X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4b88dab6ed8e3b583f0e4c1ea8b8e01adad4a6ad..a1e6ebc7e1afc04e8a1de0c0bb8e304eda6ecf2c:/apps/workbench/app/controllers/application_controller.rb diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb index 6fea62563d..db3d43040c 100644 --- a/apps/workbench/app/controllers/application_controller.rb +++ b/apps/workbench/app/controllers/application_controller.rb @@ -16,7 +16,6 @@ class ApplicationController < ActionController::Base before_filter :accept_uuid_as_id_param, except: ERROR_ACTIONS before_filter :check_user_agreements, except: ERROR_ACTIONS before_filter :check_user_profile, except: ERROR_ACTIONS - before_filter :check_user_notifications, except: ERROR_ACTIONS before_filter :load_filters_and_paging_params, except: ERROR_ACTIONS before_filter :find_object_by_uuid, except: [:create, :index, :choose] + ERROR_ACTIONS theme :select_theme @@ -46,6 +45,9 @@ class ApplicationController < ActionController::Base end def render_error(opts={}) + # Helpers can rely on the presence of @errors to know they're + # being used in an error page. + @errors ||= [] opts[:status] ||= 500 respond_to do |f| # json must come before html here, so it gets used as the @@ -253,7 +255,7 @@ class ApplicationController < ActionController::Base f.html { if params['tab_pane'] render_pane(if params['tab_pane'].is_a? Hash then params['tab_pane']["name"] else params['tab_pane'] end) - elsif request.method.in? ['GET', 'HEAD'] + elsif request.request_method.in? ['GET', 'HEAD'] render else redirect_to (params[:return_to] || @@ -265,6 +267,17 @@ class ApplicationController < ActionController::Base end end + def redirect_to uri, *args + if request.xhr? + if not uri.is_a? String + uri = polymorphic_url(uri) + end + render json: {href: uri} + else + super + end + end + def choose params[:limit] ||= 40 respond_to do |f| @@ -322,6 +335,7 @@ class ApplicationController < ActionController::Base @new_resource_attrs ||= {} @new_resource_attrs.reject! { |k,v| k.to_s == 'uuid' } @object ||= model_class.new @new_resource_attrs, params["options"] + if @object.save show else @@ -383,26 +397,69 @@ class ApplicationController < ActionController::Base %w(Attributes Advanced) end + def set_share_links + @user_is_manager = false + @share_links = [] + + if @object.uuid != current_user.andand.uuid + begin + @share_links = Link.permissions_for(@object) + @user_is_manager = true + rescue ArvadosApiClient::AccessForbiddenException, + ArvadosApiClient::NotFoundException + end + end + end + + def share_with + if not params[:uuids].andand.any? + @errors = ["No user/group UUIDs specified to share with."] + return render_error(status: 422) + end + results = {"success" => [], "errors" => []} + params[:uuids].each do |shared_uuid| + begin + Link.create(tail_uuid: shared_uuid, link_class: "permission", + name: "can_read", head_uuid: @object.uuid) + rescue ArvadosApiClient::ApiError => error + error_list = error.api_response.andand[:errors] + if error_list.andand.any? + results["errors"] += error_list.map { |e| "#{shared_uuid}: #{e}" } + else + error_code = error.api_status || "Bad status" + results["errors"] << "#{shared_uuid}: #{error_code} response" + end + else + results["success"] << shared_uuid + end + end + if results["errors"].empty? + results.delete("errors") + status = 200 + else + status = 422 + end + respond_to do |f| + f.json { render(json: results, status: status) } + end + end + protected + helper_method :strip_token_from_path def strip_token_from_path(path) path.sub(/([\?&;])api_token=[^&;]*[&;]?/, '\1') end def redirect_to_login - respond_to do |f| - f.html { - if request.method.in? ['GET', 'HEAD'] - redirect_to arvados_api_client.arvados_login_url(return_to: strip_token_from_path(request.url)) - else - flash[:error] = "Either you are not logged in, or your session has timed out. I can't automatically log you in and re-attempt this request." - redirect_to :back - end - } - f.json { - @errors = ['You do not seem to be logged in. You did not supply an API token with this request, and your session (if any) has timed out.'] - self.render_error status: 422 - } + if request.xhr? or request.format.json? + @errors = ['You are not logged in. Most likely your session has timed out and you need to log in again.'] + render_error status: 401 + elsif request.method.in? ['GET', 'HEAD'] + redirect_to arvados_api_client.arvados_login_url(return_to: strip_token_from_path(request.url)) + else + flash[:error] = "Either you are not logged in, or your session has timed out. I can't automatically log you in and re-attempt this request." + redirect_to :back end false # For convenience to return from callbacks end @@ -447,7 +504,7 @@ class ApplicationController < ActionController::Base else @object = model_class.find(params[:uuid]) end - rescue ArvadosApiClient::NotFoundException, RuntimeError => error + rescue ArvadosApiClient::NotFoundException, ArvadosApiClient::NotLoggedInException, RuntimeError => error if error.is_a?(RuntimeError) and (error.message !~ /^argument to find\(/) raise end @@ -543,7 +600,8 @@ class ApplicationController < ActionController::Base end end - # Redirect to login/welcome if client provided expired API token (or none at all) + # Redirect to login/welcome if client provided expired API token (or + # none at all) def require_thread_api_token if Thread.current[:arvados_api_token] yield @@ -553,15 +611,26 @@ class ApplicationController < ActionController::Base # log in" page instead of getting stuck in a redirect loop. session.delete :arvados_api_token redirect_to_login + elsif request.xhr? + # If we redirect to the welcome page, the browser will handle + # the 302 by itself and the client code will end up rendering + # the "welcome" page in some content area where it doesn't make + # sense. Instead, we send 401 ("authenticate and try again" or + # "display error", depending on how smart the client side is). + @errors = ['You are not logged in.'] + render_error status: 401 else redirect_to welcome_users_path(return_to: request.fullpath) end end def ensure_current_user_is_admin - unless current_user and current_user.is_admin + if not current_user + @errors = ['Not logged in'] + render_error status: 401 + elsif not current_user.is_admin @errors = ['Permission denied'] - self.render_error status: 401 + render_error status: 403 end end @@ -596,6 +665,7 @@ class ApplicationController < ActionController::Base end def check_user_profile + return true if !current_user if request.method.downcase != 'get' || params[:partial] || params[:tab_pane] || params[:action_method] || params[:action] == 'setup_popup' @@ -637,6 +707,7 @@ class ApplicationController < ActionController::Base @@notification_tests = [] @@notification_tests.push lambda { |controller, current_user| + return nil if Rails.configuration.shell_in_a_box_url AuthorizedKey.limit(1).where(authorized_user_uuid: current_user.uuid).each do return nil end @@ -663,26 +734,12 @@ class ApplicationController < ActionController::Base } } - def check_user_notifications - return if params['tab_pane'] - - @notification_count = 0 - @notifications = [] - - if current_user.andand.is_active - @showallalerts = false - @@notification_tests.each do |t| - a = t.call(self, current_user) - if a - @notification_count += 1 - @notifications.push a - end - end - end - - if @notification_count == 0 - @notification_count = '' - end + helper_method :user_notifications + def user_notifications + return [] if @errors or not current_user.andand.is_active + @notifications ||= @@notification_tests.map do |t| + t.call(self, current_user) + end.compact end helper_method :all_projects @@ -1012,6 +1069,39 @@ class ApplicationController < ActionController::Base @all_log_collections_for end + # Helper method to get one collection for the given portable_data_hash + # This is used to determine if a pdh is readable by the current_user + helper_method :collection_for_pdh + def collection_for_pdh pdh + raise ArgumentError, 'No input argument' unless pdh + preload_for_pdhs([pdh]) + @all_pdhs_for[pdh] ||= [] + end + + # Helper method to preload one collection each for the given pdhs + # This is used to determine if a pdh is readable by the current_user + helper_method :preload_for_pdhs + def preload_for_pdhs pdhs + @all_pdhs_for ||= {} + + raise ArgumentError, 'Argument is not an array' unless pdhs.is_a? Array + return @all_pdhs_for if pdhs.empty? + + # if already preloaded for all of these pdhs, return + if not pdhs.select { |x| @all_pdhs_for[x].nil? }.any? + return @all_pdhs_for + end + + pdhs.each do |x| + @all_pdhs_for[x] = [] + end + + Collection.select(%w(portable_data_hash)).where(portable_data_hash: pdhs).distinct().each do |collection| + @all_pdhs_for[collection.portable_data_hash] << collection + end + @all_pdhs_for + end + # helper method to get object of a given dataclass and uuid helper_method :object_for_dataclass def object_for_dataclass dataclass, uuid @@ -1031,10 +1121,14 @@ class ApplicationController < ActionController::Base return @objects_for if uuids.empty? # if already preloaded for all of these uuids, return - if not uuids.select { |x| @objects_for[x].nil? }.any? + if not uuids.select { |x| !@objects_for.include?(x) }.any? return @objects_for end + # preset all uuids to nil + uuids.each do |x| + @objects_for[x] = nil + end dataclass.where(uuid: uuids).each do |obj| @objects_for[obj.uuid] = obj end