projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
5989: API repo perms method always returns all repos.
[arvados.git] / services / api / app / controllers / arvados / v1 / repositories_controller.rb
diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 19504e10c8d83d6e5a06a20bfd8a57e17e556e28..fd6ab582071cc65f27ad0c943ad2b2d75ff03f6b 100644 (file)
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -4,20 +4,29 @@ class Arvados::V1::RepositoriesController < ApplicationController
   before_filter :admin_required, :only => :get_all_permissions
   def get_all_permissions
     @users = {}
-    User.includes(:authorized_keys).all.each do |u|
+    User.includes(:authorized_keys).find_each do |u|
       @users[u.uuid] = u
     end
+    admins = @users.select { |k,v| v.is_admin }
     @user_aks = {}
     @repo_info = {}
-    @repos = Repository.includes(:permissions).all
-    @repos.each do |repo|
+    Repository.includes(:permissions).find_each do |repo|
+      @repo_info[repo.uuid] = {
+        uuid: repo.uuid,
+        name: repo.name,
+        push_url: repo.push_url,
+        fetch_url: repo.fetch_url,
+        user_permissions: {},
+      }
       gitolite_permissions = ''
       perms = []
       repo.permissions.each do |perm|
-        if perm.tail_kind == 'arvados#group'
+        if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
           @users.each do |user_uuid, user|
             user.group_permissions.each do |group_uuid, perm_mask|
-              if perm_mask[:write]
+              if perm_mask[:manage]
+                perms << {name: 'can_manage', user_uuid: user_uuid}
+              elsif perm_mask[:write]
                 perms << {name: 'can_write', user_uuid: user_uuid}
               elsif perm_mask[:read]
                 perms << {name: 'can_read', user_uuid: user_uuid}
@@ -28,6 +37,10 @@ class Arvados::V1::RepositoriesController < ApplicationController
           perms << {name: perm.name, user_uuid: perm.tail_uuid}
         end
       end
+      # Owner of the repository, and all admins, can RW
+      ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+        perms << {name: 'can_write', user_uuid: user_uuid}
+      end
       perms.each do |perm|
         user_uuid = perm[:user_uuid]
         @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
@@ -38,13 +51,6 @@ class Arvados::V1::RepositoriesController < ApplicationController
           }
         end || []
         if @user_aks[user_uuid].any?
-          @repo_info[repo.uuid] ||= {
-            uuid: repo.uuid,
-            name: repo.name,
-            push_url: repo.push_url,
-            fetch_url: repo.fetch_url,
-            user_permissions: {}
-          }
           ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
           ri[perm[:name]] = true
         end
@@ -52,7 +58,11 @@ class Arvados::V1::RepositoriesController < ApplicationController
     end
     @repo_info.values.each do |repo_users|
       repo_users[:user_permissions].each do |user_uuid,perms|
-        if perms['can_write']
+        if perms['can_manage']
+          perms[:gitolite_permissions] = 'RW'
+          perms['can_write'] = true
+          perms['can_read'] = true
+        elsif perms['can_write']
           perms[:gitolite_permissions] = 'RW'
           perms['can_read'] = true
         elsif perms['can_read']
@@ -60,10 +70,8 @@ class Arvados::V1::RepositoriesController < ApplicationController
         end
       end
     end
-    render json: {
-      kind: 'arvados#RepositoryPermissionSnapshot',
-      repositories: @repo_info.values,
-      user_keys: @user_aks
-    }
+    send_json(kind: 'arvados#RepositoryPermissionSnapshot',
+              repositories: @repo_info.values,
+              user_keys: @user_aks)
   end
 end