X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/374a802e502d044973fd21ca68d2f6ab707bd770..6d6a0b0f7d5780c92c865ba2e6979195510c27b2:/services/api/app/controllers/arvados/v1/groups_controller.rb diff --git a/services/api/app/controllers/arvados/v1/groups_controller.rb b/services/api/app/controllers/arvados/v1/groups_controller.rb index 7a5713a03c..a963d1fc4d 100644 --- a/services/api/app/controllers/arvados/v1/groups_controller.rb +++ b/services/api/app/controllers/arvados/v1/groups_controller.rb @@ -1,4 +1,23 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require "trashable" + class Arvados::V1::GroupsController < ApplicationController + include TrashableController + + skip_before_filter :find_object_by_uuid, only: :shared + skip_before_filter :render_404_if_no_object, only: :shared + + def self._index_requires_parameters + (super rescue {}). + merge({ + include_trash: { + type: 'boolean', required: false, description: "Include items whose is_trashed attribute is true." + }, + }) + end def self._contents_requires_parameters params = _index_requires_parameters. @@ -6,6 +25,9 @@ class Arvados::V1::GroupsController < ApplicationController uuid: { type: 'string', required: false, default: nil }, + recursive: { + type: 'boolean', required: false, description: 'Include contents from child groups recursively.' + }, }) params.delete(:select) params @@ -44,12 +66,70 @@ class Arvados::V1::GroupsController < ApplicationController }) end + def shared + # The purpose of this endpoint is to return the toplevel set of + # groups which are *not* reachable through a direct ownership + # chain of projects starting from the current user account. In + # other words, groups which to which access was granted via a + # permission link or chain of links. + # + # This also returns (in the "included" field) the objects that own + # those projects (users or non-project groups). + # + # select groups that are readable by current user AND + # the owner_uuid is a user (but not the current user) OR + # the owner_uuid is not readable by the current user + # the owner_uuid is a group but group_class is not a project + # + # The intended use of this endpoint is to support clients which + # wish to browse those projects which are visible to the user but + # are not part of the "home" project. + + load_limit_offset_order_params + load_filters_param + + read_parent_check = if current_user.is_admin + "" + else + "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} WHERE "+ + "user_uuid=(:user_uuid) AND target_uuid=groups.owner_uuid AND perm_level >= 1) OR " + end + + @objects = Group.readable_by(*@read_users).where("groups.owner_uuid IN (SELECT users.uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+ + read_parent_check+ + "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=groups.owner_uuid and gp.group_class != 'project')", + user_uuid: current_user.uuid) + apply_where_limit_order_params + + owners = @objects.map(&:owner_uuid).to_a + + if params["include"] == "owner_uuid" + @extra_included = [] + [Group, User].each do |klass| + @extra_included += klass.readable_by(*@read_users).where(uuid: owners).to_a + end + end + + index + end + + def self._shared_requires_parameters + rp = self._index_requires_parameters + rp[:include] = { type: 'string', required: false } + rp + end + protected def load_searchable_objects all_objects = [] @items_available = 0 + # Reload the orders param, this time without prefixing unqualified + # columns ("name" => "groups.name"). Here, unqualified orders + # apply to each table being searched, not "groups". + load_limit_offset_order_params(fill_table_names: false) + # Trick apply_where_limit_order_params into applying suitable # per-table values. *_all are the real ones we'll apply to the # aggregate set. @@ -68,28 +148,70 @@ class Arvados::V1::GroupsController < ApplicationController Collection, Human, Specimen, Trait] - table_names = klasses.map(&:table_name) + table_names = Hash[klasses.collect { |k| [k, k.table_name] }] + + disabled_methods = Rails.configuration.disable_api_methods + avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')} + klasses = avail_klasses.keys + request_filters.each do |col, op, val| - if col.index('.') && !table_names.include?(col.split('.', 2)[0]) + if col.index('.') && !table_names.values.include?(col.split('.', 2)[0]) raise ArgumentError.new("Invalid attribute '#{col}' in filter") end end + wanted_klasses = [] + request_filters.each do |col,op,val| + if op == 'is_a' + (val.is_a?(Array) ? val : [val]).each do |type| + type = type.split('#')[-1] + type[0] = type[0].capitalize + wanted_klasses << type + end + end + end + + filter_by_owner = {} + if @object + if params['recursive'] + filter_by_owner[:owner_uuid] = [@object.uuid] + @object.descendant_project_uuids + else + filter_by_owner[:owner_uuid] = @object.uuid + end + end + + seen_last_class = false klasses.each do |klass| + @offset = 0 if seen_last_class # reset offset for the new next type being processed + + # if current klass is same as params['last_object_class'], mark that fact + seen_last_class = true if((params['count'].andand.==('none')) and + (params['last_object_class'].nil? or + params['last_object_class'].empty? or + params['last_object_class'] == klass.to_s)) + + # if klasses are specified, skip all other klass types + next if wanted_klasses.any? and !wanted_klasses.include?(klass.to_s) + + # don't reprocess klass types that were already seen + next if params['count'] == 'none' and !seen_last_class + + # don't process rest of object types if we already have needed number of objects + break if params['count'] == 'none' and all_objects.size >= limit_all + # If the currently requested orders specifically match the # table_name for the current klass, apply that order. # Otherwise, order by recency. request_order = - request_orders.andand.find { |r| r =~ /^#{klass.table_name}\./i } || + request_orders.andand.find { |r| r =~ /^#{klass.table_name}\./i || r !~ /\./ } || klass.default_orders.join(", ") @select = nil - where_conds = {} - where_conds[:owner_uuid] = @object.uuid if @object + where_conds = filter_by_owner if klass == Collection @select = klass.selectable_attributes - ["manifest_text"] elsif klass == Group - where_conds[:group_class] = "project" + where_conds = where_conds.merge(group_class: "project") end @filters = request_filters.map do |col, op, val| @@ -102,15 +224,24 @@ class Arvados::V1::GroupsController < ApplicationController end end.compact - @objects = klass.readable_by(*@read_users). - order(request_order).where(where_conds) - @limit = limit_all - all_objects.count + @objects = klass.readable_by(*@read_users, {:include_trash => params[:include_trash]}). + order(request_order).where(where_conds) + + klass_limit = limit_all - all_objects.count + @limit = klass_limit apply_where_limit_order_params klass - klass_object_list = object_list + klass_object_list = object_list(model_class: klass) klass_items_available = klass_object_list[:items_available] || 0 @items_available += klass_items_available @offset = [@offset - klass_items_available, 0].max all_objects += klass_object_list[:items] + + if klass_object_list[:limit] < klass_limit + # object_list() had to reduce @limit to comply with + # max_index_database_read. From now on, we'll do all queries + # with limit=0 and just accumulate items_available. + limit_all = all_objects.count + end end @objects = all_objects