X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4a16f09d3df0c7899fa6367d27b9f66ee9d4582b..6653f96c23ff461bc4cadf5184a95e1c9142f7e6:/services/api/app/controllers/application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 8589b3c7a5..369043e780 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -33,28 +33,26 @@ class ApplicationController < ActionController::Base
 
   ERROR_ACTIONS = [:render_error, :render_not_found]
 
-  around_filter :set_current_request_id
-  before_filter :disable_api_methods
-  before_filter :set_cors_headers
-  before_filter :respond_with_json_by_default
-  before_filter :remote_ip
-  before_filter :load_read_auths
-  before_filter :require_auth_scope, except: ERROR_ACTIONS
-
-  before_filter :catch_redirect_hint
-  before_filter(:find_object_by_uuid,
+  around_action :set_current_request_id
+  before_action :disable_api_methods
+  before_action :set_cors_headers
+  before_action :respond_with_json_by_default
+  before_action :remote_ip
+  before_action :load_read_auths
+  before_action :require_auth_scope, except: ERROR_ACTIONS
+
+  before_action :catch_redirect_hint
+  before_action :load_required_parameters
+  before_action(:find_object_by_uuid,
                 except: [:index, :create] + ERROR_ACTIONS)
-  before_filter :load_required_parameters
-  before_filter :load_limit_offset_order_params, only: [:index, :contents]
-  before_filter :load_where_param, only: [:index, :contents]
-  before_filter :load_filters_param, only: [:index, :contents]
-  before_filter :find_objects_for_index, :only => :index
-  before_filter :reload_object_before_update, :only => :update
-  before_filter(:render_404_if_no_object,
+  before_action :load_limit_offset_order_params, only: [:index, :contents]
+  before_action :load_where_param, only: [:index, :contents]
+  before_action :load_filters_param, only: [:index, :contents]
+  before_action :find_objects_for_index, :only => :index
+  before_action :reload_object_before_update, :only => :update
+  before_action(:render_404_if_no_object,
                 except: [:index, :create] + ERROR_ACTIONS)
 
-  theme Rails.configuration.arvados_theme
-
   attr_writer :resource_attrs
 
   begin
@@ -83,14 +81,11 @@ class ApplicationController < ActionController::Base
 
   def default_url_options
     options = {}
-    if Rails.configuration.host
-      options[:host] = Rails.configuration.host
-    end
-    if Rails.configuration.port
-      options[:port] = Rails.configuration.port
-    end
-    if Rails.configuration.protocol
-      options[:protocol] = Rails.configuration.protocol
+    if Rails.configuration.Services.Controller.ExternalURL != URI("")
+      exturl = Rails.configuration.Services.Controller.ExternalURL
+      options[:host] = exturl.host
+      options[:port] = exturl.port
+      options[:protocol] = exturl.scheme
     end
     options
   end
@@ -145,8 +140,13 @@ class ApplicationController < ActionController::Base
 
   def render_error(e)
     logger.error e.inspect
-    if !e.is_a? RequestError and (e.respond_to? :backtrace and e.backtrace)
-      logger.error e.backtrace.collect { |x| x + "\n" }.join('')
+    if e.respond_to? :backtrace and e.backtrace
+      # This will be cleared by lograge after adding it to the log.
+      # Usually lograge would get the exceptions, but in our case we're catching
+      # all of them with exception handlers that cannot re-raise them because they
+      # don't get propagated.
+      Thread.current[:exception] = e.inspect
+      Thread.current[:backtrace] = e.backtrace.collect { |x| x + "\n" }.join('')
     end
     if (@object.respond_to? :errors and
         @object.errors.andand.full_messages.andand.any?)
@@ -164,8 +164,23 @@ class ApplicationController < ActionController::Base
     send_error("Path not found", status: 404)
   end
 
+  def render_accepted
+    send_json ({accepted: true}), status: 202
+  end
+
   protected
 
+  def bool_param(pname)
+    if params.include?(pname)
+      if params[pname].is_a?(Boolean)
+        return params[pname]
+      else
+        logger.warn "Warning: received non-boolean parameter '#{pname}' on #{self.class.inspect}."
+      end
+    end
+    false
+  end
+
   def send_error(*args)
     if args.last.is_a? Hash
       err = args.pop
@@ -173,6 +188,9 @@ class ApplicationController < ActionController::Base
       err = {}
     end
     err[:errors] ||= args
+    err[:errors].map! do |err|
+      err += " (" + Thread.current[:request_id] + ")"
+    end
     err[:error_token] = [Time.now.utc.to_i, "%08x" % rand(16 ** 8)].join("+")
     status = err.delete(:status) || 422
     logger.error "Error #{err[:error_token]}: #{status}"
@@ -183,13 +201,16 @@ class ApplicationController < ActionController::Base
     # The obvious render(json: ...) forces a slow JSON encoder. See
     # #3021 and commit logs. Might be fixed in Rails 4.1.
     render({
-             text: SafeJSON.dump(response).html_safe,
+             plain: SafeJSON.dump(response).html_safe,
              content_type: 'application/json'
            }.merge opts)
   end
 
   def find_objects_for_index
-    @objects ||= model_class.readable_by(*@read_users, {:include_trash => (params[:include_trash] || 'untrash' == action_name)})
+    @objects ||= model_class.readable_by(*@read_users, {
+      :include_trash => (bool_param(:include_trash) || 'untrash' == action_name),
+      :include_old_versions => bool_param(:include_old_versions)
+    })
     apply_where_limit_order_params
   end
 
@@ -235,7 +256,7 @@ class ApplicationController < ActionController::Base
               conditions[0] << " and #{ar_table_name}.#{attr} in (?)"
               conditions << value
             end
-          elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false
+          elsif value.is_a? String or value.is_a? Integer or value == true or value == false
             conditions[0] << " and #{ar_table_name}.#{attr}=?"
             conditions << value
           elsif value.is_a? Hash
@@ -276,7 +297,7 @@ class ApplicationController < ActionController::Base
     @objects = @objects.order(@orders.join ", ") if @orders.any?
     @objects = @objects.limit(@limit)
     @objects = @objects.offset(@offset)
-    @objects = @objects.uniq(@distinct) if not @distinct.nil?
+    @objects = @objects.distinct(@distinct) if not @distinct.nil?
   end
 
   # limit_database_read ensures @objects (which must be an
@@ -299,7 +320,7 @@ class ApplicationController < ActionController::Base
       limit_query.each do |record|
         new_limit += 1
         read_total += record.read_length.to_i
-        if read_total >= Rails.configuration.max_index_database_read
+        if read_total >= Rails.configuration.API.MaxIndexDatabaseRead
           new_limit -= 1 if new_limit > 1
           @limit = new_limit
           break
@@ -316,10 +337,12 @@ class ApplicationController < ActionController::Base
   def resource_attrs
     return @attrs if @attrs
     @attrs = params[resource_name]
-    if @attrs.is_a? String
+    if @attrs.nil?
+      @attrs = {}
+    elsif @attrs.is_a? String
       @attrs = Oj.strict_load @attrs, symbol_keys: true
     end
-    unless @attrs.is_a? Hash
+    unless [Hash, ActionController::Parameters].include? @attrs.class
       message = "No #{resource_name}"
       if resource_name.index('_')
         message << " (or #{resource_name.camelcase(:lower)})"
@@ -344,13 +367,20 @@ class ApplicationController < ActionController::Base
     # If there are too many reader tokens, assume the request is malicious
     # and ignore it.
     if request.get? and params[:reader_tokens] and
-        params[:reader_tokens].size < 100
+      params[:reader_tokens].size < 100
+      secrets = params[:reader_tokens].map { |t|
+        if t.is_a? String and t.starts_with? "v2/"
+          t.split("/")[2]
+        else
+          t
+        end
+      }
       @read_auths += ApiClientAuthorization
         .includes(:user)
         .where('api_token IN (?) AND
                 (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
-               params[:reader_tokens])
-        .all
+               secrets)
+        .to_a
     end
     @read_auths.select! { |auth| auth.scopes_allow_request? request }
     @read_users = @read_auths.map(&:user).uniq
@@ -403,8 +433,7 @@ class ApplicationController < ActionController::Base
   end
 
   def disable_api_methods
-    if Rails.configuration.disable_api_methods.
-        include?(controller_name + "." + action_name)
+    if Rails.configuration.API.DisabledAPIs[controller_name + "." + action_name]
       send_error("Disabled", status: 404)
     end
   end
@@ -417,8 +446,8 @@ class ApplicationController < ActionController::Base
   end
 
   def respond_with_json_by_default
-    html_index = request.accepts.index(Mime::HTML)
-    if html_index.nil? or request.accepts[0...html_index].include?(Mime::JSON)
+    html_index = request.accepts.index(Mime[:html])
+    if html_index.nil? or request.accepts[0...html_index].include?(Mime[:json])
       request.format = :json
     end
   end
@@ -458,21 +487,31 @@ class ApplicationController < ActionController::Base
   end
 
   def load_json_value(hash, key, must_be_class=nil)
-    if hash[key].is_a? String
-      hash[key] = SafeJSON.load(hash[key])
-      if must_be_class and !hash[key].is_a? must_be_class
-        raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
-      end
+    return if hash[key].nil?
+
+    val = hash[key]
+    if val.is_a? ActionController::Parameters
+      val = val.to_unsafe_hash
+    elsif val.is_a? String
+      val = SafeJSON.load(val)
+      hash[key] = val
+    end
+    # When assigning a Hash to an ActionController::Parameters and then
+    # retrieve it, we get another ActionController::Parameters instead of
+    # a Hash. This doesn't happen with other types. This is why 'val' is
+    # being used to do type checking below.
+    if must_be_class and !val.is_a? must_be_class
+      raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
     end
   end
 
   def self.accept_attribute_as_json(attr, must_be_class=nil)
-    before_filter lambda { accept_attribute_as_json attr, must_be_class }
+    before_action lambda { accept_attribute_as_json attr, must_be_class }
   end
   accept_attribute_as_json :properties, Hash
   accept_attribute_as_json :info, Hash
   def accept_attribute_as_json(attr, must_be_class)
-    if params[resource_name] and resource_attrs.is_a? Hash
+    if params[resource_name] and [Hash, ActionController::Parameters].include?(resource_attrs.class)
       if resource_attrs[attr].is_a? Hash
         # Convert symbol keys to strings (in hashes provided by
         # resource_attrs)
@@ -485,7 +524,7 @@ class ApplicationController < ActionController::Base
   end
 
   def self.accept_param_as_json(key, must_be_class=nil)
-    prepend_before_filter lambda { load_json_value(params, key, must_be_class) }
+    prepend_before_action lambda { load_json_value(params, key, must_be_class) }
   end
   accept_param_as_json :reader_tokens, Array
 
@@ -509,7 +548,7 @@ class ApplicationController < ActionController::Base
       if @objects.respond_to? :except
         list[:items_available] = @objects.
           except(:limit).except(:offset).
-          count(:id, distinct: true)
+          distinct.count(:id)
       end
     when 'none'
     else
@@ -587,6 +626,12 @@ class ApplicationController < ActionController::Base
       limit: { type: 'integer', required: false, default: DEFAULT_LIMIT },
       offset: { type: 'integer', required: false, default: 0 },
       count: { type: 'string', required: false, default: 'exact' },
+      cluster_id: {
+        type: 'string',
+        description: "List objects on a remote federated cluster instead of the current one.",
+        location: "query",
+        required: false,
+      },
     }
   end