X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0c356edf482e4ef2bb32dddde8eabe562adcfd8a..4b4bb33aca0e12ae06bce395f02031890d6ef8bc:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index a3d8f082ad..ba7c07d272 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -3,6 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0 require 'safe_json' +require 'request_error' module ApiTemplateOverride def allowed_to_render?(fieldset, field, model, options) @@ -32,6 +33,7 @@ class ApplicationController < ActionController::Base ERROR_ACTIONS = [:render_error, :render_not_found] + around_filter :set_current_request_id before_filter :disable_api_methods before_filter :set_cors_headers before_filter :respond_with_json_by_default @@ -136,7 +138,7 @@ class ApplicationController < ActionController::Base def render_error(e) logger.error e.inspect - if e.respond_to? :backtrace and e.backtrace + if !e.is_a? RequestError and (e.respond_to? :backtrace and e.backtrace) logger.error e.backtrace.collect { |x| x + "\n" }.join('') end if (@object.respond_to? :errors and @@ -180,7 +182,7 @@ class ApplicationController < ActionController::Base end def find_objects_for_index - @objects ||= model_class.readable_by(*@read_users) + @objects ||= model_class.readable_by(*@read_users, {:include_trash => (params[:include_trash] || 'untrash' == action_name)}) apply_where_limit_order_params end @@ -344,7 +346,7 @@ class ApplicationController < ActionController::Base .all end @read_auths.select! { |auth| auth.scopes_allow_request? request } - @read_users = @read_auths.map { |auth| auth.user }.uniq + @read_users = @read_auths.map(&:user).uniq end def require_login @@ -364,7 +366,7 @@ class ApplicationController < ActionController::Base end def require_auth_scope - if @read_auths.empty? + unless current_user && @read_auths.any? { |auth| auth.user.andand.uuid == current_user.uuid } if require_login != false send_error("Forbidden", status: 403) end @@ -372,6 +374,25 @@ class ApplicationController < ActionController::Base end end + def set_current_request_id + req_id = request.headers['X-Request-Id'] + if !req_id || req_id.length < 1 || req_id.length > 1024 + # Client-supplied ID is either missing or too long to be + # considered friendly. + req_id = "req-" + Random::DEFAULT.rand(2**128).to_s(36)[0..19] + end + response.headers['X-Request-Id'] = Thread.current[:request_id] = req_id + yield + Thread.current[:request_id] = nil + end + + def append_info_to_payload(payload) + super + payload[:request_id] = response.headers['X-Request-Id'] + payload[:client_ipaddr] = @remote_ip + payload[:client_auth] = current_api_client_authorization.andand.uuid || nil + end + def disable_api_methods if Rails.configuration.disable_api_methods. include?(controller_name + "." + action_name) @@ -382,7 +403,7 @@ class ApplicationController < ActionController::Base def set_cors_headers response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE' - response.headers['Access-Control-Allow-Headers'] = 'Authorization' + response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type' response.headers['Access-Control-Max-Age'] = '86486400' end @@ -534,6 +555,10 @@ class ApplicationController < ActionController::Base } end + def self._update_requires_parameters + {} + end + def self._index_requires_parameters { filters: { type: 'array', required: false },