params
end
+ def self._create_requires_parameters
+ super.merge(
+ {
+ async: {
+ required: false,
+ type: 'boolean',
+ location: 'query',
+ default: false,
+ description: 'defer permissions update'
+ }
+ }
+ )
+ end
+
+ def self._update_requires_parameters
+ super.merge(
+ {
+ async: {
+ required: false,
+ type: 'boolean',
+ location: 'query',
+ default: false,
+ description: 'defer permissions update'
+ }
+ }
+ )
+ end
+
+ def create
+ if params[:async]
+ @object = model_class.new(resource_attrs.merge({async_permissions_update: true}))
+ @object.save!
+ render_accepted
+ else
+ super
+ end
+ end
+
+ def update
+ if params[:async]
+ attrs_to_update = resource_attrs.reject { |k, v|
+ [:kind, :etag, :href].index k
+ }.merge({async_permissions_update: true})
+ @object.update_attributes!(attrs_to_update)
+ @object.save!
+ render_accepted
+ else
+ super
+ end
+ end
+
def render_404_if_no_object
if params[:action] == 'contents'
if !params[:uuid]
def contents
load_searchable_objects
- send_json({
+ list = {
:kind => "arvados#objectList",
:etag => "",
:self_link => "",
:limit => @limit,
:items_available => @items_available,
:items => @objects.as_api_response(nil)
- })
+ }
+ if @extra_included
+ list[:included] = @extra_included.as_api_response(nil, {select: @select})
+ end
+ send_json(list)
end
def shared
# other words, groups which to which access was granted via a
# permission link or chain of links.
#
- # This also returns (in the "includes" field) the objects that own
+ # This also returns (in the "included" field) the objects that own
# those projects (users or non-project groups).
#
- # select groups that are readable by current user AND
- # the owner_uuid is a user (but not the current user) OR
- # the owner_uuid is not readable by the current user
- # the owner_uuid is a group but group_class is not a project
#
# The intended use of this endpoint is to support clients which
# wish to browse those projects which are visible to the user but
load_limit_offset_order_params
load_filters_param
- read_parent_check = if current_user.is_admin
- ""
- else
- "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
- "user_uuid=(:user_uuid) AND target_uuid=groups.owner_uuid AND perm_level >= 1) OR "
- end
+ @objects = exclude_home Group.readable_by(*@read_users), Group
- @objects = Group.readable_by(*@read_users).where("groups.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
- read_parent_check+
- "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=groups.owner_uuid and gp.group_class != 'project')",
- user_uuid: current_user.uuid)
apply_where_limit_order_params
- owners = @objects.map(&:owner_uuid).to_a
-
if params["include"] == "owner_uuid"
+ owners = @objects.map(&:owner_uuid).to_set
@extra_included = []
- @extra_included += Group.readable_by(*@read_users).where(uuid: owners).select(@select).to_a
- @extra_included += User.readable_by(*@read_users).where(uuid: owners).select(@select).to_a
+ [Group, User].each do |klass|
+ @extra_included += klass.readable_by(*@read_users).where(uuid: owners.to_a).to_a
+ end
end
index
all_objects = []
@items_available = 0
+ # Reload the orders param, this time without prefixing unqualified
+ # columns ("name" => "groups.name"). Here, unqualified orders
+ # apply to each table being searched, not "groups".
+ load_limit_offset_order_params(fill_table_names: false)
+
# Trick apply_where_limit_order_params into applying suitable
# per-table values. *_all are the real ones we'll apply to the
# aggregate set.
else
filter_by_owner[:owner_uuid] = @object.uuid
end
+
+ if params['exclude_home_project']
+ raise ArgumentError.new "Cannot use 'exclude_home_project' with a parent object"
+ end
end
+ included_by_uuid = {}
+
seen_last_class = false
klasses.each do |klass|
@offset = 0 if seen_last_class # reset offset for the new next type being processed
# table_name for the current klass, apply that order.
# Otherwise, order by recency.
request_order =
- request_orders.andand.find { |r| r =~ /^#{klass.table_name}\./i } ||
+ request_orders.andand.find { |r| r =~ /^#{klass.table_name}\./i || r !~ /\./ } ||
klass.default_orders.join(", ")
@select = nil
@objects = klass.readable_by(*@read_users, {:include_trash => params[:include_trash]}).
order(request_order).where(where_conds)
+ if params['exclude_home_project']
+ @objects = exclude_home @objects, klass
+ end
+
klass_limit = limit_all - all_objects.count
@limit = klass_limit
apply_where_limit_order_params klass
# with limit=0 and just accumulate items_available.
limit_all = all_objects.count
end
+
+ if params["include"] == "owner_uuid"
+ owners = klass_object_list[:items].map {|i| i[:owner_uuid]}.to_set
+ [Group, User].each do |ownerklass|
+ ownerklass.readable_by(*@read_users).where(uuid: owners.to_a).each do |ow|
+ included_by_uuid[ow.uuid] = ow
+ end
+ end
+ end
+ end
+
+ if params["include"]
+ @extra_included = included_by_uuid.values
end
@objects = all_objects
@offset = offset_all
end
+ protected
+
+ def exclude_home objectlist, klass
+ # select records that are readable by current user AND
+ # the owner_uuid is a user (but not the current user) OR
+ # the owner_uuid is not readable by the current user
+ # the owner_uuid is a group but group_class is not a project
+
+ read_parent_check = if current_user.is_admin
+ ""
+ else
+ "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+
+ "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR "
+ end
+
+ objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
+ read_parent_check+
+ "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')",
+ user_uuid: current_user.uuid)
+ end
+
end
projects / arvados.git / blobdiff