X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3c87946740b83f612561f998f7d83586593be830..4ab2fa0e6033a7c638a80f3ba73f220d8181fa3c:/services/api/lib/current_api_client.rb diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb index c7b48c0cdd..7c99c911f8 100644 --- a/services/api/lib/current_api_client.rb +++ b/services/api/lib/current_api_client.rb @@ -2,14 +2,6 @@ # # SPDX-License-Identifier: AGPL-3.0 -$system_user = nil -$system_group = nil -$all_users_group = nil -$anonymous_user = nil -$anonymous_group = nil -$anonymous_group_read_permission = nil -$empty_collection = nil - module CurrentApiClient def current_user Thread.current[:user] @@ -65,32 +57,39 @@ module CurrentApiClient 'anonymouspublic'].join('-') end + def public_project_uuid + [Rails.configuration.ClusterID, + Group.uuid_prefix, + 'publicfavorites'].join('-') + end + def system_user - $system_user = check_cache $system_user do - real_current_user = Thread.current[:user] - begin - Thread.current[:user] = User.new(is_admin: true, - is_active: true, - uuid: system_user_uuid) + real_current_user = Thread.current[:user] + begin + Thread.current[:user] = User.new(is_admin: true, + is_active: true, + uuid: system_user_uuid) + $system_user = check_cache($system_user) do User.where(uuid: system_user_uuid). first_or_create!(is_active: true, is_admin: true, email: 'root', first_name: 'root', last_name: '') - ensure - Thread.current[:user] = real_current_user end + ensure + Thread.current[:user] = real_current_user end end def system_group - $system_group = check_cache $system_group do + $system_group = check_cache($system_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: system_group_uuid). first_or_create!(name: "System group", - description: "System group") do |g| + description: "System group", + group_class: "role") do |g| g.save! User.all.collect(&:uuid).each do |user_uuid| Link.create!(link_class: 'permission', @@ -111,7 +110,7 @@ module CurrentApiClient end def all_users_group - $all_users_group = check_cache $all_users_group do + $all_users_group = check_cache($all_users_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: all_users_group_uuid). @@ -140,11 +139,14 @@ module CurrentApiClient yield ensure Thread.current[:user] = user_was + if user_was + user_was.forget_cached_group_perms + end end end def anonymous_group - $anonymous_group = check_cache $anonymous_group do + $anonymous_group = check_cache($anonymous_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: anonymous_group_uuid). @@ -157,8 +159,7 @@ module CurrentApiClient end def anonymous_group_read_permission - $anonymous_group_read_permission = - check_cache $anonymous_group_read_permission do + $anonymous_group_read_permission = check_cache($anonymous_group_read_permission) do act_as_system_user do Link.where(tail_uuid: all_users_group.uuid, head_uuid: anonymous_group.uuid, @@ -169,7 +170,7 @@ module CurrentApiClient end def anonymous_user - $anonymous_user = check_cache $anonymous_user do + $anonymous_user = check_cache($anonymous_user) do act_as_system_user do User.where(uuid: anonymous_user_uuid). first_or_create!(is_active: false, @@ -188,47 +189,109 @@ module CurrentApiClient end end - def empty_collection_uuid + def public_project_group + $public_project_group = check_cache($public_project_group) do + act_as_system_user do + ActiveRecord::Base.transaction do + Group.where(uuid: public_project_uuid). + first_or_create!(group_class: "project", + name: "Public favorites", + description: "Public favorites") + end + end + end + end + + def public_project_read_permission + $public_project_group_read_permission = check_cache($public_project_group_read_permission) do + act_as_system_user do + Link.where(tail_uuid: anonymous_group.uuid, + head_uuid: public_project_group.uuid, + link_class: "permission", + name: "can_read").first_or_create! + end + end + end + + def anonymous_user_token_api_client + $anonymous_user_token_api_client = check_cache($anonymous_user_token_api_client) do + act_as_system_user do + ActiveRecord::Base.transaction do + ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken") + end + end + end + end + + def system_root_token_api_client + $system_root_token_api_client = check_cache($system_root_token_api_client) do + act_as_system_user do + ActiveRecord::Base.transaction do + ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken") + end + end + end + end + + def empty_collection_pdh 'd41d8cd98f00b204e9800998ecf8427e+0' end def empty_collection - $empty_collection = check_cache $empty_collection do + $empty_collection = check_cache($empty_collection) do act_as_system_user do ActiveRecord::Base.transaction do Collection. - where(portable_data_hash: empty_collection_uuid). - first_or_create!(manifest_text: '', owner_uuid: anonymous_group.uuid) + where(portable_data_hash: empty_collection_pdh). + first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c| + c.save! + Link.where(tail_uuid: anonymous_group.uuid, + head_uuid: c.uuid, + link_class: 'permission', + name: 'can_read'). + first_or_create! + c + end end end end end - private - - # If the given value is nil, or the cache has been cleared since it - # was set, yield. Otherwise, return the given value. - def check_cache value - if not Rails.env.test? and - ActionController::Base.cache_store.is_a? ActiveSupport::Cache::FileStore and - not File.owned? ActionController::Base.cache_store.cache_path - # If we don't own the cache dir, we're probably - # crunch-dispatch. Whoever we are, using this cache is likely to - # either fail or screw up the cache for someone else. So we'll - # just assume the $globals are OK to live forever. - # - # The reason for making the globals expire with the cache in the - # first place is to avoid leaking state between test cases: in - # production, we don't expect the database seeds to ever go away - # even when the cache is cleared, so there's no particular - # reason to expire our global variables. + # Purge the module globals if necessary. If the cached value is + # non-nil and the globals weren't purged, return the cached + # value. Otherwise, call the block. + # + # Purge is only done in test mode. + def check_cache(cached) + if Rails.env != 'test' + return (cached || yield) + end + t = Rails.cache.fetch "CurrentApiClient.$system_globals_reset" do + Time.now.to_f + end + if t != $system_globals_reset + reset_system_globals(t) + yield else - Rails.cache.fetch "CurrentApiClient.$globals" do - value = nil - true - end + cached || yield end - return value unless value.nil? - yield end + + def reset_system_globals(t) + $system_globals_reset = t + $system_user = nil + $system_group = nil + $all_users_group = nil + $anonymous_group = nil + $anonymous_group_read_permission = nil + $anonymous_user = nil + $public_project_group = nil + $public_project_group_read_permission = nil + $anonymous_user_token_api_client = nil + $system_root_token_api_client = nil + $empty_collection = nil + end + module_function :reset_system_globals end + +CurrentApiClient.reset_system_globals(0)