projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
When no limit is supplied, limit number of index results to 100.
[arvados.git] / app / controllers / application_controller.rb
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2b4fa7b6765110999729670de12580404ec5dbcb..738a07346b0008a86a8d77625e673977e88b8210 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -50,12 +50,13 @@ class ApplicationController < ActionController::Base
 
   def index
     @objects ||= model_class.
-      joins("LEFT JOIN metadata permissions ON permissions.tail=#{table_name}.uuid AND permissions.head=#{model_class.sanitize current_user.uuid} AND permissions.metadata_class='permission' AND permissions.name='visible_to'").
-      where("#{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head IS NOT NULL",
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid=#{model_class.sanitize current_user.uuid} AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+            true, current_user.is_admin,
             current_user.uuid, current_user.uuid)
     if params[:where]
       where = params[:where]
-      where = JSON.parse(where) if where.is_a?(String)
+      where = Oj.load(where) if where.is_a?(String)
       conditions = ['1=1']
       where.each do |attr,value|
         if (!value.nil? and
@@ -76,6 +77,16 @@ class ApplicationController < ActionController::Base
           where(*conditions)
       end
     end
+    if params[:limit]
+      begin
+        @objects = @objects.limit(params[:limit].to_i)
+      rescue
+        raise "invalid argument (limit)"
+      end
+    else
+      @objects = @objects.limit(100)
+    end
+    @objects.uniq!(&:id)
     if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != ''
       @objects.each(&:eager_load_associations)
     end
@@ -96,7 +107,7 @@ class ApplicationController < ActionController::Base
       raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) provided with request #{params.inspect}"
     end
     if @attrs.class == String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
     end
     @object = model_class.new @attrs
     @object.save
@@ -106,7 +117,7 @@ class ApplicationController < ActionController::Base
   def update
     @attrs = params[resource_name]
     if @attrs.is_a? String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
     end
     @object.update_attributes @attrs
     show
@@ -189,7 +200,7 @@ class ApplicationController < ActionController::Base
   def accept_attribute_as_json(attr, force_class)
     if params[resource_name].is_a? Hash
       if params[resource_name][attr].is_a? String
-        params[resource_name][attr] = JSON.parse params[resource_name][attr]
+        params[resource_name][attr] = Oj.load params[resource_name][attr]
         if force_class and !params[resource_name][attr].is_a? force_class
           raise TypeError.new("#{resource_name}[#{attr.to_s}] must be a #{force_class.to_s}")
         end