projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add per-user and per-session default_owner. refs #1415
[arvados.git] / app / controllers / application_controller.rb
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74e277f14ccda55e53fbb9eb9f7757b52dd09e54..86bebcd103d1da8a00f9540f3c7f12e9c73f2504 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,12 +4,13 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
   before_filter :uncamelcase_params_hash_keys
   around_filter :thread_with_auth_info, :except => [:render_error, :render_not_found]
-  before_filter :find_object_by_uuid, :except => :index
+  before_filter :find_object_by_uuid, :except => [:index, :create]
 
   before_filter :remote_ip
   before_filter :login_required, :except => :render_not_found
 
   before_filter :catch_redirect_hint
+  attr_accessor :resource_attrs
 
   def catch_redirect_hint
     if !current_user
@@ -49,13 +50,18 @@ class ApplicationController < ActionController::Base
   end
 
   def index
+    uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
+    sanitized_uuid_list = uuid_list.
+      collect { |uuid| model_class.sanitize(uuid) }.join(', ')
     @objects ||= model_class.
-      joins("LEFT JOIN metadata permissions ON permissions.tail=#{table_name}.uuid AND permissions.head=#{model_class.sanitize current_user.uuid} AND permissions.metadata_class='permission' AND permissions.name='visible_to'").
-      where("#{table_name}.created_by_user=? OR #{table_name}.uuid=? OR permissions.head IS NOT NULL",
-            current_user.uuid, current_user.uuid)
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+            true, current_user.is_admin,
+            uuid_list,
+            current_user.uuid)
     if params[:where]
       where = params[:where]
-      where = JSON.parse(where) if where.is_a?(String)
+      where = Oj.load(where) if where.is_a?(String)
       conditions = ['1=1']
       where.each do |attr,value|
         if (!value.nil? and
@@ -68,6 +74,11 @@ class ApplicationController < ActionController::Base
             conditions[0] << " and #{table_name}.#{attr}=?"
             conditions << value
           end
+        elsif (!value.nil? and attr == 'any' and
+          value.is_a?(Array) and value[0] == 'contains' and
+          model_class.columns.collect(&:name).index('name')) then
+            conditions[0] << " and #{table_name}.name ilike ?"
+            conditions << "%#{value[1]}%"
         end
       end
       if conditions.length > 1
@@ -76,6 +87,17 @@ class ApplicationController < ActionController::Base
           where(*conditions)
       end
     end
+    if params[:limit]
+      begin
+        @objects = @objects.limit(params[:limit].to_i)
+      rescue
+        raise "invalid argument (limit)"
+      end
+    else
+      @objects = @objects.limit(100)
+    end
+    @objects = @objects.order('modified_at desc')
+    @objects.uniq!(&:id)
     if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != ''
       @objects.each(&:eager_load_associations)
     end
@@ -91,29 +113,33 @@ class ApplicationController < ActionController::Base
   end
 
   def create
-    @attrs = params[resource_name]
-    if @attrs.nil?
-      raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) provided with request #{params.inspect}"
-    end
-    if @attrs.class == String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
-    end
-    @object = model_class.new @attrs
+    @object = model_class.new resource_attrs
     @object.save
     show
   end
 
   def update
-    @attrs = params[resource_name]
-    if @attrs.is_a? String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
-    end
-    @object.update_attributes @attrs
+    @object.update_attributes resource_attrs
     show
   end
 
   protected
 
+  def resource_attrs
+    return @attrs if @attrs
+    @attrs = params[resource_name]
+    if @attrs.is_a? String
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
+    end
+    if @attrs.nil?
+      raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) provided with request #{params.inspect}"
+    end
+    %w(created_at modified_by_client modified_by_user modified_at).each do |x|
+      @attrs.delete x
+    end
+    @attrs
+  end
+
   # Authentication
   def login_required
     if !current_user
@@ -122,7 +148,7 @@ class ApplicationController < ActionController::Base
           redirect_to '/auth/joshid'
         }
         format.json {
-          render :json => { 'error' => 'Not logged in' }.to_json
+          render :json => { errors: ['Not logged in'] }.to_json
         }
       end
     end
@@ -133,14 +159,16 @@ class ApplicationController < ActionController::Base
       user = nil
       api_client = nil
       api_client_auth = nil
-      if params[:api_token]
+      supplied_token = params[:api_token] || params[:oauth_token]
+      if supplied_token
         api_client_auth = ApiClientAuthorization.
           includes(:api_client, :user).
-          where('api_token=?', params[:api_token]).
+          where('api_token=?', supplied_token).
           first
         if api_client_auth
           session[:user_id] = api_client_auth.user.id
           session[:api_client_uuid] = api_client_auth.api_client.uuid
+          session[:api_client_authorization_id] = api_client_auth.id
           user = api_client_auth.user
           api_client = api_client_auth.api_client
         end
@@ -149,16 +177,22 @@ class ApplicationController < ActionController::Base
         api_client = ApiClient.
           where('uuid=?',session[:api_client_uuid]).
           first rescue nil
+        api_client_auth = ApiClientAuthorization.
+          find session[:api_client_authorization_id]
       end
       Thread.current[:api_client_trusted] = session[:api_client_trusted]
       Thread.current[:api_client_ip_address] = remote_ip
+      Thread.current[:api_client_authorization] = api_client_auth
+      Thread.current[:api_client_uuid] = api_client.uuid
       Thread.current[:api_client] = api_client
       Thread.current[:user] = user
       yield
     ensure
       Thread.current[:api_client_trusted] = nil
       Thread.current[:api_client_ip_address] = nil
+      Thread.current[:api_client_authorization] = nil
       Thread.current[:api_client_uuid] = nil
+      Thread.current[:api_client] = nil
       Thread.current[:user] = nil
     end
   end
@@ -189,7 +223,7 @@ class ApplicationController < ActionController::Base
   def accept_attribute_as_json(attr, force_class)
     if params[resource_name].is_a? Hash
       if params[resource_name][attr].is_a? String
-        params[resource_name][attr] = JSON.parse params[resource_name][attr]
+        params[resource_name][attr] = Oj.load params[resource_name][attr]
         if force_class and !params[resource_name][attr].is_a? force_class
           raise TypeError.new("#{resource_name}[#{attr.to_s}] must be a #{force_class.to_s}")
         end