boolean', required: false, description: "Show group/project even if its is_trashed attribute is true."
+ },
+ })
+ end
+
def self._contents_requires_parameters
params = _index_requires_parameters.
merge({
recursive: {
type: 'boolean', required: false, description: 'Include contents from child groups recursively.'
},
+ include: {
+ type: 'string', required: false, description: 'Include objects referred to by listed field in "included" (only owner_uuid)'
+ }
})
params.delete(:select)
params
end
+ def self._create_requires_parameters
+ super.merge(
+ {
+ async: {
+ required: false,
+ type: 'boolean',
+ location: 'query',
+ default: false,
+ description: 'defer permissions update'
+ }
+ }
+ )
+ end
+
+ def self._update_requires_parameters
+ super.merge(
+ {
+ async: {
+ required: false,
+ type: 'boolean',
+ location: 'query',
+ default: false,
+ description: 'defer permissions update'
+ }
+ }
+ )
+ end
+
+ def create
+ if params[:async]
+ @object = model_class.new(resource_attrs.merge({async_permissions_update: true}))
+ @object.save!
+ render_accepted
+ else
+ super
+ end
+ end
+
+ def update
+ if params[:async]
+ attrs_to_update = resource_attrs.reject { |k, v|
+ [:kind, :etag, :href].index k
+ }.merge({async_permissions_update: true})
+ @object.update_attributes!(attrs_to_update)
+ @object.save!
+ render_accepted
+ else
+ super
+ end
+ end
+
def render_404_if_no_object
if params[:action] == 'contents'
if !params[:uuid]
send_json(list)
end
- def exclude_home objectlist, klass
- # select records that are readable by current user AND
- # the owner_uuid is a user (but not the current user) OR
- # the owner_uuid is not readable by the current user
- # the owner_uuid is a group but group_class is not a project
-
- read_parent_check = if current_user.is_admin
- ""
- else
- "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
- "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR "
- end
-
- objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
- read_parent_check+
- "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')",
- user_uuid: current_user.uuid)
- end
-
def shared
# The purpose of this endpoint is to return the toplevel set of
# groups which are *not* reachable through a direct ownership
apply_where_limit_order_params
if params["include"] == "owner_uuid"
- owners = @objects.map(&:owner_uuid).to_a
+ owners = @objects.map(&:owner_uuid).to_set
@extra_included = []
[Group, User].each do |klass|
- @extra_included += klass.readable_by(*@read_users).where(uuid: owners).to_a
+ @extra_included += klass.readable_by(*@read_users).where(uuid: owners.to_a).to_a
end
end
table_names = Hash[klasses.collect { |k| [k, k.table_name] }]
- disabled_methods = Rails.configuration.disable_api_methods
+ disabled_methods = Rails.configuration.API.DisabledAPIs
avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')}
klasses = avail_klasses.keys
end
if params["include"] == "owner_uuid"
- owners = klass_object_list[:items].map {|i| i[:owner_uuid]}
+ owners = klass_object_list[:items].map {|i| i[:owner_uuid]}.to_set
[Group, User].each do |ownerklass|
- ownerklass.readable_by(*@read_users).where(uuid: owners).each do |ow|
+ ownerklass.readable_by(*@read_users).where(uuid: owners.to_a).each do |ow|
included_by_uuid[ow.uuid] = ow
end
end
@offset = offset_all
end
+ protected
+
+ def exclude_home objectlist, klass
+ # select records that are readable by current user AND
+ # the owner_uuid is a user (but not the current user) OR
+ # the owner_uuid is not readable by the current user
+ # the owner_uuid is a group but group_class is not a project
+
+ read_parent_check = if current_user.is_admin
+ ""
+ else
+ "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
+ "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR "
+ end
+
+ objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
+ read_parent_check+
+ "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')",
+ user_uuid: current_user.uuid)
+ end
+
end