Thread.current[:api_client_authorization]
end
+ def current_api_base
+ Thread.current[:api_url_base]
+ end
+
def current_default_owner
# owner_uuid for newly created objects
((current_api_client_authorization &&
Thread.current[:api_client_ip_address]
end
+ # Is the current API client authorization scoped for the request?
+ def current_api_client_auth_has_scope(req_s)
+ (current_api_client_authorization.andand.scopes || []).select { |scope|
+ if scope == 'all'
+ true
+ elsif scope.end_with? '/'
+ req_s.start_with? scope
+ else
+ req_s == scope
+ end
+ }.any?
+ end
+
def system_user_uuid
[Server::Application.config.uuid_prefix,
User.uuid_prefix,
'000000000000000'].join('-')
end
+ def system_group_uuid
+ [Server::Application.config.uuid_prefix,
+ Group.uuid_prefix,
+ '000000000000000'].join('-')
+ end
+
def system_user
if not $system_user
real_current_user = Thread.current[:user]
$system_user
end
+ def system_group
+ if not $system_group
+ act_as_system_user do
+ ActiveRecord::Base.transaction do
+ $system_group = Group.
+ where(uuid: system_group_uuid).first_or_create do |g|
+ g.update_attributes(name: "System group",
+ description: "System group")
+ User.all.collect(&:uuid).each do |user_uuid|
+ Link.create(link_class: 'permission',
+ name: 'can_manage',
+ tail_kind: 'arvados#group',
+ tail_uuid: system_group_uuid,
+ head_kind: 'arvados#user',
+ head_uuid: user_uuid)
+ end
+ end
+ end
+ end
+ end
+ $system_group
+ end
+
def act_as_system_user
- Thread.current[:user] = system_user
+ if block_given?
+ user_was = Thread.current[:user]
+ Thread.current[:user] = system_user
+ begin
+ yield
+ ensure
+ Thread.current[:user] = user_was
+ end
+ else
+ Thread.current[:user] = system_user
+ end
end
end