Merge branch '4027-sdk-constraint-reuse-wip'

[arvados.git] / services / api / app / controllers / arvados / v1 / repositories_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 7592f9d654ccca3ae169b80adf24421573200b9c..0452c523bf3a21348264350c8f9deba96bfefedd 100644 (file)
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -1,18 +1,44 @@
 class Arvados::V1::RepositoriesController < ApplicationController
+  skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
+  skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
   before_filter :admin_required, :only => :get_all_permissions
   def get_all_permissions
     @users = {}
     User.includes(:authorized_keys).all.each do |u|
       @users[u.uuid] = u
     end
+    admins = @users.select { |k,v| v.is_admin }
     @user_aks = {}
     @repo_info = {}
     @repos = Repository.includes(:permissions).all
     @repos.each do |repo|
       gitolite_permissions = ''
+      perms = []
       repo.permissions.each do |perm|
-        user_uuid = perm.tail_uuid
-        @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.collect do |ak|
+        if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
+          @users.each do |user_uuid, user|
+            user.group_permissions.each do |group_uuid, perm_mask|
+              if perm_mask[:manage]
+                perms << {name: 'can_manage', user_uuid: user_uuid}
+              elsif perm_mask[:write]
+                perms << {name: 'can_write', user_uuid: user_uuid}
+              elsif perm_mask[:read]
+                perms << {name: 'can_read', user_uuid: user_uuid}
+              end
+            end
+          end
+        else
+          perms << {name: perm.name, user_uuid: perm.tail_uuid}
+        end
+      end
+      # Owner of the repository, and all admins, can RW
+      ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+        perms << {name: 'can_write', user_uuid: user_uuid}
+      end
+      perms.each do |perm|
+        user_uuid = perm[:user_uuid]
+        @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
+          collect do |ak|
           {
             public_key: ak.public_key,
             authorized_key_uuid: ak.uuid
@@ -26,14 +52,18 @@ class Arvados::V1::RepositoriesController < ApplicationController
             fetch_url: repo.fetch_url,
             user_permissions: {}
           }
-          @repo_info[repo.uuid][:user_permissions][user_uuid] ||= {}
-          @repo_info[repo.uuid][:user_permissions][user_uuid][perm.name] = true
+          ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
+          ri[perm[:name]] = true
         end
       end
     end
     @repo_info.values.each do |repo_users|
       repo_users[:user_permissions].each do |user_uuid,perms|
-        if perms['can_write']
+        if perms['can_manage']
+          perms[:gitolite_permissions] = 'RW'
+          perms['can_write'] = true
+          perms['can_read'] = true
+        elsif perms['can_write']
           perms[:gitolite_permissions] = 'RW'
           perms['can_read'] = true
         elsif perms['can_read']