+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
require 'audit_logs'
class Log < ArvadosModel
end
def self.readable_by(*users_list)
+ if users_list.last.is_a? Hash
+ users_list.pop
+ end
if users_list.select { |u| u.is_admin }.any?
return self
end
user_uuids = users_list.map { |u| u.uuid }
- uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
- uuid_list.uniq!
- permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
+
joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
- where("logs.object_uuid IN #{permitted} OR "+
- "container_requests.uuid IN (:uuids) OR "+
- "container_requests.owner_uuid IN (:uuids) OR "+
- "logs.object_uuid IN (:uuids) OR "+
- "logs.owner_uuid IN (:uuids) OR "+
- "logs.object_owner_uuid IN (:uuids)",
- uuids: uuid_list)
+ where("EXISTS(SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+ "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND "+
+ "target_uuid IN (container_requests.uuid, container_requests.owner_uuid, logs.object_uuid, logs.owner_uuid, logs.object_owner_uuid))",
+ user_uuids: user_uuids)
end
protected
projects / arvados.git / blobdiff