direct_check = " OR " + direct_check
end
+ if Rails.configuration.Users.RoleGroupsVisibleToAll &&
+ sql_table == "groups" &&
+ users_list.select { |u| u.is_active }.any?
+ # All role groups are readable (but we still need the other
+ # direct_check clauses to handle non-role groups).
+ direct_check += " OR #{sql_table}.group_class = 'role'"
+ end
+
links_cond = ""
if sql_table == "links"
- # Match any permission link that gives one of the authorized
- # users some permission _or_ gives anyone else permission to
- # view one of the authorized users.
+ # 1) Match permission links incoming or outgoing on the
+ # user, i.e. granting permission on the user, or granting
+ # permission to the user.
+ #
+ # 2) Match permission links which grant permission on an
+ # object that this user can_manage.
+ #
links_cond = "OR (#{sql_table}.link_class IN (:permission_link_classes) AND "+
- "(#{sql_table}.head_uuid IN (#{user_uuids_subquery}) OR #{sql_table}.tail_uuid IN (#{user_uuids_subquery})))"
+ " ((#{sql_table}.head_uuid IN (#{user_uuids_subquery}) OR #{sql_table}.tail_uuid IN (#{user_uuids_subquery})) OR " +
+ " #{sql_table}.head_uuid IN (SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+ " WHERE user_uuid IN (#{user_uuids_subquery}) AND perm_level >= 3))) "
end
sql_conds = "(#{owner_check} #{direct_check} #{links_cond}) #{trashed_check.empty? ? "" : "AND"} #{trashed_check}"
self.where(sql_conds,
user_uuids: all_user_uuids.collect{|c| c["target_uuid"]},
- permission_link_classes: ['permission', 'resources'])
+ permission_link_classes: ['permission'])
end
def save_with_unique_name!
false
end
- def self.where_serialized(colname, value, md5: false)
+ def self.where_serialized(colname, value, md5: false, multivalue: false)
colsql = colname.to_s
if md5
colsql = "md5(#{colsql})"
sql = "#{colsql} IN (?)"
sorted = deep_sort_hash(value)
end
- params = [sorted.to_yaml, SafeJSON.dump(sorted)]
+ params = []
+ if multivalue
+ sorted.each do |v|
+ params << v.to_yaml
+ params << SafeJSON.dump(v)
+ end
+ else
+ params << sorted.to_yaml
+ params << SafeJSON.dump(sorted)
+ end
if md5
params = params.map { |x| Digest::MD5.hexdigest(x) }
end
def fill_container_defaults
self.runtime_constraints = {
'API' => false,
+ 'cuda' => {
+ 'device_count' => 0,
+ 'driver_version' => '',
+ 'hardware_capability' => '',
+ },
'keep_cache_ram' => 0,
'ram' => 0,
'vcpus' => 0,