X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3f51fa4899fe43c29e1bf49d7911a40eb41a55e8..b1aa6c85c3db947f0963b1bddb2784c115f5c97d:/services/api/app/controllers/application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 6810d91d4c..2072520bb3 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
+require 'safe_json'
+
 module ApiTemplateOverride
   def allowed_to_render?(fieldset, field, model, options)
     return false if !super
@@ -14,19 +16,19 @@ class ActsAsApi::ApiTemplate
 end
 
 require 'load_param'
-require 'record_filters'
 
 class ApplicationController < ActionController::Base
   include CurrentApiClient
   include ThemesForRails::ActionController
   include LoadParam
-  include RecordFilters
+  include DbCurrentTime
 
   respond_to :json
   protect_from_forgery
 
   ERROR_ACTIONS = [:render_error, :render_not_found]
 
+  before_filter :disable_api_methods
   before_filter :set_cors_headers
   before_filter :respond_with_json_by_default
   before_filter :remote_ip
@@ -47,7 +49,9 @@ class ApplicationController < ActionController::Base
 
   theme :select_theme
 
-  attr_accessor :resource_attrs
+  attr_writer :resource_attrs
+
+  MAX_UNIQUE_NAME_ATTEMPTS = 10
 
   begin
     rescue_from(Exception,
@@ -60,6 +64,18 @@ class ApplicationController < ActionController::Base
                 :with => :render_not_found)
   end
 
+  def initialize *args
+    super
+    @object = nil
+    @objects = nil
+    @offset = nil
+    @limit = nil
+    @select = nil
+    @distinct = nil
+    @response_resource_name = nil
+    @attrs = nil
+  end
+
   def default_url_options
     if Rails.configuration.host
       {:host => Rails.configuration.host}
@@ -86,13 +102,16 @@ class ApplicationController < ActionController::Base
     if @object.respond_to? :name and params[:ensure_unique_name]
       # Record the original name.  See below.
       name_stem = @object.name
-      counter = 1
+      retries = MAX_UNIQUE_NAME_ATTEMPTS
+    else
+      retries = 0
     end
 
     begin
       @object.save!
     rescue ActiveRecord::RecordNotUnique => rn
-      raise unless params[:ensure_unique_name]
+      raise unless retries > 0
+      retries -= 1
 
       # Dig into the error to determine if it is specifically calling out a
       # (owner_uuid, name) uniqueness violation.  In this specific case, and
@@ -111,13 +130,19 @@ class ApplicationController < ActionController::Base
       detail = err.result.error_field(PG::Result::PG_DIAG_MESSAGE_DETAIL)
       raise unless /^Key \(owner_uuid, name\)=\([a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{15}, .*?\) already exists\./.match detail
 
-      # OK, this exception really is just a unique name constraint
-      # violation, and we've been asked to ensure_unique_name.
-      counter += 1
       @object.uuid = nil
-      @object.name = "#{name_stem} (#{counter})"
-      redo
-    end while false
+
+      new_name = "#{name_stem} (#{db_current_time.utc.iso8601(3)})"
+      if new_name == @object.name
+        # If the database is fast enough to do two attempts in the
+        # same millisecond, we need to wait to ensure we try a
+        # different timestamp on each attempt.
+        sleep 0.002
+        new_name = "#{name_stem} (#{db_current_time.utc.iso8601(3)})"
+      end
+      @object.name = new_name
+      retry
+    end
     show
   end
 
@@ -186,7 +211,7 @@ class ApplicationController < ActionController::Base
     # The obvious render(json: ...) forces a slow JSON encoder. See
     # #3021 and commit logs. Might be fixed in Rails 4.1.
     render({
-             text: Oj.dump(response, mode: :compat).html_safe,
+             text: SafeJSON.dump(response).html_safe,
              content_type: 'application/json'
            }.merge opts)
   end
@@ -207,11 +232,7 @@ class ApplicationController < ActionController::Base
 
   def apply_filters model_class=nil
     model_class ||= self.model_class
-    ft = record_filters @filters, model_class
-    if ft[:cond_out].any?
-      @objects = @objects.where('(' + ft[:cond_out].join(') AND (') + ')',
-                                *ft[:param_out])
-    end
+    @objects = model_class.apply_filters(@objects, @filters)
   end
 
   def apply_where_limit_order_params model_class=nil
@@ -301,15 +322,20 @@ class ApplicationController < ActionController::Base
     return if limit_columns.empty?
     model_class.transaction do
       limit_query = @objects.
+        except(:select).
         select("(%s) as read_length" %
-               limit_columns.map { |s| "length(#{s})" }.join(" + "))
+               limit_columns.map { |s| "octet_length(#{s})" }.join(" + "))
       new_limit = 0
       read_total = 0
-      limit_query.find_each do |record|
+      limit_query.each do |record|
         new_limit += 1
         read_total += record.read_length.to_i
-        break if ((read_total >= Rails.configuration.max_index_database_read) or
-                  (new_limit >= @limit))
+        if read_total >= Rails.configuration.max_index_database_read
+          new_limit -= 1 if new_limit > 1
+          break
+        elsif new_limit >= @limit
+          break
+        end
       end
       @limit = new_limit
       @objects = @objects.limit(@limit)
@@ -322,7 +348,7 @@ class ApplicationController < ActionController::Base
     return @attrs if @attrs
     @attrs = params[resource_name]
     if @attrs.is_a? String
-      @attrs = Oj.load @attrs, symbol_keys: true
+      @attrs = Oj.strict_load @attrs, symbol_keys: true
     end
     unless @attrs.is_a? Hash
       message = "No #{resource_name}"
@@ -386,6 +412,13 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def disable_api_methods
+    if Rails.configuration.disable_api_methods.
+        include?(controller_name + "." + action_name)
+      send_error("Disabled", status: 404)
+    end
+  end
+
   def set_cors_headers
     response.headers['Access-Control-Allow-Origin'] = '*'
     response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
@@ -413,7 +446,7 @@ class ApplicationController < ActionController::Base
   end
 
   def find_object_by_uuid
-    if params[:id] and params[:id].match /\D/
+    if params[:id] and params[:id].match(/\D/)
       params[:uuid] = params.delete :id
     end
     @where = { uuid: params[:uuid] }
@@ -436,7 +469,7 @@ class ApplicationController < ActionController::Base
 
   def load_json_value(hash, key, must_be_class=nil)
     if hash[key].is_a? String
-      hash[key] = Oj.load(hash[key], symbol_keys: false)
+      hash[key] = SafeJSON.load(hash[key])
       if must_be_class and !hash[key].is_a? must_be_class
         raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
       end
@@ -475,10 +508,16 @@ class ApplicationController < ActionController::Base
       :limit => @limit,
       :items => @objects.as_api_response(nil, {select: @select})
     }
-    if @objects.respond_to? :except
-      list[:items_available] = @objects.
-        except(:limit).except(:offset).
-        count(:id, distinct: true)
+    case params[:count]
+    when nil, '', 'exact'
+      if @objects.respond_to? :except
+        list[:items_available] = @objects.
+          except(:limit).except(:offset).
+          count(:id, distinct: true)
+      end
+    when 'none'
+    else
+      raise ArgumentError.new("count parameter must be 'exact' or 'none'")
     end
     list
   end
@@ -541,6 +580,7 @@ class ApplicationController < ActionController::Base
       distinct: { type: 'boolean', required: false },
       limit: { type: 'integer', required: false, default: DEFAULT_LIMIT },
       offset: { type: 'integer', required: false, default: 0 },
+      count: { type: 'string', required: false, default: 'exact' },
     }
   end
 
@@ -560,7 +600,7 @@ class ApplicationController < ActionController::Base
         }
       end
     end
-    super *opts
+    super(*opts)
   end
 
   def select_theme