before_filter :accept_uuid_as_id_param, except: ERROR_ACTIONS
before_filter :check_user_agreements, except: ERROR_ACTIONS
before_filter :check_user_profile, except: ERROR_ACTIONS
- before_filter :check_user_notifications, except: ERROR_ACTIONS
before_filter :load_filters_and_paging_params, except: ERROR_ACTIONS
before_filter :find_object_by_uuid, except: [:create, :index, :choose] + ERROR_ACTIONS
theme :select_theme
end
def render_error(opts={})
+ # Helpers can rely on the presence of @errors to know they're
+ # being used in an error page.
+ @errors ||= []
opts[:status] ||= 500
respond_to do |f|
# json must come before html here, so it gets used as the
end
end
+ # params[:order]:
+ #
+ # The order can be left empty to allow it to default.
+ # Or it can be a comma separated list of real database column names, one per model.
+ # Column names should always be qualified by a table name and a direction is optional, defaulting to asc
+ # (e.g. "collections.name" or "collections.name desc").
+ # If a column name is specified, that table will be sorted by that column.
+ # If there are objects from different models that will be shown (such as in Jobs and Pipelines tab),
+ # then a sort column name can optionally be specified for each model, passed as an comma-separated list (e.g. "jobs.script, pipeline_instances.name")
+ # Currently only one sort column name and direction can be specified for each model.
def load_filters_and_paging_params
- @order = params[:order] || 'created_at desc'
+ if params[:order].blank?
+ @order = 'created_at desc'
+ elsif params[:order].is_a? Array
+ @order = params[:order]
+ else
+ begin
+ @order = JSON.load(params[:order])
+ rescue
+ @order = params[:order].split(',')
+ end
+ end
@order = [@order] unless @order.is_a? Array
@limit ||= 200
def find_objects_for_index
@objects ||= model_class
@objects = @objects.filter(@filters).limit(@limit).offset(@offset)
+ @objects.fetch_multiple_pages(false)
end
def render_index
respond_to do |f|
- f.json { render json: @objects }
+ f.json {
+ if params[:partial]
+ @next_page_href = next_page_href(partial: params[:partial], filters: @filters.to_json)
+ render json: {
+ content: render_to_string(partial: "show_#{params[:partial]}",
+ formats: [:html]),
+ next_page_href: @next_page_href
+ }
+ else
+ render json: @objects
+ end
+ }
f.html {
if params[:tab_pane]
render_pane params[:tab_pane]
f.html {
if params['tab_pane']
render_pane(if params['tab_pane'].is_a? Hash then params['tab_pane']["name"] else params['tab_pane'] end)
- elsif request.method.in? ['GET', 'HEAD']
+ elsif request.request_method.in? ['GET', 'HEAD']
render
else
- redirect_to params[:return_to] || @object
+ redirect_to (params[:return_to] ||
+ polymorphic_url(@object,
+ anchor: params[:redirect_to_anchor]))
end
}
f.js { render }
end
end
+ def redirect_to uri, *args
+ if request.xhr?
+ render json: {href: uri}
+ else
+ super
+ end
+ end
+
def choose
params[:limit] ||= 40
respond_to do |f|
@new_resource_attrs ||= {}
@new_resource_attrs.reject! { |k,v| k.to_s == 'uuid' }
@object ||= model_class.new @new_resource_attrs, params["options"]
+
if @object.save
- respond_to do |f|
- f.json { render json: @object.attributes.merge(href: url_for(action: :show, id: @object)) }
- f.html {
- redirect_to @object
- }
- f.js { render }
- end
+ show
else
- self.render_error status: 422
+ render_error status: 422
end
end
%w(Attributes Advanced)
end
+ def set_share_links
+ @user_is_manager = false
+ @share_links = []
+
+ if @object.uuid != current_user.andand.uuid
+ begin
+ @share_links = Link.permissions_for(@object)
+ @user_is_manager = true
+ rescue ArvadosApiClient::AccessForbiddenException,
+ ArvadosApiClient::NotFoundException
+ end
+ end
+ end
+
+ def share_with
+ if not params[:uuids].andand.any?
+ @errors = ["No user/group UUIDs specified to share with."]
+ return render_error(status: 422)
+ end
+ results = {"success" => [], "errors" => []}
+ params[:uuids].each do |shared_uuid|
+ begin
+ Link.create(tail_uuid: shared_uuid, link_class: "permission",
+ name: "can_read", head_uuid: @object.uuid)
+ rescue ArvadosApiClient::ApiError => error
+ error_list = error.api_response.andand[:errors]
+ if error_list.andand.any?
+ results["errors"] += error_list.map { |e| "#{shared_uuid}: #{e}" }
+ else
+ error_code = error.api_status || "Bad status"
+ results["errors"] << "#{shared_uuid}: #{error_code} response"
+ end
+ else
+ results["success"] << shared_uuid
+ end
+ end
+ if results["errors"].empty?
+ results.delete("errors")
+ status = 200
+ else
+ status = 422
+ end
+ respond_to do |f|
+ f.json { render(json: results, status: status) }
+ end
+ end
+
protected
+ helper_method :strip_token_from_path
def strip_token_from_path(path)
path.sub(/([\?&;])api_token=[^&;]*[&;]?/, '\1')
end
false # For convenience to return from callbacks
end
- def using_specific_api_token(api_token)
+ def using_specific_api_token(api_token, opts={})
start_values = {}
[:arvados_api_token, :user].each do |key|
start_values[key] = Thread.current[key]
end
- load_api_token(api_token)
+ if opts.fetch(:load_user, true)
+ load_api_token(api_token)
+ else
+ Thread.current[:arvados_api_token] = api_token
+ Thread.current[:user] = nil
+ end
begin
yield
ensure
else
@object = model_class.find(params[:uuid])
end
- rescue ArvadosApiClient::NotFoundException, RuntimeError => error
+ rescue ArvadosApiClient::NotFoundException, ArvadosApiClient::NotLoggedInException, RuntimeError => error
if error.is_a?(RuntimeError) and (error.message !~ /^argument to find\(/)
raise
end
end
def check_user_profile
+ return true if !current_user
if request.method.downcase != 'get' || params[:partial] ||
params[:tab_pane] || params[:action_method] ||
params[:action] == 'setup_popup'
}
}
- def check_user_notifications
- return if params['tab_pane']
-
- @notification_count = 0
- @notifications = []
-
- if current_user.andand.is_active
- @showallalerts = false
- @@notification_tests.each do |t|
- a = t.call(self, current_user)
- if a
- @notification_count += 1
- @notifications.push a
- end
- end
- end
-
- if @notification_count == 0
- @notification_count = ''
- end
+ helper_method :user_notifications
+ def user_notifications
+ return [] if @errors or not current_user.andand.is_active
+ @notifications ||= @@notification_tests.map do |t|
+ t.call(self, current_user)
+ end.compact
end
helper_method :all_projects
crumbs = []
current = @name_link || @object
while current
+ # Halt if a group ownership loop is detected. API should refuse
+ # to produce this state, but it could still arise from a race
+ # condition when group ownership changes between our find()
+ # queries.
+ break if crumbs.collect(&:uuid).include? current.uuid
+
if current.is_a?(Group) and current.group_class == 'project'
crumbs.prepend current
end