+++ /dev/null
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-class UsersController < ApplicationController
- skip_around_action :require_thread_api_token, only: :welcome
- skip_before_action :check_user_agreements, only: [:welcome, :inactive, :link_account, :merge]
- skip_before_action :check_user_profile, only: [:welcome, :inactive, :profile, :link_account, :merge]
- skip_before_action :find_object_by_uuid, only: [:welcome, :activity, :storage]
- before_action :ensure_current_user_is_admin, only: [:sudo, :unsetup, :setup]
-
- def show
- if params[:uuid] == current_user.uuid
- respond_to do |f|
- f.html do
- if request.url.include?("/users/#{current_user.uuid}")
- super
- else
- redirect_to(params[:return_to] || project_path(params[:uuid]))
- end
- end
- end
- else
- super
- end
- end
-
- def welcome
- if current_user
- redirect_to (params[:return_to] || '/')
- end
- end
-
- def inactive
- if current_user.andand.is_invited
- redirect_to (params[:return_to] || '/')
- end
- end
-
- def profile
- params[:offer_return_to] ||= params[:return_to]
-
- # In a federation situation, when you get a user record using
- # "current user of token" it can fetch a stale user record from
- # the local cluster. So even if profile settings were just written
- # to the user record on the login cluster (because the user just
- # filled out the profile), those profile settings may not appear
- # in the "current user" response because it is returning a cached
- # record from the local cluster.
- #
- # In this case, explicitly fetching user record forces it to get a
- # fresh record from the login cluster.
- Thread.current[:user] = User.find(current_user.uuid)
- end
-
- def activity
- @breadcrumb_page_name = nil
- @users = User.limit(params[:limit]).with_count("none")
- @user_activity = {}
- @activity = {
- logins: {},
- jobs: {},
- pipeline_instances: {}
- }
- @total_activity = {}
- @spans = [['This week', Time.now.beginning_of_week, Time.now],
- ['Last week',
- Time.now.beginning_of_week.advance(weeks:-1),
- Time.now.beginning_of_week],
- ['This month', Time.now.beginning_of_month, Time.now],
- ['Last month',
- 1.month.ago.beginning_of_month,
- Time.now.beginning_of_month]]
- @spans.each do |span, threshold_start, threshold_end|
- @activity[:logins][span] = Log.select(%w(uuid modified_by_user_uuid)).
- filter([[:event_type, '=', 'login'],
- [:object_kind, '=', 'arvados#user'],
- [:created_at, '>=', threshold_start],
- [:created_at, '<', threshold_end]]).with_count("none")
- @activity[:jobs][span] = Job.select(%w(uuid modified_by_user_uuid)).
- filter([[:created_at, '>=', threshold_start],
- [:created_at, '<', threshold_end]]).with_count("none")
- @activity[:pipeline_instances][span] = PipelineInstance.select(%w(uuid modified_by_user_uuid)).
- filter([[:created_at, '>=', threshold_start],
- [:created_at, '<', threshold_end]]).with_count("none")
- @activity.each do |type, act|
- records = act[span]
- @users.each do |u|
- @user_activity[u.uuid] ||= {}
- @user_activity[u.uuid][span + ' ' + type.to_s] ||= 0
- end
- records.each do |record|
- @user_activity[record.modified_by_user_uuid] ||= {}
- @user_activity[record.modified_by_user_uuid][span + ' ' + type.to_s] ||= 0
- @user_activity[record.modified_by_user_uuid][span + ' ' + type.to_s] += 1
- @total_activity[span + ' ' + type.to_s] ||= 0
- @total_activity[span + ' ' + type.to_s] += 1
- end
- end
- end
- @users = @users.sort_by do |a|
- [-@user_activity[a.uuid].values.inject(:+), a.full_name]
- end
- # Prepend a "Total" pseudo-user to the sorted list
- @user_activity[nil] = @total_activity
- @users = [OpenStruct.new(uuid: nil)] + @users
- end
-
- def storage
- @breadcrumb_page_name = nil
- @users = User.limit(params[:limit]).with_count("none")
- @user_storage = {}
- total_storage = {}
- @log_date = {}
- @users.each do |u|
- @user_storage[u.uuid] ||= {}
- storage_log = Log.
- filter([[:object_uuid, '=', u.uuid],
- [:event_type, '=', 'user-storage-report']]).
- order(:created_at => :desc).
- with_count('none').
- limit(1)
- storage_log.each do |log_entry|
- # We expect this block to only execute once since we specified limit(1)
- @user_storage[u.uuid] = log_entry['properties']
- @log_date[u.uuid] = log_entry['event_at']
- end
- total_storage.merge!(@user_storage[u.uuid]) { |k,v1,v2| v1 + v2 }
- end
- @users = @users.sort_by { |u|
- [-@user_storage[u.uuid].values.push(0).inject(:+), u.full_name]}
- # Prepend a "Total" pseudo-user to the sorted list
- @users = [OpenStruct.new(uuid: nil)] + @users
- @user_storage[nil] = total_storage
- end
-
- def show_pane_list
- if current_user.andand.is_admin
- %w(Admin) | super
- else
- super
- end
- end
-
- def index_pane_list
- if current_user.andand.is_admin
- super | %w(Activity)
- else
- super
- end
- end
-
- def sudo
- resp = arvados_api_client.api(ApiClientAuthorization, '', {
- api_client_authorization: {
- owner_uuid: @object.uuid
- }
- })
- redirect_to root_url(api_token: "v2/#{resp[:uuid]}/#{resp[:api_token]}")
- end
-
- def home
- @my_ssh_keys = AuthorizedKey.where(authorized_user_uuid: current_user.uuid)
- @my_tag_links = {}
-
- @my_jobs = Job.
- limit(10).
- order('created_at desc').
- with_count('none').
- where(created_by: current_user.uuid)
-
- @my_collections = Collection.
- limit(10).
- order('created_at desc').
- with_count('none').
- where(created_by: current_user.uuid)
- collection_uuids = @my_collections.collect &:uuid
-
- @persist_state = {}
- collection_uuids.each do |uuid|
- @persist_state[uuid] = 'cache'
- end
-
- Link.filter([['head_uuid', 'in', collection_uuids],
- ['link_class', 'in', ['tag', 'resources']]]).with_count("none")
- each do |link|
- case link.link_class
- when 'tag'
- (@my_tag_links[link.head_uuid] ||= []) << link
- when 'resources'
- if link.name == 'wants'
- @persist_state[link.head_uuid] = 'persistent'
- end
- end
- end
-
- @my_pipelines = PipelineInstance.
- limit(10).
- order('created_at desc').
- with_count('none').
- where(created_by: current_user.uuid)
-
- respond_to do |f|
- f.js { render template: 'users/home.js' }
- f.html { render template: 'users/home' }
- end
- end
-
- def unsetup
- if current_user.andand.is_admin
- @object.unsetup
- end
- show
- end
-
- def setup
- respond_to do |format|
- if current_user.andand.is_admin
- setup_params = {}
- setup_params[:send_notification_email] = "#{Rails.configuration.Mail.SendUserSetupNotificationEmail}"
- if params['user_uuid'] && params['user_uuid'].size>0
- setup_params[:uuid] = params['user_uuid']
- end
- if params['email'] && params['email'].size>0
- user = {email: params['email']}
- setup_params[:user] = user
- end
- if params['openid_prefix'] && params['openid_prefix'].size>0
- setup_params[:openid_prefix] = params['openid_prefix']
- end
- if params['vm_uuid'] && params['vm_uuid'].size>0
- setup_params[:vm_uuid] = params['vm_uuid']
- end
-
- setup_resp = User.setup setup_params
- if setup_resp
- vm_link = nil
- setup_resp[:items].each do |item|
- if item[:head_kind] == "arvados#virtualMachine"
- vm_link = item
- break
- end
- end
- if params[:groups]
- new_groups = params[:groups].split(',').map(&:strip).select{|i| !i.empty?}
- if vm_link and new_groups != vm_link[:properties][:groups]
- vm_login_link = Link.where(uuid: vm_link[:uuid])
- if vm_login_link.items_available > 0
- link = vm_login_link.results.first
- props = link.properties
- props[:groups] = new_groups
- link.save!
- end
- end
- end
-
- format.js
- else
- self.render_error status: 422
- end
- else
- self.render_error status: 422
- end
- end
- end
-
- def setup_popup
- @vms = VirtualMachine.all.results
-
- @current_selections = find_current_links @object
-
- respond_to do |format|
- format.html
- format.js
- end
- end
-
- def virtual_machines
- @my_vm_logins = {}
- Link.where(tail_uuid: @object.uuid,
- link_class: 'permission',
- name: 'can_login').with_count("none").
- each do |perm_link|
- if perm_link.properties.andand[:username]
- @my_vm_logins[perm_link.head_uuid] ||= []
- @my_vm_logins[perm_link.head_uuid] << perm_link.properties[:username]
- end
- end
- @my_virtual_machines = VirtualMachine.where(uuid: @my_vm_logins.keys).with_count("none")
- end
-
- def ssh_keys
- @my_ssh_keys = AuthorizedKey.where(key_type: 'SSH', owner_uuid: @object.uuid)
- end
-
- def add_ssh_key_popup
- respond_to do |format|
- format.html
- format.js
- end
- end
-
- def add_ssh_key
- respond_to do |format|
- key_params = {'key_type' => 'SSH'}
- key_params['authorized_user_uuid'] = current_user.uuid
-
- if params['name'] && params['name'].size>0
- key_params['name'] = params['name'].strip
- end
- if params['public_key'] && params['public_key'].size>0
- key_params['public_key'] = params['public_key'].strip
- end
-
- if !key_params['name'] && params['public_key'].andand.size>0
- split_key = key_params['public_key'].split
- key_params['name'] = split_key[-1] if (split_key.size == 3)
- end
-
- new_key = AuthorizedKey.create! key_params
- if new_key
- format.js
- else
- self.render_error status: 422
- end
- end
- end
-
- def request_shell_access
- logger.warn "request_access: #{params.inspect}"
- params['request_url'] = request.url
- RequestShellAccessReporter.send_request(current_user, params).deliver
- end
-
- def merge
- User.merge params[:new_user_token], params[:direction]
- redirect_to "/"
- end
-
- protected
-
- def find_current_links user
- current_selections = {}
-
- if !user
- return current_selections
- end
-
- # oid login perm
- oid_login_perms = Link.where(tail_uuid: user.email,
- head_kind: 'arvados#user',
- link_class: 'permission',
- name: 'can_login').with_count("none")
-
- if oid_login_perms.any?
- prefix_properties = oid_login_perms.first.properties
- current_selections[:identity_url_prefix] = prefix_properties[:identity_url_prefix]
- end
-
- # repo perm
- repo_perms = Link.where(tail_uuid: user.uuid,
- head_kind: 'arvados#repository',
- link_class: 'permission',
- name: 'can_write').with_count("none")
- if repo_perms.any?
- repo_uuid = repo_perms.first.head_uuid
- repos = Repository.where(head_uuid: repo_uuid).with_count("none")
- if repos.any?
- repo_name = repos.first.name
- current_selections[:repo_name] = repo_name
- end
- end
-
- # vm login perm
- vm_login_perms = Link.where(tail_uuid: user.uuid,
- head_kind: 'arvados#virtualMachine',
- link_class: 'permission',
- name: 'can_login').with_count("none")
- if vm_login_perms.any?
- vm_perm = vm_login_perms.first
- vm_uuid = vm_perm.head_uuid
- current_selections[:vm_uuid] = vm_uuid
- current_selections[:groups] = vm_perm.properties[:groups].andand.join(', ')
- end
-
- return current_selections
- end
-
-end