X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/47ba9f232537d04cc919b20ba45c0144c722ddd4..b2dc99425b69c319f85ee1e44c30d03a9cd737d2:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74e277f14c..cc8b2c35e0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -50,12 +50,13 @@ class ApplicationController < ActionController::Base
 
   def index
     @objects ||= model_class.
-      joins("LEFT JOIN metadata permissions ON permissions.tail=#{table_name}.uuid AND permissions.head=#{model_class.sanitize current_user.uuid} AND permissions.metadata_class='permission' AND permissions.name='visible_to'").
-      where("#{table_name}.created_by_user=? OR #{table_name}.uuid=? OR permissions.head IS NOT NULL",
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid=#{model_class.sanitize current_user.uuid} AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+            true, current_user.is_admin,
             current_user.uuid, current_user.uuid)
     if params[:where]
       where = params[:where]
-      where = JSON.parse(where) if where.is_a?(String)
+      where = Oj.load(where) if where.is_a?(String)
       conditions = ['1=1']
       where.each do |attr,value|
         if (!value.nil? and
@@ -76,6 +77,14 @@ class ApplicationController < ActionController::Base
           where(*conditions)
       end
     end
+    if params[:limit]
+      begin
+        @objects = @objects.limit(params[:limit].to_i)
+      rescue
+        raise "invalid argument (limit)"
+      end
+    end
+    @objects.uniq!(&:id)
     if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != ''
       @objects.each(&:eager_load_associations)
     end
@@ -96,7 +105,7 @@ class ApplicationController < ActionController::Base
       raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) provided with request #{params.inspect}"
     end
     if @attrs.class == String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
     end
     @object = model_class.new @attrs
     @object.save
@@ -106,7 +115,7 @@ class ApplicationController < ActionController::Base
   def update
     @attrs = params[resource_name]
     if @attrs.is_a? String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
     end
     @object.update_attributes @attrs
     show
@@ -122,7 +131,7 @@ class ApplicationController < ActionController::Base
           redirect_to '/auth/joshid'
         }
         format.json {
-          render :json => { 'error' => 'Not logged in' }.to_json
+          render :json => { errors: ['Not logged in'] }.to_json
         }
       end
     end
@@ -189,7 +198,7 @@ class ApplicationController < ActionController::Base
   def accept_attribute_as_json(attr, force_class)
     if params[resource_name].is_a? Hash
       if params[resource_name][attr].is_a? String
-        params[resource_name][attr] = JSON.parse params[resource_name][attr]
+        params[resource_name][attr] = Oj.load params[resource_name][attr]
         if force_class and !params[resource_name][attr].is_a? force_class
           raise TypeError.new("#{resource_name}[#{attr.to_s}] must be a #{force_class.to_s}")
         end