X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/15f312dfec5cf19c2c71508b2ed7a9d65758eeb0..14a6eb786a0d01e86ccae7645e880661caf6f0cb:/services/api/app/controllers/arvados/v1/groups_controller.rb?ds=sidebyside diff --git a/services/api/app/controllers/arvados/v1/groups_controller.rb b/services/api/app/controllers/arvados/v1/groups_controller.rb index 83314fb38b..46d3a75a3a 100644 --- a/services/api/app/controllers/arvados/v1/groups_controller.rb +++ b/services/api/app/controllers/arvados/v1/groups_controller.rb @@ -7,8 +7,8 @@ require "trashable" class Arvados::V1::GroupsController < ApplicationController include TrashableController - skip_before_filter :find_object_by_uuid, only: :shared - skip_before_filter :render_404_if_no_object, only: :shared + skip_before_action :find_object_by_uuid, only: :shared + skip_before_action :render_404_if_no_object, only: :shared def self._index_requires_parameters (super rescue {}). @@ -19,6 +19,15 @@ class Arvados::V1::GroupsController < ApplicationController }) end + def self._show_requires_parameters + (super rescue {}). + merge({ + include_trash: { + type: 'boolean', required: false, description: "Show group/project even if its is_trashed attribute is true." + }, + }) + end + def self._contents_requires_parameters params = _index_requires_parameters. merge({ @@ -28,11 +37,65 @@ class Arvados::V1::GroupsController < ApplicationController recursive: { type: 'boolean', required: false, description: 'Include contents from child groups recursively.' }, + include: { + type: 'string', required: false, description: 'Include objects referred to by listed field in "included" (only owner_uuid)' + } }) params.delete(:select) params end + def self._create_requires_parameters + super.merge( + { + async: { + required: false, + type: 'boolean', + location: 'query', + default: false, + description: 'defer permissions update' + } + } + ) + end + + def self._update_requires_parameters + super.merge( + { + async: { + required: false, + type: 'boolean', + location: 'query', + default: false, + description: 'defer permissions update' + } + } + ) + end + + def create + if params[:async] + @object = model_class.new(resource_attrs.merge({async_permissions_update: true})) + @object.save! + render_accepted + else + super + end + end + + def update + if params[:async] + attrs_to_update = resource_attrs.reject { |k, v| + [:kind, :etag, :href].index k + }.merge({async_permissions_update: true}) + @object.update_attributes!(attrs_to_update) + @object.save! + render_accepted + else + super + end + end + def render_404_if_no_object if params[:action] == 'contents' if !params[:uuid] @@ -70,25 +133,6 @@ class Arvados::V1::GroupsController < ApplicationController send_json(list) end - def exclude_home objectlist, klass - # select records that are readable by current user AND - # the owner_uuid is a user (but not the current user) OR - # the owner_uuid is not readable by the current user - # the owner_uuid is a group but group_class is not a project - - read_parent_check = if current_user.is_admin - "" - else - "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+ - "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR " - end - - objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+ - read_parent_check+ - "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')", - user_uuid: current_user.uuid) - end - def shared # The purpose of this endpoint is to return the toplevel set of # groups which are *not* reachable through a direct ownership @@ -112,10 +156,10 @@ class Arvados::V1::GroupsController < ApplicationController apply_where_limit_order_params if params["include"] == "owner_uuid" - owners = @objects.map(&:owner_uuid).to_a + owners = @objects.map(&:owner_uuid).to_set @extra_included = [] [Group, User].each do |klass| - @extra_included += klass.readable_by(*@read_users).where(uuid: owners).to_a + @extra_included += klass.readable_by(*@read_users).where(uuid: owners.to_a).to_a end end @@ -159,8 +203,8 @@ class Arvados::V1::GroupsController < ApplicationController table_names = Hash[klasses.collect { |k| [k, k.table_name] }] - disabled_methods = Rails.configuration.disable_api_methods - avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')} + disabled_methods = Rails.configuration.API.DisabledAPIs + avail_klasses = table_names.select{|k, t| !disabled_methods[t+'.index']} klasses = avail_klasses.keys request_filters.each do |col, op, val| @@ -263,9 +307,9 @@ class Arvados::V1::GroupsController < ApplicationController end if params["include"] == "owner_uuid" - owners = klass_object_list[:items].map {|i| i[:owner_uuid]} + owners = klass_object_list[:items].map {|i| i[:owner_uuid]}.to_set [Group, User].each do |ownerklass| - ownerklass.readable_by(*@read_users).where(uuid: owners).each do |ow| + ownerklass.readable_by(*@read_users).where(uuid: owners.to_a).each do |ow| included_by_uuid[ow.uuid] = ow end end @@ -281,4 +325,25 @@ class Arvados::V1::GroupsController < ApplicationController @offset = offset_all end + protected + + def exclude_home objectlist, klass + # select records that are readable by current user AND + # the owner_uuid is a user (but not the current user) OR + # the owner_uuid is not readable by the current user + # the owner_uuid is a group but group_class is not a project + + read_parent_check = if current_user.is_admin + "" + else + "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+ + "user_uuid=(:user_uuid) AND target_uuid=#{klass.table_name}.owner_uuid AND perm_level >= 1) OR " + end + + objectlist.where("#{klass.table_name}.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+ + read_parent_check+ + "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=#{klass.table_name}.owner_uuid and gp.group_class != 'project')", + user_uuid: current_user.uuid) + end + end