X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/5bbd6abc7a32c6912db5f36f0af5a923ac4b7c79..c0818b26246432407b8cd76a887dd61a7e824cd0:/apps/workbench/app/controllers/users_controller.rb?ds=sidebyside diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb index 67b51a9bc9..d657f92603 100644 --- a/apps/workbench/app/controllers/users_controller.rb +++ b/apps/workbench/app/controllers/users_controller.rb @@ -1,17 +1,41 @@ class UsersController < ApplicationController - skip_before_filter :find_object_by_uuid, :only => [:welcome, :activity, :storage] + skip_around_filter :require_thread_api_token, only: :welcome + skip_before_filter :check_user_agreements, only: [:welcome, :inactive] + skip_before_filter :check_user_profile, only: [:welcome, :inactive, :profile] + skip_before_filter :find_object_by_uuid, only: [:welcome, :activity, :storage] before_filter :ensure_current_user_is_admin, only: [:sudo, :unsetup, :setup] + def show + if params[:uuid] == current_user.uuid + respond_to do |f| + f.html do + redirect_to(params[:return_to] || project_path(params[:uuid])) + end + end + else + super + end + end + def welcome if current_user - params[:action] = 'home' - home + redirect_to (params[:return_to] || '/') end end + def inactive + if current_user.andand.is_invited + redirect_to (params[:return_to] || '/') + end + end + + def profile + params[:offer_return_to] ||= params[:return_to] + end + def activity @breadcrumb_page_name = nil - @users = User.limit(params[:limit] || 1000).all + @users = User.limit(params[:limit]) @user_activity = {} @activity = { logins: {}, @@ -28,15 +52,15 @@ class UsersController < ApplicationController 1.month.ago.beginning_of_month, Time.now.beginning_of_month]] @spans.each do |span, threshold_start, threshold_end| - @activity[:logins][span] = Log. + @activity[:logins][span] = Log.select(%w(uuid modified_by_user_uuid)). filter([[:event_type, '=', 'login'], [:object_kind, '=', 'arvados#user'], [:created_at, '>=', threshold_start], [:created_at, '<', threshold_end]]) - @activity[:jobs][span] = Job. + @activity[:jobs][span] = Job.select(%w(uuid modified_by_user_uuid)). filter([[:created_at, '>=', threshold_start], [:created_at, '<', threshold_end]]) - @activity[:pipeline_instances][span] = PipelineInstance. + @activity[:pipeline_instances][span] = PipelineInstance.select(%w(uuid modified_by_user_uuid)). filter([[:created_at, '>=', threshold_start], [:created_at, '<', threshold_end]]) @activity.each do |type, act| @@ -64,7 +88,7 @@ class UsersController < ApplicationController def storage @breadcrumb_page_name = nil - @users = User.limit(params[:limit] || 1000).all + @users = User.limit(params[:limit]) @user_storage = {} total_storage = {} @log_date = {} @@ -115,7 +139,6 @@ class UsersController < ApplicationController end def home - @showallalerts = false @my_ssh_keys = AuthorizedKey.where(authorized_user_uuid: current_user.uuid) @my_tag_links = {} @@ -135,7 +158,7 @@ class UsersController < ApplicationController @persist_state[uuid] = 'cache' end - Link.limit(1000).filter([['head_uuid', 'in', collection_uuids], + Link.filter([['head_uuid', 'in', collection_uuids], ['link_class', 'in', ['tag', 'resources']]]). each do |link| case link.link_class @@ -189,6 +212,22 @@ class UsersController < ApplicationController end if User.setup setup_params + if params[:groups] + new_groups = params[:groups].split(',').map(&:strip).compact.select{|i| !i.to_s.empty?} + can_login_perms = Link.where(tail_uuid: params[:user_email], + head_kind: 'arvados#user', + link_class: 'permission', + name: 'can_login') + if can_login_perms.any? + perm = can_login_perms.first + props = perm.properties + if new_groups != props[:groups] + props[:groups] = new_groups + perm.save! + end + end + end + format.js else self.render_error status: 422 @@ -212,16 +251,29 @@ class UsersController < ApplicationController def manage_account # repositories current user can read / write - repo_links = [] - Link.filter([['head_uuid', 'is_a', 'arvados#repository'], - ['tail_uuid', '=', current_user.uuid], - ['link_class', '=', 'permission'], - ['name', 'in', ['can_write', 'can_read']], - ]). - each do |perm_link| - repo_links << perm_link[:head_uuid] - end - @my_repositories = Repository.where(uuid: repo_links) + repo_links = Link. + filter([['head_uuid', 'is_a', 'arvados#repository'], + ['tail_uuid', '=', current_user.uuid], + ['link_class', '=', 'permission'], + ]) + + owned_repositories = Repository.where(owner_uuid: current_user.uuid) + + @my_repositories = (Repository.where(uuid: repo_links.collect(&:head_uuid)) | + owned_repositories). + uniq { |repo| repo.uuid } + + + @repo_writable = {} + repo_links.each do |link| + if link.name.in? ['can_write', 'can_manage'] + @repo_writable[link.head_uuid] = link.name + end + end + + owned_repositories.each do |repo| + @repo_writable[repo.uuid] = 'can_manage' + end # virtual machines the current user can login into @my_vm_logins = {} @@ -277,6 +329,12 @@ class UsersController < ApplicationController end end + def request_shell_access + logger.warn "request_access: #{params.inspect}" + params['request_url'] = request.url + RequestShellAccessReporter.send_request(current_user, params).deliver + end + protected def find_current_links user @@ -287,14 +345,15 @@ class UsersController < ApplicationController end # oid login perm - oid_login_perms = Link.where(tail_uuid: user.email, + can_login_perms = Link.where(tail_uuid: user.email, head_kind: 'arvados#user', link_class: 'permission', name: 'can_login') - if oid_login_perms.any? - prefix_properties = oid_login_perms.first.properties - current_selections[:identity_url_prefix] = prefix_properties[:identity_url_prefix] + if can_login_perms.any? + perm_properties = can_login_perms.first.properties + current_selections[:identity_url_prefix] = perm_properties[:identity_url_prefix] + current_selections[:groups] = perm_properties[:groups].andand.join(', ') end # repo perm