projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
5989: API repo perms method always returns all repos.
[arvados.git]
/
services
/
api
/
app
/
controllers
/
arvados
/
v1
/
repositories_controller.rb
diff --git
a/services/api/app/controllers/arvados/v1/repositories_controller.rb
b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 6ba98c8e0914e46e45a65fd04e40ad050cdd67a3..fd6ab582071cc65f27ad0c943ad2b2d75ff03f6b 100644
(file)
--- a/
services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/
services/api/app/controllers/arvados/v1/repositories_controller.rb
@@
-1,21
+1,32
@@
class Arvados::V1::RepositoriesController < ApplicationController
class Arvados::V1::RepositoriesController < ApplicationController
+ skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
+ skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
before_filter :admin_required, :only => :get_all_permissions
def get_all_permissions
@users = {}
before_filter :admin_required, :only => :get_all_permissions
def get_all_permissions
@users = {}
- User.includes(:authorized_keys).
all.
each do |u|
+ User.includes(:authorized_keys).
find_
each do |u|
@users[u.uuid] = u
end
@users[u.uuid] = u
end
+ admins = @users.select { |k,v| v.is_admin }
@user_aks = {}
@repo_info = {}
@user_aks = {}
@repo_info = {}
- @repos = Repository.includes(:permissions).all
- @repos.each do |repo|
+ Repository.includes(:permissions).find_each do |repo|
+ @repo_info[repo.uuid] = {
+ uuid: repo.uuid,
+ name: repo.name,
+ push_url: repo.push_url,
+ fetch_url: repo.fetch_url,
+ user_permissions: {},
+ }
gitolite_permissions = ''
perms = []
repo.permissions.each do |perm|
gitolite_permissions = ''
perms = []
repo.permissions.each do |perm|
- if
perm.tail_kind == 'arvados#group'
+ if
ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
@users.each do |user_uuid, user|
user.group_permissions.each do |group_uuid, perm_mask|
@users.each do |user_uuid, user|
user.group_permissions.each do |group_uuid, perm_mask|
- if perm_mask[:write]
+ if perm_mask[:manage]
+ perms << {name: 'can_manage', user_uuid: user_uuid}
+ elsif perm_mask[:write]
perms << {name: 'can_write', user_uuid: user_uuid}
elsif perm_mask[:read]
perms << {name: 'can_read', user_uuid: user_uuid}
perms << {name: 'can_write', user_uuid: user_uuid}
elsif perm_mask[:read]
perms << {name: 'can_read', user_uuid: user_uuid}
@@
-26,6
+37,10
@@
class Arvados::V1::RepositoriesController < ApplicationController
perms << {name: perm.name, user_uuid: perm.tail_uuid}
end
end
perms << {name: perm.name, user_uuid: perm.tail_uuid}
end
end
+ # Owner of the repository, and all admins, can RW
+ ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+ perms << {name: 'can_write', user_uuid: user_uuid}
+ end
perms.each do |perm|
user_uuid = perm[:user_uuid]
@user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
perms.each do |perm|
user_uuid = perm[:user_uuid]
@user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
@@
-36,13
+51,6
@@
class Arvados::V1::RepositoriesController < ApplicationController
}
end || []
if @user_aks[user_uuid].any?
}
end || []
if @user_aks[user_uuid].any?
- @repo_info[repo.uuid] ||= {
- uuid: repo.uuid,
- name: repo.name,
- push_url: repo.push_url,
- fetch_url: repo.fetch_url,
- user_permissions: {}
- }
ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
ri[perm[:name]] = true
end
ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
ri[perm[:name]] = true
end
@@
-50,7
+58,11
@@
class Arvados::V1::RepositoriesController < ApplicationController
end
@repo_info.values.each do |repo_users|
repo_users[:user_permissions].each do |user_uuid,perms|
end
@repo_info.values.each do |repo_users|
repo_users[:user_permissions].each do |user_uuid,perms|
- if perms['can_write']
+ if perms['can_manage']
+ perms[:gitolite_permissions] = 'RW'
+ perms['can_write'] = true
+ perms['can_read'] = true
+ elsif perms['can_write']
perms[:gitolite_permissions] = 'RW'
perms['can_read'] = true
elsif perms['can_read']
perms[:gitolite_permissions] = 'RW'
perms['can_read'] = true
elsif perms['can_read']
@@
-58,10
+70,8
@@
class Arvados::V1::RepositoriesController < ApplicationController
end
end
end
end
end
end
- render json: {
- kind: 'arvados#RepositoryPermissionSnapshot',
- repositories: @repo_info.values,
- user_keys: @user_aks
- }
+ send_json(kind: 'arvados#RepositoryPermissionSnapshot',
+ repositories: @repo_info.values,
+ user_keys: @user_aks)
end
end
end
end