true
end
- def self.invalidate_permissions_cache
- Rails.cache.delete_matched(/^groups_for_user_/)
+ def self.invalidate_permissions_cache(timestamp=nil)
+ if Rails.configuration.async_permissions_update
+ timestamp = DbCurrentTime::db_current_time.to_i if timestamp.nil?
+ connection.execute "NOTIFY invalidate_permissions_cache, '#{timestamp}'"
+ else
+ Rails.cache.delete_matched(/^groups_for_user_/)
+ end
end
# Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
# The permission graph is built by repeatedly enumerating all
# permission links reachable from self.uuid, and then calling
# search_permissions
- def group_permissions
- Rails.cache.fetch "groups_for_user_#{self.uuid}" do
+ def calculate_group_permissions
permissions_from = {}
todo = {self.uuid => true}
done = {}
end
end
end
- search_permissions(self.uuid, permissions_from)
+ perms = search_permissions(self.uuid, permissions_from)
+ Rails.cache.write "groups_for_user_#{self.uuid}", perms
+ perms
+ end
+
+ # Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
+ # and perm_hash[:write] are true if this user can read and write
+ # objects owned by group_uuid.
+ def group_permissions
+ r = Rails.cache.read "groups_for_user_#{self.uuid}"
+ if r.nil?
+ if Rails.configuration.async_permissions_update
+ while r.nil?
+ sleep(0.1)
+ r = Rails.cache.read "groups_for_user_#{self.uuid}"
+ end
+ else
+ r = calculate_group_permissions
+ end
end
+ r
end
def self.setup(user, openid_prefix, repo_name=nil, vm_uuid=nil)
def setup_repo_vm_links(repo_name, vm_uuid, openid_prefix)
oid_login_perm = create_oid_login_perm openid_prefix
repo_perm = create_user_repo_link repo_name
- vm_login_perm = create_vm_login_permission_link vm_uuid, repo_name
+ vm_login_perm = create_vm_login_permission_link vm_uuid, username
group_perm = create_user_group_link
return [oid_login_perm, repo_perm, vm_login_perm, group_perm, self].compact
projects / arvados.git / blobdiff