+require "arvados/keep"
+
class Arvados::V1::CollectionsController < ApplicationController
def create
- if !resource_attrs[:manifest_text]
- return send_error("'manifest_text' attribute must be specified",
- status: :unprocessable_entity)
- end
-
- # Check permissions on the collection manifest.
- # If any signature cannot be verified, return 403 Permission denied.
- api_token = current_api_client_authorization.andand.api_token
- signing_opts = {
- key: Rails.configuration.blob_signing_key,
- api_token: api_token,
- ttl: Rails.configuration.blob_signing_ttl,
- }
- resource_attrs[:manifest_text].lines.each do |entry|
- entry.split[1..-1].each do |tok|
- if /^[[:digit:]]+:[[:digit:]]+:/.match tok
- # This is a filename token, not a blob locator. Note that we
- # keep checking tokens after this, even though manifest
- # format dictates that all subsequent tokens will also be
- # filenames. Safety first!
- elsif Blob.verify_signature tok, signing_opts
- # OK.
- elsif Locator.parse(tok).andand.signature
- # Signature provided, but verify_signature did not like it.
- logger.warn "Invalid signature on locator #{tok}"
- raise ArvadosModel::PermissionDeniedError
- elsif Rails.configuration.permit_create_collection_with_unsigned_manifest
- # No signature provided, but we are running in insecure mode.
- logger.debug "Missing signature on locator #{tok} ignored"
- elsif Blob.new(tok).empty?
- # No signature provided -- but no data to protect, either.
- else
- logger.warn "Missing signature on locator #{tok}"
- raise ArvadosModel::PermissionDeniedError
- end
- end
+ if resource_attrs[:uuid] and (loc = Keep::Locator.parse(resource_attrs[:uuid]))
+ resource_attrs[:portable_data_hash] = loc.to_s
+ resource_attrs.delete :uuid
end
-
- # Remove any permission signatures from the manifest.
- resource_attrs[:manifest_text]
- .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word|
- word.strip!
- loc = Locator.parse(word)
- if loc
- " " + loc.without_signature.to_s
- else
- " " + word
- end
- }
-
super
end
def find_object_by_uuid
- if loc = Locator.parse(params[:id])
+ if loc = Keep::Locator.parse(params[:id])
loc.strip_hints!
if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first
@object = {
+ uuid: c.portable_data_hash,
portable_data_hash: c.portable_data_hash,
manifest_text: c.manifest_text,
- files: c.files,
- data_size: c.data_size
}
end
else
end
def show
- if current_api_client_authorization
- signing_opts = {
- key: Rails.configuration.blob_signing_key,
- api_token: current_api_client_authorization.api_token,
- ttl: Rails.configuration.blob_signing_ttl,
- }
- @object[:manifest_text]
- .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word|
- word.strip!
- loc = Locator.parse(word)
- if loc
- " " + Blob.sign_locator(word, signing_opts)
- else
- " " + word
- end
- }
- end
+ sign_manifests(@object[:manifest_text])
if @object.is_a? Collection
- render json: @object.as_api_response(:with_data)
+ render json: @object.as_api_response
else
render json: @object
end
end
+ def index
+ sign_manifests(*@objects.map { |c| c[:manifest_text] })
+ super
+ end
+
def script_param_edges(visited, sp)
case sp
when Hash
end
when String
return if sp.empty?
- if loc = Locator.parse(sp)
+ if loc = Keep::Locator.parse(sp)
search_edges(visited, loc.to_s, :search_up)
end
end
return
end
- if loc = Locator.parse(uuid)
+ if loc = Keep::Locator.parse(uuid)
loc.strip_hints!
return if visited[loc.to_s]
end
if c = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s).limit(1).first
visited[loc.to_s] = {
portable_data_hash: c.portable_data_hash,
- files: c.files,
- data_size: c.data_size
}
end
render json: visited
end
+ protected
+
+ def apply_filters
+ if action_name == 'index'
+ # Omit manifest_text from index results unless expressly selected.
+ @select ||= model_class.api_accessible_attributes(:user).
+ map { |attr_spec| attr_spec.first.to_s } - ["manifest_text"]
+ end
+ super
+ end
+
+ def sign_manifests(*manifests)
+ if current_api_client_authorization
+ signing_opts = {
+ key: Rails.configuration.blob_signing_key,
+ api_token: current_api_client_authorization.api_token,
+ ttl: Rails.configuration.blob_signing_ttl,
+ }
+ manifests.each do |text|
+ Collection.munge_manifest_locators(text) do |loc|
+ Blob.sign_locator(loc.to_s, signing_opts)
+ end
+ end
+ end
+ end
end
projects / arvados.git / blobdiff