X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/28cf4975bf3a72ff11ab4044a54b434857b1b95e..3d83ff9296c47016abf2823a740ef7825eb9ccfc:/services/api/app/models/user.rb

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index b654b5a023..c8c9bfb6ac 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'can_be_an_owner'
 
 class User < ArvadosModel
@@ -6,6 +10,11 @@ class User < ArvadosModel
   include CommonApiTemplate
   include CanBeAnOwner
 
+  # To avoid upgrade bugs, when changing the permission cache value
+  # format, change PERM_CACHE_PREFIX too:
+  PERM_CACHE_PREFIX = "perm_v20170725_"
+  PERM_CACHE_TTL = 172800
+
   serialize :prefs, Hash
   has_many :api_client_authorizations
   validates(:username,
@@ -20,6 +29,7 @@ class User < ArvadosModel
   before_update :verify_repositories_empty, :if => Proc.new { |user|
     user.username.nil? and user.username_changed?
   }
+  before_update :setup_on_activate
   before_create :check_auto_admin
   before_create :set_initial_username, :if => Proc.new { |user|
     user.username.nil? and user.email
@@ -136,19 +146,37 @@ class User < ArvadosModel
       timestamp = DbCurrentTime::db_current_time.to_i if timestamp.nil?
       connection.execute "NOTIFY invalidate_permissions_cache, '#{timestamp}'"
     else
-      Rails.cache.delete_matched(/^groups_for_user_/)
+      Rails.cache.delete_matched(/^#{PERM_CACHE_PREFIX}/)
     end
   end
 
+  # Return a hash of {user_uuid: group_perms}
+  def self.all_group_permissions
+    install_view('permission')
+    all_perms = {}
+    ActiveRecord::Base.connection.
+      exec_query('SELECT user_uuid, target_owner_uuid, max(perm_level), max(trashed)
+                  FROM permission_view
+                  WHERE target_owner_uuid IS NOT NULL
+                  GROUP BY user_uuid, target_owner_uuid',
+                  # "name" arg is a query label that appears in logs:
+                  "all_group_permissions",
+                  ).rows.each do |user_uuid, group_uuid, max_p_val, trashed|
+      all_perms[user_uuid] ||= {user_uuid => {:read => true, :write => true, :manage => true}}
+      all_perms[user_uuid][group_uuid] = PERMS_FOR_VAL[max_p_val.to_i]
+    end
+    all_perms
+  end
+
   # Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
   # and perm_hash[:write] are true if this user can read and write
   # objects owned by group_uuid.
   def calculate_group_permissions
-    install_view('permission')
+    self.class.install_view('permission')
 
-    group_perms = {}
+    group_perms = {self.uuid => {:read => true, :write => true, :manage => true}}
     ActiveRecord::Base.connection.
-      exec_query('SELECT target_owner_uuid, max(perm_level)
+      exec_query('SELECT target_owner_uuid, max(perm_level), max(trashed)
                   FROM permission_view
                   WHERE user_uuid = $1
                   AND target_owner_uuid IS NOT NULL
@@ -157,10 +185,10 @@ class User < ArvadosModel
                   "group_permissions for #{uuid}",
                   # "binds" arg is an array of [col_id, value] for '$1' vars:
                   [[nil, uuid]],
-                  ).rows.each do |group_uuid, max_p_val|
+                ).rows.each do |group_uuid, max_p_val, trashed|
       group_perms[group_uuid] = PERMS_FOR_VAL[max_p_val.to_i]
     end
-    Rails.cache.write "groups_for_user_#{self.uuid}", group_perms
+    Rails.cache.write "#{PERM_CACHE_PREFIX}#{self.uuid}", group_perms, expires_in: PERM_CACHE_TTL
     group_perms
   end
 
@@ -168,12 +196,12 @@ class User < ArvadosModel
   # and perm_hash[:write] are true if this user can read and write
   # objects owned by group_uuid.
   def group_permissions
-    r = Rails.cache.read "groups_for_user_#{self.uuid}"
+    r = Rails.cache.read "#{PERM_CACHE_PREFIX}#{self.uuid}"
     if r.nil?
       if Rails.configuration.async_permissions_update
         while r.nil?
           sleep(0.1)
-          r = Rails.cache.read "groups_for_user_#{self.uuid}"
+          r = Rails.cache.read "#{PERM_CACHE_PREFIX}#{self.uuid}"
         end
       else
         r = calculate_group_permissions
@@ -461,6 +489,14 @@ class User < ArvadosModel
     end
   end
 
+  # Automatically setup if is_active flag turns on
+  def setup_on_activate
+    return if [system_user_uuid, anonymous_user_uuid].include?(self.uuid)
+    if is_active && (new_record? || is_active_changed?)
+      setup(openid_prefix: Rails.configuration.default_openid_prefix)
+    end
+  end
+
   # Automatically setup new user during creation
   def auto_setup_new_user
     setup(openid_prefix: Rails.configuration.default_openid_prefix)