class ArvadosBase < ActiveRecord::Base
self.abstract_class = true
attr_accessor :attribute_sortkey
+ attr_accessor :create_params
def self.arvados_api_client
ArvadosApiClient.new_or_current
end
end
- def initialize raw_params={}
- begin
- super self.class.permit_attribute_params(raw_params)
- rescue Exception => e
- logger.debug raw_params
- logger.debug self.class.permit_attribute_params(raw_params).inspect
- logger.debug self.class.attribute_info.inspect
- raise e
- end
+ def initialize raw_params={}, create_params={}
+ super self.class.permit_attribute_params(raw_params)
+ @create_params = create_params
@attribute_sortkey ||= {
'id' => nil,
'name' => '000',
# strong_parameters does not provide security in Workbench: anyone
# who can get this far can just as well do a call directly to our
# database (Arvados) with the same credentials we use.
+ #
+ # The following permit! is necessary even with
+ # "ActionController::Parameters.permit_all_parameters = true",
+ # because permit_all does not permit nested attributes.
ActionController::Parameters.new(raw_params).permit!
end
- def self.create raw_params={}
- logger.error permit_attribute_params(raw_params).inspect
- super(permit_attribute_params(raw_params))
+ def self.create raw_params={}, create_params={}
+ x = super(permit_attribute_params(raw_params))
+ x.create_params = create_params
+ x
end
def update_attributes raw_params={}
obdata.delete :uuid
resp = arvados_api_client.api(self.class, '/' + uuid, postdata)
else
+ postdata.merge!(@create_params) if @create_params
resp = arvados_api_client.api(self.class, '', postdata)
end
return false if !resp[:etag] || !resp[:uuid]
current_user
end
+ def self.goes_in_folders?
+ false
+ end
+
def editable?
(current_user and current_user.is_active and
(current_user.is_admin or
current_user.uuid == self.owner_uuid or
- new_record?))
+ new_record? or
+ (writable_by.include? current_user.uuid rescue false)))
end
- def attribute_editable?(attr)
+ def attribute_editable?(attr, ever=nil)
if "created_at modified_at modified_by_user_uuid modified_by_client_uuid updated_at".index(attr.to_s)
false
elsif not (current_user.andand.is_active)
false
- elsif "uuid owner_uuid".index(attr.to_s) or current_user.is_admin
+ elsif attr == 'uuid'
current_user.is_admin
+ elsif ever
+ true
else
- current_user.uuid == self.owner_uuid or
- current_user.uuid == self.uuid or
- new_record?
+ editable?
end
end
friendly_link_name
end
+ def owner
+ ArvadosBase.find(owner_uuid) rescue nil
+ end
+
protected
def forget_uuid!