X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0df7a1c38affbc50a9c7d8834f9822e398860d91..8b278cdd80f8969a954a2c789281f8f63195e894:/services/api/app/models/log.rb

diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index e6969be87c..eedf06a976 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -1,12 +1,16 @@
+require 'audit_logs'
+
 class Log < ArvadosModel
-  include AssignUuid
+  include HasUuid
   include KindAndEtag
   include CommonApiTemplate
   serialize :properties, Hash
   before_validation :set_default_event_at
-  attr_accessor :object, :object_kind
+  after_save :send_notify
+  after_commit { AuditLogs.tidy_in_background }
 
   api_accessible :user, extend: :common do |t|
+    t.add :id
     t.add :object_uuid
     t.add :object_owner_uuid
     t.add :object_kind
@@ -24,7 +28,11 @@ class Log < ArvadosModel
 
   def fill_object(thing)
     self.object_uuid ||= thing.uuid
-    self.object_owner_uuid = thing.owner_uuid
+    if respond_to? :object_owner_uuid=
+      # Skip this if the object_owner_uuid migration hasn't happened
+      # yet, i.e., we're in the process of migrating an old database.
+      self.object_owner_uuid = thing.owner_uuid
+    end
     self.summary ||= "#{self.event_type} of #{thing.uuid}"
     self
   end
@@ -41,12 +49,30 @@ class Log < ArvadosModel
       self.event_at = thing.created_at
     when "update"
       self.event_at = thing.modified_at
-    when "destroy"
-      self.event_at = Time.now
+    when "delete"
+      self.event_at = db_current_time
     end
     self
   end
 
+  def self.readable_by(*users_list)
+    if users_list.select { |u| u.is_admin }.any?
+      return self
+    end
+    user_uuids = users_list.map { |u| u.uuid }
+    uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+    uuid_list.uniq!
+    permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
+    joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
+      where("logs.object_uuid IN #{permitted} OR "+
+            "container_requests.uuid IN (:uuids) OR "+
+            "container_requests.owner_uuid IN (:uuids) OR "+
+            "logs.object_uuid IN (:uuids) OR "+
+            "logs.owner_uuid IN (:uuids) OR "+
+            "logs.object_owner_uuid IN (:uuids)",
+            uuids: uuid_list)
+  end
+
   protected
 
   def permission_to_create
@@ -60,7 +86,7 @@ class Log < ArvadosModel
   alias_method :permission_to_delete, :permission_to_update
 
   def set_default_event_at
-    self.event_at ||= Time.now
+    self.event_at ||= db_current_time
   end
 
   def log_start_state
@@ -75,4 +101,7 @@ class Log < ArvadosModel
     # logs can have references to deleted objects
   end
 
+  def send_notify
+    connection.execute "NOTIFY logs, '#{self.id}'"
+  end
 end