require "arvados/keep"
+require "uri"
+require "cgi"
class CollectionsController < ApplicationController
include ActionController::Live
# we ask the API server if the file actually exists. This serves two
# purposes: it lets us return a useful status code for common errors, and
# helps us figure out which token to provide to arv-get.
+ # The order of searched tokens is important: because the anonymous user
+ # token is passed along with every API request, we have to check it first.
+ # Otherwise, it's impossible to know whether any other request succeeded
+ # because of the reader token.
coll = nil
- tokens = [Thread.current[:arvados_api_token], params[:reader_token]].compact
+ tokens = [(Rails.configuration.anonymous_user_token || nil),
+ params[:reader_token],
+ Thread.current[:arvados_api_token]].compact
usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
+ if usable_token.nil?
+ # Response already rendered.
+ return
+ end
+
+ if Rails.configuration.keep_web_url
+ opts = {}
+ if usable_token == params[:reader_token]
+ opts[:path_token] = usable_token
+ elsif usable_token == Rails.configuration.anonymous_user_token
+ # Don't pass a token at all
+ else
+ # We pass the current user's real token only if it's necessary
+ # to read the collection.
+ opts[:query_token] = usable_token
+ end
+ return redirect_to keep_web_url(params[:uuid], params[:file], opts)
+ end
file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
- if usable_token.nil?
- return # Response already rendered.
- elsif file_name.nil? or not coll.manifest.has_file?(file_name)
+ if file_name.nil? or not coll.manifest.has_file?(file_name)
return render_not_found
end
if current_user
if Keep::Locator.parse params["uuid"]
- @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]])
+ @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(20)
if @same_pdh.results.size == 1
redirect_to collection_path(@same_pdh[0]["uuid"])
return
owners = @same_pdh.map(&:owner_uuid).to_a.uniq
preload_objects_for_dataclass Group, owners
preload_objects_for_dataclass User, owners
+ uuids = @same_pdh.map(&:uuid).to_a.uniq
+ preload_links_for_objects uuids
render 'hash_matches'
return
else
.where(head_uuid: @object.uuid, link_class: 'permission',
name: 'can_read').results
@logs = Log.limit(RELATION_LIMIT).order("created_at DESC")
+ .select(%w(uuid event_type object_uuid event_at summary))
.where(object_uuid: @object.uuid).results
@is_persistent = Link.limit(1)
.where(head_uuid: @object.uuid, tail_uuid: current_user.uuid,
return nil
end
- def file_enumerator(opts)
+ def keep_web_url(uuid_or_pdh, file, opts)
+ fmt = {uuid_or_pdh: uuid_or_pdh.sub('+', '-')}
+ uri = URI.parse(Rails.configuration.keep_web_url % fmt)
+ uri.path += '/' unless uri.path.end_with? '/'
+ if opts[:path_token]
+ uri.path += 't=' + opts[:path_token] + '/'
+ end
+ uri.path += '_/'
+ uri.path += CGI::escape(file)
+ if opts[:query_token]
+ uri.query = 'api_token=' + CGI::escape(opts[:query_token])
+ end
+ uri.to_s
+ end
+
+ # Note: several controller and integration tests rely on stubbing
+ # file_enumerator to return fake file content.
+ def file_enumerator opts
FileStreamer.new opts
end