X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/450b51a554050504d6b510c2c9c1adf463b937a0..64e387b2f4f0fe6c4c7bf16232706c7cf194caf0:/services/api/app/models/collection.rb

diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb
index aaae19f4bf..caac5611e7 100644
--- a/services/api/app/models/collection.rb
+++ b/services/api/app/models/collection.rb
@@ -22,21 +22,25 @@ class Collection < ArvadosModel
 
   before_validation :default_empty_manifest
   before_validation :default_storage_classes, on: :create
+  before_validation :managed_properties, on: :create
   before_validation :check_encoding
   before_validation :check_manifest_validity
   before_validation :check_signatures
   before_validation :strip_signatures_and_update_replication_confirmed
+  before_validation :name_null_if_empty
+  validate :ensure_filesystem_compatible_name
   validate :ensure_pdh_matches_manifest_text
   validate :ensure_storage_classes_desired_is_not_empty
   validate :ensure_storage_classes_contain_non_empty_strings
   validate :versioning_metadata_updates, on: :update
   validate :past_versions_cannot_be_updated, on: :update
+  validate :protected_managed_properties_updates, on: :update
   after_validation :set_file_count_and_total_size
   before_save :set_file_names
-  around_update :manage_versioning
+  around_update :manage_versioning, unless: :is_past_version?
 
   api_accessible :user, extend: :common do |t|
-    t.add :name
+    t.add lambda { |x| x.name || "" }, as: :name
     t.add :description
     t.add :properties
     t.add :portable_data_hash
@@ -75,6 +79,7 @@ class Collection < ArvadosModel
                 # correct timestamp in signed_manifest_text.
                 'manifest_text' => ['manifest_text', 'trash_at', 'is_trashed'],
                 'unsigned_manifest_text' => ['manifest_text'],
+                'name' => ['name'],
                 )
   end
 
@@ -125,7 +130,7 @@ class Collection < ArvadosModel
             # Signature provided, but verify_signature did not like it.
             logger.warn "Invalid signature on locator #{tok}"
             raise ArvadosModel::PermissionDeniedError
-          elsif Rails.configuration.Collections["BlobSigning"]
+          elsif !Rails.configuration.Collections.BlobSigning
             # No signature provided, but we are running in insecure mode.
             logger.debug "Missing signature on locator #{tok} ignored"
           elsif Blob.new(tok).empty?
@@ -193,6 +198,12 @@ class Collection < ArvadosModel
     end
   end
 
+  def name_null_if_empty
+    if name == ""
+      self.name = nil
+    end
+  end
+
   def set_file_names
     if self.manifest_text_changed?
       self.file_names = manifest_files
@@ -281,8 +292,11 @@ class Collection < ArvadosModel
       sync_past_versions if syncable_updates.any?
       if snapshot
         snapshot.attributes = self.syncable_updates
-        snapshot.manifest_text = snapshot.signed_manifest_text
-        snapshot.save
+        leave_modified_by_user_alone do
+          act_as_system_user do
+            snapshot.save
+          end
+        end
       end
     end
   end
@@ -304,7 +318,7 @@ class Collection < ArvadosModel
     updates = self.syncable_updates
     Collection.where('current_version_uuid = ? AND uuid != ?', self.uuid_was, self.uuid_was).each do |c|
       c.attributes = updates
-      # Use a different validation context to skip the 'old_versions_cannot_be_updated'
+      # Use a different validation context to skip the 'past_versions_cannot_be_updated'
       # validator, as on this case it is legal to update some fields.
       leave_modified_by_user_alone do
         leave_modified_at_alone do
@@ -322,10 +336,18 @@ class Collection < ArvadosModel
     ['uuid', 'owner_uuid', 'delete_at', 'trash_at', 'is_trashed', 'replication_desired', 'storage_classes_desired']
   end
 
+  def is_past_version?
+    # Check for the '_was' values just in case the update operation
+    # includes a change on current_version_uuid or uuid.
+    !(new_record? || self.current_version_uuid_was == self.uuid_was)
+  end
+
   def should_preserve_version?
-    return false unless (Rails.configuration.Collections["CollectionVersioning"] && versionable_updates?(self.changes.keys))
+    return false unless (Rails.configuration.Collections.CollectionVersioning && versionable_updates?(self.changes.keys))
+
+    return false if self.is_trashed
 
-    idle_threshold = Rails.configuration.Collections["PreserveVersionIfIdle"]
+    idle_threshold = Rails.configuration.Collections.PreserveVersionIfIdle
     if !self.preserve_version_was &&
       (idle_threshold < 0 ||
         (idle_threshold > 0 && self.modified_at_was > db_current_time-idle_threshold.seconds))
@@ -371,7 +393,7 @@ class Collection < ArvadosModel
       return manifest_text
     else
       token = Thread.current[:token]
-      exp = [db_current_time.to_i + Rails.configuration.Collections["BlobSigningTTL"],
+      exp = [db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i,
              trash_at].compact.map(&:to_i).min
       self.class.sign_manifest manifest_text, token, exp
     end
@@ -379,7 +401,7 @@ class Collection < ArvadosModel
 
   def self.sign_manifest manifest, token, exp=nil
     if exp.nil?
-      exp = db_current_time.to_i + Rails.configuration.Collections["BlobSigningTTL"]
+      exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i
     end
     signing_opts = {
       api_token: token,
@@ -489,7 +511,7 @@ class Collection < ArvadosModel
   #
   # If filter_compatible_format is true (the default), only return image
   # collections which are support by the installation as indicated by
-  # Rails.configuration.Containers["SupportedDockerImageFormats"].  Will follow
+  # Rails.configuration.Containers.SupportedDockerImageFormats.  Will follow
   # 'docker_image_migration' links if search_term resolves to an incompatible
   # image, but an equivalent compatible image is available.
   def self.find_all_for_docker_image(search_term, search_tag=nil, readers=nil, filter_compatible_format: true)
@@ -500,7 +522,7 @@ class Collection < ArvadosModel
       joins("JOIN collections ON links.head_uuid = collections.uuid").
       order("links.created_at DESC")
 
-    docker_image_formats = Rails.configuration.Containers["SupportedDockerImageFormats"]
+    docker_image_formats = Rails.configuration.Containers.SupportedDockerImageFormats.keys.map(&:to_s)
 
     if (docker_image_formats.include? 'v1' and
         docker_image_formats.include? 'v2') or filter_compatible_format == false
@@ -518,7 +540,9 @@ class Collection < ArvadosModel
     if loc = Keep::Locator.parse(search_term)
       loc.strip_hints!
       coll_match = readable_by(*readers).where(portable_data_hash: loc.to_s).limit(1)
-      if coll_match.any? or Rails.configuration.RemoteClusters.length > 1
+      rc = Rails.configuration.RemoteClusters.select{ |k|
+        k != :"*" && k != Rails.configuration.ClusterID}
+      if coll_match.any? or rc.length == 0
         return get_compatible_images(readers, pattern, coll_match)
       else
         # Allow bare pdh that doesn't exist in the local database so
@@ -593,6 +617,23 @@ class Collection < ArvadosModel
     self.storage_classes_confirmed ||= []
   end
 
+  # Sets managed properties at creation time
+  def managed_properties
+    managed_props = Rails.configuration.Collections.ManagedProperties.with_indifferent_access
+    if managed_props.empty?
+      return
+    end
+    (managed_props.keys - self.properties.keys).each do |key|
+      if managed_props[key]['Function'] == 'original_owner'
+        self.properties[key] = self.user_owner_uuid
+      elsif managed_props[key]['Value']
+        self.properties[key] = managed_props[key]['Value']
+      else
+        logger.warn "Unidentified default property definition '#{key}': #{managed_props[key].inspect}"
+      end
+    end
+  end
+
   def portable_manifest_text
     self.class.munge_manifest_locators(manifest_text) do |match|
       if match[2] # size
@@ -648,17 +689,34 @@ class Collection < ArvadosModel
   end
 
   def past_versions_cannot_be_updated
-    # We check for the '_was' values just in case the update operation
-    # includes a change on current_version_uuid or uuid.
-    if current_version_uuid_was != uuid_was
+    if is_past_version?
       errors.add(:base, "past versions cannot be updated")
       false
     end
   end
 
+  def protected_managed_properties_updates
+    managed_properties = Rails.configuration.Collections.ManagedProperties.with_indifferent_access
+    if managed_properties.empty? || !properties_changed? || current_user.is_admin
+      return true
+    end
+    protected_props = managed_properties.keys.select do |p|
+      Rails.configuration.Collections.ManagedProperties[p]['Protected']
+    end
+    # Pre-existent protected properties can't be updated
+    invalid_updates = properties_was.keys.select{|p| properties_was[p] != properties[p]} & protected_props
+    if !invalid_updates.empty?
+      invalid_updates.each do |p|
+        errors.add("protected property cannot be updated:", p)
+      end
+      raise PermissionDeniedError.new
+    end
+    true
+  end
+
   def versioning_metadata_updates
     valid = true
-    if (current_version_uuid_was == uuid_was) && current_version_uuid_changed?
+    if !is_past_version? && current_version_uuid_changed?
       errors.add(:current_version_uuid, "cannot be updated")
       valid = false
     end