X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/11c6f1d759040f2af8a68d80ae78dd57a9b2d976..e06ea339d3d0c0f6fad81128b3cab34cdd4bd36f:/services/api/app/controllers/arvados/v1/repositories_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 8b45c56bcb..fd6ab58207 100644
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -4,20 +4,29 @@ class Arvados::V1::RepositoriesController < ApplicationController
   before_filter :admin_required, :only => :get_all_permissions
   def get_all_permissions
     @users = {}
-    User.includes(:authorized_keys).all.each do |u|
+    User.includes(:authorized_keys).find_each do |u|
       @users[u.uuid] = u
     end
+    admins = @users.select { |k,v| v.is_admin }
     @user_aks = {}
     @repo_info = {}
-    @repos = Repository.includes(:permissions).all
-    @repos.each do |repo|
+    Repository.includes(:permissions).find_each do |repo|
+      @repo_info[repo.uuid] = {
+        uuid: repo.uuid,
+        name: repo.name,
+        push_url: repo.push_url,
+        fetch_url: repo.fetch_url,
+        user_permissions: {},
+      }
       gitolite_permissions = ''
       perms = []
       repo.permissions.each do |perm|
         if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
           @users.each do |user_uuid, user|
             user.group_permissions.each do |group_uuid, perm_mask|
-              if perm_mask[:write]
+              if perm_mask[:manage]
+                perms << {name: 'can_manage', user_uuid: user_uuid}
+              elsif perm_mask[:write]
                 perms << {name: 'can_write', user_uuid: user_uuid}
               elsif perm_mask[:read]
                 perms << {name: 'can_read', user_uuid: user_uuid}
@@ -29,10 +38,8 @@ class Arvados::V1::RepositoriesController < ApplicationController
         end
       end
       # Owner of the repository, and all admins, can RW
-      ([repo.owner_uuid] + @users.keys).each do |user_uuid|
-        %w(can_read can_write).each do |name|
-          perms << {name: name, user_uuid: user_uuid}
-        end
+      ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+        perms << {name: 'can_write', user_uuid: user_uuid}
       end
       perms.each do |perm|
         user_uuid = perm[:user_uuid]
@@ -44,13 +51,6 @@ class Arvados::V1::RepositoriesController < ApplicationController
           }
         end || []
         if @user_aks[user_uuid].any?
-          @repo_info[repo.uuid] ||= {
-            uuid: repo.uuid,
-            name: repo.name,
-            push_url: repo.push_url,
-            fetch_url: repo.fetch_url,
-            user_permissions: {}
-          }
           ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {})
           ri[perm[:name]] = true
         end
@@ -58,7 +58,11 @@ class Arvados::V1::RepositoriesController < ApplicationController
     end
     @repo_info.values.each do |repo_users|
       repo_users[:user_permissions].each do |user_uuid,perms|
-        if perms['can_write']
+        if perms['can_manage']
+          perms[:gitolite_permissions] = 'RW'
+          perms['can_write'] = true
+          perms['can_read'] = true
+        elsif perms['can_write']
           perms[:gitolite_permissions] = 'RW'
           perms['can_read'] = true
         elsif perms['can_read']
@@ -66,10 +70,8 @@ class Arvados::V1::RepositoriesController < ApplicationController
         end
       end
     end
-    render json: {
-      kind: 'arvados#RepositoryPermissionSnapshot',
-      repositories: @repo_info.values,
-      user_keys: @user_aks
-    }
+    send_json(kind: 'arvados#RepositoryPermissionSnapshot',
+              repositories: @repo_info.values,
+              user_keys: @user_aks)
   end
 end