projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into 2903-remove-pi-active-and-success
[arvados.git] / services / api / lib / current_api_client.rb
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index ab6d624ea5ea3899ca4a4f8acaabb7e39badd819..f851c588c7445ef7d180bee1896b9f2e0bfc7d36 100644 (file)
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -11,11 +11,15 @@ module CurrentApiClient
     Thread.current[:api_client_authorization]
   end
 
+  def current_api_base
+    Thread.current[:api_url_base]
+  end
+
   def current_default_owner
-    # owner uuid for newly created objects
+    # owner_uuid for newly created objects
     ((current_api_client_authorization &&
-      current_api_client_authorization.default_owner) ||
-     (current_user && current_user.default_owner) ||
+      current_api_client_authorization.default_owner_uuid) ||
+     (current_user && current_user.default_owner_uuid) ||
      (current_user && current_user.uuid) ||
      nil)
   end
@@ -25,25 +29,28 @@ module CurrentApiClient
     Thread.current[:api_client_ip_address]
   end
 
-  # Is the current client permitted to perform ALL actions on behalf
-  # of the authenticated user?
-  def current_api_client_trusted
-    Thread.current[:api_client_trusted]
-  end
-
   def system_user_uuid
     [Server::Application.config.uuid_prefix,
      User.uuid_prefix,
      '000000000000000'].join('-')
   end
 
+  def system_group_uuid
+    [Server::Application.config.uuid_prefix,
+     Group.uuid_prefix,
+     '000000000000000'].join('-')
+  end
+
   def system_user
     if not $system_user
       real_current_user = Thread.current[:user]
-      Thread.current[:user] = User.new(is_admin: true)
+      Thread.current[:user] = User.new(is_admin: true,
+                                       is_active: true,
+                                       uuid: system_user_uuid)
       $system_user = User.where('uuid=?', system_user_uuid).first
       if !$system_user
         $system_user = User.new(uuid: system_user_uuid,
+                                is_active: true,
                                 is_admin: true,
                                 email: 'root',
                                 first_name: 'root',
@@ -56,7 +63,40 @@ module CurrentApiClient
     $system_user
   end
 
+  def system_group
+    if not $system_group
+      act_as_system_user do
+        ActiveRecord::Base.transaction do
+          $system_group = Group.
+            where(uuid: system_group_uuid).first_or_create do |g|
+            g.update_attributes(name: "System group",
+                                description: "System group")
+            User.all.collect(&:uuid).each do |user_uuid|
+              Link.create(link_class: 'permission',
+                          name: 'can_manage',
+                          tail_kind: 'arvados#group',
+                          tail_uuid: system_group_uuid,
+                          head_kind: 'arvados#user',
+                          head_uuid: user_uuid)
+            end
+          end
+        end
+      end
+    end
+    $system_group
+  end
+
   def act_as_system_user
-    Thread.current[:user] = system_user
+    if block_given?
+      user_was = Thread.current[:user]
+      Thread.current[:user] = system_user
+      begin
+        yield
+      ensure
+        Thread.current[:user] = user_was
+      end
+    else
+      Thread.current[:user] = system_user
+    end
   end
 end