X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0dca88749fcd5615bf687c916fca9157bf258998..9bd3b2729a61f62ddbab10ac65fd9f7de837a10d:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index 8464a4ab5e..3c5bf94d2c 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -1,9 +1,11 @@ module ApiTemplateOverride def allowed_to_render?(fieldset, field, model, options) + return false if !super if options[:select] - return options[:select].include? field.to_s + options[:select].include? field.to_s + else + true end - super end end @@ -12,19 +14,18 @@ class ActsAsApi::ApiTemplate end require 'load_param' -require 'record_filters' class ApplicationController < ActionController::Base include CurrentApiClient include ThemesForRails::ActionController include LoadParam - include RecordFilters respond_to :json protect_from_forgery ERROR_ACTIONS = [:render_error, :render_not_found] + before_filter :set_cors_headers before_filter :respond_with_json_by_default before_filter :remote_ip before_filter :load_read_auths @@ -33,6 +34,7 @@ class ApplicationController < ActionController::Base before_filter :catch_redirect_hint before_filter(:find_object_by_uuid, except: [:index, :create] + ERROR_ACTIONS) + before_filter :load_required_parameters before_filter :load_limit_offset_order_params, only: [:index, :contents] before_filter :load_where_param, only: [:index, :contents] before_filter :load_filters_param, only: [:index, :contents] @@ -56,6 +58,14 @@ class ApplicationController < ActionController::Base :with => :render_not_found) end + def default_url_options + if Rails.configuration.host + {:host => Rails.configuration.host} + else + {} + end + end + def index @objects.uniq!(&:id) if @select.nil? or @select.include? "id" if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != '' @@ -65,12 +75,47 @@ class ApplicationController < ActionController::Base end def show - render json: @object.as_api_response + send_json @object.as_api_response(nil, select: @select) end def create @object = model_class.new resource_attrs - @object.save! + + if @object.respond_to? :name and params[:ensure_unique_name] + # Record the original name. See below. + name_stem = @object.name + counter = 1 + end + + begin + @object.save! + rescue ActiveRecord::RecordNotUnique => rn + raise unless params[:ensure_unique_name] + + # Dig into the error to determine if it is specifically calling out a + # (owner_uuid, name) uniqueness violation. In this specific case, and + # the client requested a unique name with ensure_unique_name==true, + # update the name field and try to save again. Loop as necessary to + # discover a unique name. It is necessary to handle name choosing at + # this level (as opposed to the client) to ensure that record creation + # never fails due to a race condition. + raise unless rn.original_exception.is_a? PG::UniqueViolation + + # Unfortunately ActiveRecord doesn't abstract out any of the + # necessary information to figure out if this the error is actually + # the specific case where we want to apply the ensure_unique_name + # behavior, so the following code is specialized to Postgres. + err = rn.original_exception + detail = err.result.error_field(PG::Result::PG_DIAG_MESSAGE_DETAIL) + raise unless /^Key \(owner_uuid, name\)=\([a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{15}, .*?\) already exists\./.match detail + + # OK, this exception really is just a unique name constraint + # violation, and we've been asked to ensure_unique_name. + counter += 1 + @object.uuid = nil + @object.name = "#{name_stem} (#{counter})" + redo + end while false show end @@ -104,8 +149,10 @@ class ApplicationController < ActionController::Base if e.respond_to? :backtrace and e.backtrace logger.error e.backtrace.collect { |x| x + "\n" }.join('') end - if @object and @object.errors and @object.errors.full_messages and not @object.errors.full_messages.empty? + if (@object.respond_to? :errors and + @object.errors.andand.full_messages.andand.any?) errors = @object.errors.full_messages + logger.error errors.inspect else errors = [e.inspect] end @@ -130,23 +177,40 @@ class ApplicationController < ActionController::Base err[:error_token] = [Time.now.utc.to_i, "%08x" % rand(16 ** 8)].join("+") status = err.delete(:status) || 422 logger.error "Error #{err[:error_token]}: #{status}" - render json: err, status: status + send_json err, status: status + end + + def send_json response, opts={} + # The obvious render(json: ...) forces a slow JSON encoder. See + # #3021 and commit logs. Might be fixed in Rails 4.1. + render({ + text: Oj.dump(response, mode: :compat).html_safe, + content_type: 'application/json' + }.merge opts) + end + + def self.limit_index_columns_read + # This method returns a list of column names. + # If an index request reads that column from the database, + # find_objects_for_index will only fetch objects until it reads + # max_index_database_read bytes of data from those columns. + [] end def find_objects_for_index @objects ||= model_class.readable_by(*@read_users) apply_where_limit_order_params + limit_database_read if (action_name == "index") end - def apply_filters - ft = record_filters @filters, @objects.table_name - if ft[:cond_out].any? - @objects = @objects.where(ft[:cond_out].join(' AND '), *ft[:param_out]) - end + def apply_filters model_class=nil + model_class ||= self.model_class + @objects = model_class.apply_filters(@objects, @filters) end - def apply_where_limit_order_params - apply_filters + def apply_where_limit_order_params model_class=nil + model_class ||= self.model_class + apply_filters model_class ar_table_name = @objects.table_name if @where.is_a? Hash and @where.any? @@ -202,18 +266,62 @@ class ApplicationController < ActionController::Base end end - @objects = @objects.select(@select.map { |s| "#{table_name}.#{ActiveRecord::Base.connection.quote_column_name s.to_s}" }.join ", ") if @select + if @select + unless action_name.in? %w(create update destroy) + # Map attribute names in @select to real column names, resolve + # those to fully-qualified SQL column names, and pass the + # resulting string to the select method. + columns_list = model_class.columns_for_attributes(@select). + map { |s| "#{ar_table_name}.#{ActiveRecord::Base.connection.quote_column_name s}" } + @objects = @objects.select(columns_list.join(", ")) + end + + # This information helps clients understand what they're seeing + # (Workbench always expects it), but they can't select it explicitly + # because it's not an SQL column. Always add it. + # (This is harmless, given that clients can deduce what they're + # looking at by the returned UUID anyway.) + @select |= ["kind"] + end @objects = @objects.order(@orders.join ", ") if @orders.any? @objects = @objects.limit(@limit) @objects = @objects.offset(@offset) @objects = @objects.uniq(@distinct) if not @distinct.nil? end + def limit_database_read + limit_columns = self.class.limit_index_columns_read + limit_columns &= model_class.columns_for_attributes(@select) if @select + return if limit_columns.empty? + model_class.transaction do + limit_query = @objects. + except(:select). + select("(%s) as read_length" % + limit_columns.map { |s| "octet_length(#{s})" }.join(" + ")) + new_limit = 0 + read_total = 0 + limit_query.each do |record| + new_limit += 1 + read_total += record.read_length.to_i + if read_total >= Rails.configuration.max_index_database_read + new_limit -= 1 if new_limit > 1 + break + elsif new_limit >= @limit + break + end + end + @limit = new_limit + @objects = @objects.limit(@limit) + # Force @objects to run its query inside this transaction. + @objects.each { |_| break } + end + end + def resource_attrs return @attrs if @attrs @attrs = params[resource_name] if @attrs.is_a? String - @attrs = Oj.load @attrs, symbol_keys: true + @attrs = Oj.strict_load @attrs, symbol_keys: true end unless @attrs.is_a? Hash message = "No #{resource_name}" @@ -277,6 +385,13 @@ class ApplicationController < ActionController::Base end end + def set_cors_headers + response.headers['Access-Control-Allow-Origin'] = '*' + response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE' + response.headers['Access-Control-Allow-Headers'] = 'Authorization' + response.headers['Access-Control-Max-Age'] = '86486400' + end + def respond_with_json_by_default html_index = request.accepts.index(Mime::HTML) if html_index.nil? or request.accepts[0...html_index].include?(Mime::JSON) @@ -320,7 +435,7 @@ class ApplicationController < ActionController::Base def load_json_value(hash, key, must_be_class=nil) if hash[key].is_a? String - hash[key] = Oj.load(hash[key], symbol_keys: false) + hash[key] = Oj.strict_load(hash[key], symbol_keys: false) if must_be_class and !hash[key].is_a? must_be_class raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") end @@ -350,16 +465,8 @@ class ApplicationController < ActionController::Base end accept_param_as_json :reader_tokens, Array - def render_list - if @select - # This information helps clients understand what they're seeing - # (Workbench always expects it), but they can't select it explicitly - # because it's not an SQL column. Always add it. - # I believe this is safe because clients can always deduce what they're - # looking at by the returned UUID anyway. - @select |= ["kind"] - end - @object_list = { + def object_list + list = { :kind => "arvados##{(@response_resource_name || resource_name).camelize(:lower)}List", :etag => "", :self_link => "", @@ -368,11 +475,15 @@ class ApplicationController < ActionController::Base :items => @objects.as_api_response(nil, {select: @select}) } if @objects.respond_to? :except - @object_list[:items_available] = @objects. + list[:items_available] = @objects. except(:limit).except(:offset). count(:id, distinct: true) end - render json: @object_list + list + end + + def render_list + send_json object_list end def remote_ip @@ -386,6 +497,40 @@ class ApplicationController < ActionController::Base end end + def load_required_parameters + (self.class.send "_#{params[:action]}_requires_parameters" rescue {}). + each do |key, info| + if info[:required] and not params.include?(key) + raise ArgumentError.new("#{key} parameter is required") + elsif info[:type] == 'boolean' + # Make sure params[key] is either true or false -- not a + # string, not nil, etc. + if not params.include?(key) + params[key] = info[:default] + elsif [false, 'false', '0', 0].include? params[key] + params[key] = false + elsif [true, 'true', '1', 1].include? params[key] + params[key] = true + else + raise TypeError.new("#{key} parameter must be a boolean, true or false") + end + end + end + true + end + + def self._create_requires_parameters + { + ensure_unique_name: { + type: "boolean", + description: "Adjust name to ensure uniqueness instead of returning an error on (owner_uuid, name) collision.", + location: "query", + required: false, + default: false + } + } + end + def self._index_requires_parameters { filters: { type: 'array', required: false },