require 'can_be_an_owner'
require 'trashable'
+require 'update_priorities'
class Group < ArvadosModel
include HasUuid
t.add :can_manage
end
+ # check if admins are allowed to make changes to the project, e.g. it
+ # isn't trashed or frozen.
+ def admin_change_permitted
+ !(FrozenGroup.where(uuid: self.uuid).any? || TrashedGroup.where(group_uuid: self.uuid).any?)
+ end
+
protected
def self.attributes_required_columns
super.merge(
'can_write' => ['owner_uuid', 'uuid'],
'can_manage' => ['owner_uuid', 'uuid'],
+ 'writable_by' => ['owner_uuid', 'uuid'],
)
end
"select target_uuid as group_uuid, trash_at from #{temptable} where trash_at is not NULL " +
"on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at",
"Group.update_trash.insert")
+ ActiveRecord::Base.connection.exec_query(
+ "select container_uuid from container_requests where " +
+ "owner_uuid in (select target_uuid from #{temptable}) and " +
+ "requesting_container_uuid is NULL and state = 'Committed' and container_uuid is not NULL",
+ "Group.update_trash.update_priorities").each do |container_uuid|
+ update_priorities container_uuid["container_uuid"]
+ end
end
def update_frozen
if self.owner_uuid != system_user_uuid
raise "Owner uuid for role must be system user"
end
- raise PermissionDeniedError unless current_user.can?(manage: uuid)
+ raise PermissionDeniedError.new("role group cannot be modified without can_manage permission") unless current_user.can?(manage: uuid)
true
else
super
end
end
+ def permission_to_create
+ if !super
+ return false
+ elsif group_class == "role" &&
+ !Rails.configuration.Users.CanCreateRoleGroups &&
+ !current_user.andand.is_admin
+ raise PermissionDeniedError.new("this cluster does not allow users to create role groups")
+ else
+ return true
+ end
+ end
+
def permission_to_update
if !super
return false
projects / arvados.git / blobdiff