X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/287a99b59415dfad11034057fd608b38d1355512..3ef580c47029ff0fbf959b044f29c183f41cb609:/services/api/app/controllers/application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 3a888184f8..831bcceee7 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
+require 'safe_json'
+
 module ApiTemplateOverride
   def allowed_to_render?(fieldset, field, model, options)
     return false if !super
@@ -14,19 +16,19 @@ class ActsAsApi::ApiTemplate
 end
 
 require 'load_param'
-require 'record_filters'
 
 class ApplicationController < ActionController::Base
-  include CurrentApiClient
   include ThemesForRails::ActionController
+  include CurrentApiClient
   include LoadParam
-  include RecordFilters
+  include DbCurrentTime
 
   respond_to :json
   protect_from_forgery
 
   ERROR_ACTIONS = [:render_error, :render_not_found]
 
+  before_filter :disable_api_methods
   before_filter :set_cors_headers
   before_filter :respond_with_json_by_default
   before_filter :remote_ip
@@ -45,9 +47,9 @@ class ApplicationController < ActionController::Base
   before_filter(:render_404_if_no_object,
                 except: [:index, :create] + ERROR_ACTIONS)
 
-  theme :select_theme
+  theme Rails.configuration.arvados_theme
 
-  attr_accessor :resource_attrs
+  attr_writer :resource_attrs
 
   begin
     rescue_from(Exception,
@@ -60,6 +62,18 @@ class ApplicationController < ActionController::Base
                 :with => :render_not_found)
   end
 
+  def initialize *args
+    super
+    @object = nil
+    @objects = nil
+    @offset = nil
+    @limit = nil
+    @select = nil
+    @distinct = nil
+    @response_resource_name = nil
+    @attrs = nil
+  end
+
   def default_url_options
     if Rails.configuration.host
       {:host => Rails.configuration.host}
@@ -69,7 +83,9 @@ class ApplicationController < ActionController::Base
   end
 
   def index
-    @objects.uniq!(&:id) if @select.nil? or @select.include? "id"
+    if @select.nil? || @select.include?("id")
+      @objects = @objects.uniq(&:id)
+    end
     if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != ''
       @objects.each(&:eager_load_associations)
     end
@@ -83,41 +99,12 @@ class ApplicationController < ActionController::Base
   def create
     @object = model_class.new resource_attrs
 
-    if @object.respond_to? :name and params[:ensure_unique_name]
-      # Record the original name.  See below.
-      name_stem = @object.name
-      counter = 1
+    if @object.respond_to?(:name) && params[:ensure_unique_name]
+      @object.save_with_unique_name!
+    else
+      @object.save!
     end
 
-    begin
-      @object.save!
-    rescue ActiveRecord::RecordNotUnique => rn
-      raise unless params[:ensure_unique_name]
-
-      # Dig into the error to determine if it is specifically calling out a
-      # (owner_uuid, name) uniqueness violation.  In this specific case, and
-      # the client requested a unique name with ensure_unique_name==true,
-      # update the name field and try to save again.  Loop as necessary to
-      # discover a unique name.  It is necessary to handle name choosing at
-      # this level (as opposed to the client) to ensure that record creation
-      # never fails due to a race condition.
-      raise unless rn.original_exception.is_a? PG::UniqueViolation
-
-      # Unfortunately ActiveRecord doesn't abstract out any of the
-      # necessary information to figure out if this the error is actually
-      # the specific case where we want to apply the ensure_unique_name
-      # behavior, so the following code is specialized to Postgres.
-      err = rn.original_exception
-      detail = err.result.error_field(PG::Result::PG_DIAG_MESSAGE_DETAIL)
-      raise unless /^Key \(owner_uuid, name\)=\([a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{15}, .*?\) already exists\./.match detail
-
-      # OK, this exception really is just a unique name constraint
-      # violation, and we've been asked to ensure_unique_name.
-      counter += 1
-      @object.uuid = nil
-      @object.name = "#{name_stem} (#{counter})"
-      redo
-    end while false
     show
   end
 
@@ -186,7 +173,7 @@ class ApplicationController < ActionController::Base
     # The obvious render(json: ...) forces a slow JSON encoder. See
     # #3021 and commit logs. Might be fixed in Rails 4.1.
     render({
-             text: Oj.dump(response, mode: :compat).html_safe,
+             text: SafeJSON.dump(response).html_safe,
              content_type: 'application/json'
            }.merge opts)
   end
@@ -207,11 +194,7 @@ class ApplicationController < ActionController::Base
 
   def apply_filters model_class=nil
     model_class ||= self.model_class
-    ft = record_filters @filters, model_class
-    if ft[:cond_out].any?
-      @objects = @objects.where('(' + ft[:cond_out].join(') AND (') + ')',
-                                *ft[:param_out])
-    end
+    @objects = model_class.apply_filters(@objects, @filters)
   end
 
   def apply_where_limit_order_params model_class=nil
@@ -391,6 +374,13 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def disable_api_methods
+    if Rails.configuration.disable_api_methods.
+        include?(controller_name + "." + action_name)
+      send_error("Disabled", status: 404)
+    end
+  end
+
   def set_cors_headers
     response.headers['Access-Control-Allow-Origin'] = '*'
     response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
@@ -418,7 +408,7 @@ class ApplicationController < ActionController::Base
   end
 
   def find_object_by_uuid
-    if params[:id] and params[:id].match /\D/
+    if params[:id] and params[:id].match(/\D/)
       params[:uuid] = params.delete :id
     end
     @where = { uuid: params[:uuid] }
@@ -441,7 +431,7 @@ class ApplicationController < ActionController::Base
 
   def load_json_value(hash, key, must_be_class=nil)
     if hash[key].is_a? String
-      hash[key] = Oj.strict_load(hash[key], symbol_keys: false)
+      hash[key] = SafeJSON.load(hash[key])
       if must_be_class and !hash[key].is_a? must_be_class
         raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
       end
@@ -480,10 +470,16 @@ class ApplicationController < ActionController::Base
       :limit => @limit,
       :items => @objects.as_api_response(nil, {select: @select})
     }
-    if @objects.respond_to? :except
-      list[:items_available] = @objects.
-        except(:limit).except(:offset).
-        count(:id, distinct: true)
+    case params[:count]
+    when nil, '', 'exact'
+      if @objects.respond_to? :except
+        list[:items_available] = @objects.
+          except(:limit).except(:offset).
+          count(:id, distinct: true)
+      end
+    when 'none'
+    else
+      raise ArgumentError.new("count parameter must be 'exact' or 'none'")
     end
     list
   end
@@ -494,7 +490,7 @@ class ApplicationController < ActionController::Base
 
   def remote_ip
     # Caveat: this is highly dependent on the proxy setup. YMMV.
-    if request.headers.has_key?('HTTP_X_REAL_IP') then
+    if request.headers.key?('HTTP_X_REAL_IP') then
       # We're behind a reverse proxy
       @remote_ip = request.headers['HTTP_X_REAL_IP']
     else
@@ -546,6 +542,7 @@ class ApplicationController < ActionController::Base
       distinct: { type: 'boolean', required: false },
       limit: { type: 'integer', required: false, default: DEFAULT_LIMIT },
       offset: { type: 'integer', required: false, default: 0 },
+      count: { type: 'string', required: false, default: 'exact' },
     }
   end
 
@@ -565,10 +562,6 @@ class ApplicationController < ActionController::Base
         }
       end
     end
-    super *opts
-  end
-
-  def select_theme
-    return Rails.configuration.arvados_theme
+    super(*opts)
   end
 end