X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/10dc1ca759592b7281265ac1378bda126c979208..14d8cfa18f28586ad296e3e598d0a2a536be0613:/services/api/app/controllers/arvados/v1/groups_controller.rb diff --git a/services/api/app/controllers/arvados/v1/groups_controller.rb b/services/api/app/controllers/arvados/v1/groups_controller.rb index a963d1fc4d..3473c7e4e0 100644 --- a/services/api/app/controllers/arvados/v1/groups_controller.rb +++ b/services/api/app/controllers/arvados/v1/groups_controller.rb @@ -7,14 +7,25 @@ require "trashable" class Arvados::V1::GroupsController < ApplicationController include TrashableController - skip_before_filter :find_object_by_uuid, only: :shared - skip_before_filter :render_404_if_no_object, only: :shared + skip_before_action :find_object_by_uuid, only: :shared + skip_before_action :render_404_if_no_object, only: :shared + + TRASHABLE_CLASSES = ['project'] def self._index_requires_parameters (super rescue {}). merge({ include_trash: { - type: 'boolean', required: false, description: "Include items whose is_trashed attribute is true." + type: 'boolean', required: false, default: false, description: "Include items whose is_trashed attribute is true.", + }, + }) + end + + def self._show_requires_parameters + (super rescue {}). + merge({ + include_trash: { + type: 'boolean', required: false, default: false, description: "Show group/project even if its is_trashed attribute is true.", }, }) end @@ -23,16 +34,82 @@ class Arvados::V1::GroupsController < ApplicationController params = _index_requires_parameters. merge({ uuid: { - type: 'string', required: false, default: nil + type: 'string', required: false, default: '', }, recursive: { - type: 'boolean', required: false, description: 'Include contents from child groups recursively.' + type: 'boolean', required: false, default: false, description: 'Include contents from child groups recursively.', + }, + include: { + type: 'string', required: false, description: 'Include objects referred to by listed field in "included" (only owner_uuid).', }, + include_old_versions: { + type: 'boolean', required: false, default: false, description: 'Include past collection versions.', + } }) params.delete(:select) params end + def self._create_requires_parameters + super.merge( + { + async: { + required: false, + type: 'boolean', + location: 'query', + default: false, + description: 'defer permissions update', + } + } + ) + end + + def self._update_requires_parameters + super.merge( + { + async: { + required: false, + type: 'boolean', + location: 'query', + default: false, + description: 'defer permissions update', + } + } + ) + end + + def create + if params[:async] + @object = model_class.new(resource_attrs.merge({async_permissions_update: true})) + @object.save! + render_accepted + else + super + end + end + + def update + if params[:async] + attrs_to_update = resource_attrs.reject { |k, v| + [:kind, :etag, :href].index k + }.merge({async_permissions_update: true}) + @object.update_attributes!(attrs_to_update) + @object.save! + render_accepted + else + super + end + end + + def destroy + if !TRASHABLE_CLASSES.include?(@object.group_class) + @object.destroy + show + else + super # Calls destroy from TrashableController module + end + end + def render_404_if_no_object if params[:action] == 'contents' if !params[:uuid] @@ -55,15 +132,21 @@ class Arvados::V1::GroupsController < ApplicationController def contents load_searchable_objects - send_json({ + list = { :kind => "arvados#objectList", :etag => "", :self_link => "", :offset => @offset, :limit => @limit, - :items_available => @items_available, :items => @objects.as_api_response(nil) - }) + } + if params[:count] != 'none' + list[:items_available] = @items_available + end + if @extra_included + list[:included] = @extra_included.as_api_response(nil, {select: @select}) + end + send_json(list) end def shared @@ -76,10 +159,6 @@ class Arvados::V1::GroupsController < ApplicationController # This also returns (in the "included" field) the objects that own # those projects (users or non-project groups). # - # select groups that are readable by current user AND - # the owner_uuid is a user (but not the current user) OR - # the owner_uuid is not readable by the current user - # the owner_uuid is a group but group_class is not a project # # The intended use of this endpoint is to support clients which # wish to browse those projects which are visible to the user but @@ -88,25 +167,15 @@ class Arvados::V1::GroupsController < ApplicationController load_limit_offset_order_params load_filters_param - read_parent_check = if current_user.is_admin - "" - else - "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+ - "user_uuid=(:user_uuid) AND target_uuid=groups.owner_uuid AND perm_level >= 1) OR " - end + @objects = exclude_home Group.readable_by(*@read_users), Group - @objects = Group.readable_by(*@read_users).where("groups.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+ - read_parent_check+ - "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=groups.owner_uuid and gp.group_class != 'project')", - user_uuid: current_user.uuid) apply_where_limit_order_params - owners = @objects.map(&:owner_uuid).to_a - if params["include"] == "owner_uuid" + owners = @objects.map(&:owner_uuid).to_set @extra_included = [] [Group, User].each do |klass| - @extra_included += klass.readable_by(*@read_users).where(uuid: owners).to_a + @extra_included += klass.readable_by(*@read_users).where(uuid: owners.to_a).to_a end end @@ -130,6 +199,13 @@ class Arvados::V1::GroupsController < ApplicationController # apply to each table being searched, not "groups". load_limit_offset_order_params(fill_table_names: false) + if params['count'] == 'none' and @offset != 0 and (params['last_object_class'].nil? or params['last_object_class'].empty?) + # can't use offset without getting counts, so + # fall back to count=exact behavior. + params['count'] = 'exact' + set_count_none = true + end + # Trick apply_where_limit_order_params into applying suitable # per-table values. *_all are the real ones we'll apply to the # aggregate set. @@ -150,8 +226,8 @@ class Arvados::V1::GroupsController < ApplicationController table_names = Hash[klasses.collect { |k| [k, k.table_name] }] - disabled_methods = Rails.configuration.disable_api_methods - avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')} + disabled_methods = Rails.configuration.API.DisabledAPIs + avail_klasses = table_names.select{|k, t| !disabled_methods[t+'.index']} klasses = avail_klasses.keys request_filters.each do |col, op, val| @@ -178,13 +254,17 @@ class Arvados::V1::GroupsController < ApplicationController else filter_by_owner[:owner_uuid] = @object.uuid end + + if params['exclude_home_project'] + raise ArgumentError.new "Cannot use 'exclude_home_project' with a parent object" + end end + included_by_uuid = {} + seen_last_class = false klasses.each do |klass| - @offset = 0 if seen_last_class # reset offset for the new next type being processed - - # if current klass is same as params['last_object_class'], mark that fact + # check if current klass is same as params['last_object_class'] seen_last_class = true if((params['count'].andand.==('none')) and (params['last_object_class'].nil? or params['last_object_class'].empty? or @@ -193,7 +273,9 @@ class Arvados::V1::GroupsController < ApplicationController # if klasses are specified, skip all other klass types next if wanted_klasses.any? and !wanted_klasses.include?(klass.to_s) - # don't reprocess klass types that were already seen + # if specified, and count=none, then only look at the klass in + # last_object_class. + # for whatever reason, this parameter exists separately from 'wanted_klasses' next if params['count'] == 'none' and !seen_last_class # don't process rest of object types if we already have needed number of objects @@ -209,9 +291,9 @@ class Arvados::V1::GroupsController < ApplicationController @select = nil where_conds = filter_by_owner if klass == Collection - @select = klass.selectable_attributes - ["manifest_text"] + @select = klass.selectable_attributes - ["manifest_text", "unsigned_manifest_text"] elsif klass == Group - where_conds = where_conds.merge(group_class: "project") + where_conds = where_conds.merge(group_class: ["project","filter"]) end @filters = request_filters.map do |col, op, val| @@ -224,16 +306,30 @@ class Arvados::V1::GroupsController < ApplicationController end end.compact - @objects = klass.readable_by(*@read_users, {:include_trash => params[:include_trash]}). - order(request_order).where(where_conds) + @objects = klass.readable_by(*@read_users, { + :include_trash => params[:include_trash], + :include_old_versions => params[:include_old_versions] + }).order(request_order).where(where_conds) + + if params['exclude_home_project'] + @objects = exclude_home @objects, klass + end + # Adjust the limit based on number of objects fetched so far klass_limit = limit_all - all_objects.count @limit = klass_limit apply_where_limit_order_params klass + + # This actually fetches the objects klass_object_list = object_list(model_class: klass) + + # If count=none, :items_available will be nil, and offset is + # required to be 0. klass_items_available = klass_object_list[:items_available] || 0 @items_available += klass_items_available @offset = [@offset - klass_items_available, 0].max + + # Add objects to the list of objects to be returned. all_objects += klass_object_list[:items] if klass_object_list[:limit] < klass_limit @@ -242,6 +338,23 @@ class Arvados::V1::GroupsController < ApplicationController # with limit=0 and just accumulate items_available. limit_all = all_objects.count end + + if params["include"] == "owner_uuid" + owners = klass_object_list[:items].map {|i| i[:owner_uuid]}.to_set + [Group, User].each do |ownerklass| + ownerklass.readable_by(*@read_users).where(uuid: owners.to_a).each do |ow| + included_by_uuid[ow.uuid] = ow + end + end + end + end + + if params["include"] + @extra_included = included_by_uuid.values + end + + if set_count_none + params['count'] = 'none' end @objects = all_objects @@ -249,4 +362,23 @@ class Arvados::V1::GroupsController < ApplicationController @offset = offset_all end + def exclude_home objectlist, klass + # select records that are readable by current user AND + # the owner_uuid is a user (but not the current user) OR + # the owner_uuid is not readable by the current user + # the owner_uuid is a group but group_class is not a project + + read_parent_check = if current_user.is_admin + "" + else + "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+ + "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR " + end + + objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+ + read_parent_check+ + "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')", + user_uuid: current_user.uuid) + end + end