6254: add "groups" to user setup process; these comma separated groups entered in...

[arvados.git] / apps / workbench / app / controllers / users_controller.rb
diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb

index dae9ae5eb205c6903daea731b2a4eab12725e548..d657f926039e1b2dbd8130456242e909e617e16d 100644 (file)
--- a/apps/workbench/app/controllers/users_controller.rb
+++ b/apps/workbench/app/controllers/users_controller.rb
@@ -52,15 +52,15 @@ class UsersController < ApplicationController
                 1.month.ago.beginning_of_month,
                 Time.now.beginning_of_month]]
      @spans.each do |span, threshold_start, threshold_end|
-      @activity[:logins][span] = Log.
+      @activity[:logins][span] = Log.select(%w(uuid modified_by_user_uuid)).
          filter([[:event_type, '=', 'login'],
                  [:object_kind, '=', 'arvados#user'],
                  [:created_at, '>=', threshold_start],
                  [:created_at, '<', threshold_end]])
-      @activity[:jobs][span] = Job.
+      @activity[:jobs][span] = Job.select(%w(uuid modified_by_user_uuid)).
          filter([[:created_at, '>=', threshold_start],
                  [:created_at, '<', threshold_end]])
-      @activity[:pipeline_instances][span] = PipelineInstance.
+      @activity[:pipeline_instances][span] = PipelineInstance.select(%w(uuid modified_by_user_uuid)).
          filter([[:created_at, '>=', threshold_start],
                  [:created_at, '<', threshold_end]])
        @activity.each do |type, act|
@@ -212,6 +212,22 @@ class UsersController < ApplicationController
          end
  
          if User.setup setup_params
+          if params[:groups]
+            new_groups = params[:groups].split(',').map(&:strip).compact.select{|i| !i.to_s.empty?}
+            can_login_perms = Link.where(tail_uuid: params[:user_email],
+                                         head_kind: 'arvados#user',
+                                         link_class: 'permission',
+                                         name: 'can_login')
+            if can_login_perms.any?
+              perm = can_login_perms.first
+              props = perm.properties
+              if new_groups != props[:groups]
+                props[:groups] = new_groups
+                perm.save!
+              end
+            end
+          end
+
            format.js
          else
            self.render_error status: 422
@@ -240,7 +256,14 @@ class UsersController < ApplicationController
                ['tail_uuid', '=', current_user.uuid],
                ['link_class', '=', 'permission'],
               ])
-    @my_repositories = Repository.where uuid: repo_links.collect(&:head_uuid)
+
+    owned_repositories = Repository.where(owner_uuid: current_user.uuid)
+
+    @my_repositories = (Repository.where(uuid: repo_links.collect(&:head_uuid)) |
+                        owned_repositories).
+                       uniq { |repo| repo.uuid }
+
+
      @repo_writable = {}
      repo_links.each do |link|
        if link.name.in? ['can_write', 'can_manage']
@@ -248,6 +271,10 @@ class UsersController < ApplicationController
        end
      end
  
+    owned_repositories.each do |repo|
+      @repo_writable[repo.uuid] = 'can_manage'
+    end
+
      # virtual machines the current user can login into
      @my_vm_logins = {}
      Link.where(tail_uuid: current_user.uuid,
@@ -264,9 +291,6 @@ class UsersController < ApplicationController
      # current user's ssh keys
      @my_ssh_keys = AuthorizedKey.where(key_type: 'SSH', owner_uuid: current_user.uuid)
  
-    # when localStorage indicating previous shell access request, the url used is "manage_acct"
-    @local_storage_request_shell_access = true if request.url.include?('/manage_acct')
-
      respond_to do |f|
        f.html { render template: 'users/manage_account' }
      end
@@ -308,10 +332,7 @@ class UsersController < ApplicationController
    def request_shell_access
      logger.warn "request_access: #{params.inspect}"
      params['request_url'] = request.url
-    respond_to do |format|
-      RequestShellAccessReporter.send_request(current_user, params).deliver
-      format.js {render nothing: true}
-    end
+    RequestShellAccessReporter.send_request(current_user, params).deliver
    end
  
    protected
@@ -324,14 +345,15 @@ class UsersController < ApplicationController
      end
  
      # oid login perm
-    oid_login_perms = Link.where(tail_uuid: user.email,
+    can_login_perms = Link.where(tail_uuid: user.email,
                                     head_kind: 'arvados#user',
                                     link_class: 'permission',
                                     name: 'can_login')
  
-    if oid_login_perms.any?
-      prefix_properties = oid_login_perms.first.properties
-      current_selections[:identity_url_prefix] = prefix_properties[:identity_url_prefix]
+    if can_login_perms.any?
+      perm_properties = can_login_perms.first.properties
+      current_selections[:identity_url_prefix] = perm_properties[:identity_url_prefix]
+      current_selections[:groups] = perm_properties[:groups].andand.join(', ')
      end
  
      # repo perm