projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '13647-load-old-config'
[arvados.git] / services / api / app / controllers / arvados / v1 / groups_controller.rb
diff --git a/services/api/app/controllers/arvados/v1/groups_controller.rb b/services/api/app/controllers/arvados/v1/groups_controller.rb
index 83314fb38b8bfd16050c67d98ee9e15bd89bbf34..d502d5a698e647c7806a6be0ff5497aa6b0f43a8 100644 (file)
--- a/services/api/app/controllers/arvados/v1/groups_controller.rb
+++ b/services/api/app/controllers/arvados/v1/groups_controller.rb
@@ -7,8 +7,8 @@ require "trashable"
 class Arvados::V1::GroupsController < ApplicationController
   include TrashableController
 
-  skip_before_filter :find_object_by_uuid, only: :shared
-  skip_before_filter :render_404_if_no_object, only: :shared
+  skip_before_action :find_object_by_uuid, only: :shared
+  skip_before_action :render_404_if_no_object, only: :shared
 
   def self._index_requires_parameters
     (super rescue {}).
@@ -19,6 +19,15 @@ class Arvados::V1::GroupsController < ApplicationController
       })
   end
 
+  def self._show_requires_parameters
+    (super rescue {}).
+      merge({
+        include_trash: {
+          type: 'boolean', required: false, description: "Show group/project even if its is_trashed attribute is true."
+        },
+      })
+  end
+
   def self._contents_requires_parameters
     params = _index_requires_parameters.
       merge({
@@ -28,11 +37,65 @@ class Arvados::V1::GroupsController < ApplicationController
               recursive: {
                 type: 'boolean', required: false, description: 'Include contents from child groups recursively.'
               },
+              include: {
+                type: 'string', required: false, description: 'Include objects referred to by listed field in "included" (only owner_uuid)'
+              }
             })
     params.delete(:select)
     params
   end
 
+  def self._create_requires_parameters
+    super.merge(
+      {
+        async: {
+          required: false,
+          type: 'boolean',
+          location: 'query',
+          default: false,
+          description: 'defer permissions update'
+        }
+      }
+    )
+  end
+
+  def self._update_requires_parameters
+    super.merge(
+      {
+        async: {
+          required: false,
+          type: 'boolean',
+          location: 'query',
+          default: false,
+          description: 'defer permissions update'
+        }
+      }
+    )
+  end
+
+  def create
+    if params[:async]
+      @object = model_class.new(resource_attrs.merge({async_permissions_update: true}))
+      @object.save!
+      render_accepted
+    else
+      super
+    end
+  end
+
+  def update
+    if params[:async]
+      attrs_to_update = resource_attrs.reject { |k, v|
+        [:kind, :etag, :href].index k
+      }.merge({async_permissions_update: true})
+      @object.update_attributes!(attrs_to_update)
+      @object.save!
+      render_accepted
+    else
+      super
+    end
+  end
+
   def render_404_if_no_object
     if params[:action] == 'contents'
       if !params[:uuid]
@@ -70,25 +133,6 @@ class Arvados::V1::GroupsController < ApplicationController
     send_json(list)
   end
 
-  def exclude_home objectlist, klass
-    # select records that are readable by current user AND
-    #   the owner_uuid is a user (but not the current user) OR
-    #   the owner_uuid is not readable by the current user
-    #   the owner_uuid is a group but group_class is not a project
-
-    read_parent_check = if current_user.is_admin
-                          ""
-                        else
-                          "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
-                            "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR "
-                        end
-
-    objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
-                     read_parent_check+
-                     "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')",
-                     user_uuid: current_user.uuid)
-  end
-
   def shared
     # The purpose of this endpoint is to return the toplevel set of
     # groups which are *not* reachable through a direct ownership
@@ -112,10 +156,10 @@ class Arvados::V1::GroupsController < ApplicationController
     apply_where_limit_order_params
 
     if params["include"] == "owner_uuid"
-      owners = @objects.map(&:owner_uuid).to_a
+      owners = @objects.map(&:owner_uuid).to_set
       @extra_included = []
       [Group, User].each do |klass|
-        @extra_included += klass.readable_by(*@read_users).where(uuid: owners).to_a
+        @extra_included += klass.readable_by(*@read_users).where(uuid: owners.to_a).to_a
       end
     end
 
@@ -159,7 +203,7 @@ class Arvados::V1::GroupsController < ApplicationController
 
     table_names = Hash[klasses.collect { |k| [k, k.table_name] }]
 
-    disabled_methods = Rails.configuration.disable_api_methods
+    disabled_methods = Rails.configuration.API.DisabledAPIs
     avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')}
     klasses = avail_klasses.keys
 
@@ -263,9 +307,9 @@ class Arvados::V1::GroupsController < ApplicationController
       end
 
       if params["include"] == "owner_uuid"
-        owners = klass_object_list[:items].map {|i| i[:owner_uuid]}
+        owners = klass_object_list[:items].map {|i| i[:owner_uuid]}.to_set
         [Group, User].each do |ownerklass|
-          ownerklass.readable_by(*@read_users).where(uuid: owners).each do |ow|
+          ownerklass.readable_by(*@read_users).where(uuid: owners.to_a).each do |ow|
             included_by_uuid[ow.uuid] = ow
           end
         end
@@ -281,4 +325,25 @@ class Arvados::V1::GroupsController < ApplicationController
     @offset = offset_all
   end
 
+  protected
+
+  def exclude_home objectlist, klass
+    # select records that are readable by current user AND
+    #   the owner_uuid is a user (but not the current user) OR
+    #   the owner_uuid is not readable by the current user
+    #   the owner_uuid is a group but group_class is not a project
+
+    read_parent_check = if current_user.is_admin
+                          ""
+                        else
+                          "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
+                            "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR "
+                        end
+
+    objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
+                     read_parent_check+
+                     "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')",
+                     user_uuid: current_user.uuid)
+  end
+
 end