X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/32926d6543e52daa4db8e47c2870bef4d6bdf71d..45cc809dfeab1d603e80cec3d44770d7f5a7c8ae:/services/api/app/models/log.rb diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb index b10a491163..75e1a4e402 100644 --- a/services/api/app/models/log.rb +++ b/services/api/app/models/log.rb @@ -1,11 +1,17 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require 'audit_logs' + class Log < ArvadosModel include HasUuid include KindAndEtag include CommonApiTemplate serialize :properties, Hash before_validation :set_default_event_at - attr_accessor :object, :object_kind after_save :send_notify + after_commit { AuditLogs.tidy_in_background } api_accessible :user, extend: :common do |t| t.add :id @@ -47,12 +53,28 @@ class Log < ArvadosModel self.event_at = thing.created_at when "update" self.event_at = thing.modified_at - when "destroy" + when "delete" self.event_at = db_current_time end self end + def self.readable_by(*users_list) + if users_list.last.is_a? Hash + users_list.pop + end + if users_list.select { |u| u.is_admin }.any? + return self + end + user_uuids = users_list.map { |u| u.uuid } + + joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid"). + where("EXISTS(SELECT target_uuid FROM #{PERMISSION_VIEW} "+ + "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND "+ + "target_uuid IN (container_requests.uuid, container_requests.owner_uuid, logs.object_uuid, logs.owner_uuid, logs.object_owner_uuid))", + user_uuids: user_uuids) + end + protected def permission_to_create @@ -82,7 +104,6 @@ class Log < ArvadosModel end def send_notify - connection.execute "NOTIFY logs, '#{self.id}'" + ActiveRecord::Base.connection.execute "NOTIFY logs, '#{self.id}'" end - end