X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/5d9908601b8c16c556d0153640f67aa3b26c2f57..618643017913c78a4d584ba4a5d9ca0db333a4f3:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index a9134ad59c..b077879696 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -33,28 +33,26 @@ class ApplicationController < ActionController::Base ERROR_ACTIONS = [:render_error, :render_not_found] - around_filter :set_current_request_id - before_filter :disable_api_methods - before_filter :set_cors_headers - before_filter :respond_with_json_by_default - before_filter :remote_ip - before_filter :load_read_auths - before_filter :require_auth_scope, except: ERROR_ACTIONS - - before_filter :catch_redirect_hint - before_filter(:find_object_by_uuid, + around_action :set_current_request_id + before_action :disable_api_methods + before_action :set_cors_headers + before_action :respond_with_json_by_default + before_action :remote_ip + before_action :load_read_auths + before_action :require_auth_scope, except: ERROR_ACTIONS + + before_action :catch_redirect_hint + before_action(:find_object_by_uuid, except: [:index, :create] + ERROR_ACTIONS) - before_filter :load_required_parameters - before_filter :load_limit_offset_order_params, only: [:index, :contents] - before_filter :load_where_param, only: [:index, :contents] - before_filter :load_filters_param, only: [:index, :contents] - before_filter :find_objects_for_index, :only => :index - before_filter :reload_object_before_update, :only => :update - before_filter(:render_404_if_no_object, + before_action :load_required_parameters + before_action :load_limit_offset_order_params, only: [:index, :contents] + before_action :load_where_param, only: [:index, :contents] + before_action :load_filters_param, only: [:index, :contents] + before_action :find_objects_for_index, :only => :index + before_action :reload_object_before_update, :only => :update + before_action(:render_404_if_no_object, except: [:index, :create] + ERROR_ACTIONS) - theme Rails.configuration.arvados_theme - attr_writer :resource_attrs begin @@ -82,11 +80,14 @@ class ApplicationController < ActionController::Base end def default_url_options - if Rails.configuration.host - {:host => Rails.configuration.host} - else - {} + options = {} + if Rails.configuration.Services.Controller.ExternalURL != URI("") + exturl = Rails.configuration.Services.Controller.ExternalURL + options[:host] = exturl.host + options[:port] = exturl.port + options[:protocol] = exturl.scheme end + options end def index @@ -158,6 +159,10 @@ class ApplicationController < ActionController::Base send_error("Path not found", status: 404) end + def render_accepted + send_json ({accepted: true}), status: 202 + end + protected def send_error(*args) @@ -177,13 +182,16 @@ class ApplicationController < ActionController::Base # The obvious render(json: ...) forces a slow JSON encoder. See # #3021 and commit logs. Might be fixed in Rails 4.1. render({ - text: SafeJSON.dump(response).html_safe, + plain: SafeJSON.dump(response).html_safe, content_type: 'application/json' }.merge opts) end def find_objects_for_index - @objects ||= model_class.readable_by(*@read_users, {:include_trash => (params[:include_trash] || 'untrash' == action_name)}) + @objects ||= model_class.readable_by(*@read_users, { + :include_trash => (params[:include_trash] || 'untrash' == action_name), + :include_old_versions => params[:include_old_versions] + }) apply_where_limit_order_params end @@ -229,7 +237,7 @@ class ApplicationController < ActionController::Base conditions[0] << " and #{ar_table_name}.#{attr} in (?)" conditions << value end - elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false + elsif value.is_a? String or value.is_a? Integer or value == true or value == false conditions[0] << " and #{ar_table_name}.#{attr}=?" conditions << value elsif value.is_a? Hash @@ -270,7 +278,7 @@ class ApplicationController < ActionController::Base @objects = @objects.order(@orders.join ", ") if @orders.any? @objects = @objects.limit(@limit) @objects = @objects.offset(@offset) - @objects = @objects.uniq(@distinct) if not @distinct.nil? + @objects = @objects.distinct(@distinct) if not @distinct.nil? end # limit_database_read ensures @objects (which must be an @@ -293,7 +301,7 @@ class ApplicationController < ActionController::Base limit_query.each do |record| new_limit += 1 read_total += record.read_length.to_i - if read_total >= Rails.configuration.max_index_database_read + if read_total >= Rails.configuration.API.MaxIndexDatabaseRead new_limit -= 1 if new_limit > 1 @limit = new_limit break @@ -310,10 +318,12 @@ class ApplicationController < ActionController::Base def resource_attrs return @attrs if @attrs @attrs = params[resource_name] - if @attrs.is_a? String + if @attrs.nil? + @attrs = {} + elsif @attrs.is_a? String @attrs = Oj.strict_load @attrs, symbol_keys: true end - unless @attrs.is_a? Hash + unless [Hash, ActionController::Parameters].include? @attrs.class message = "No #{resource_name}" if resource_name.index('_') message << " (or #{resource_name.camelcase(:lower)})" @@ -338,13 +348,20 @@ class ApplicationController < ActionController::Base # If there are too many reader tokens, assume the request is malicious # and ignore it. if request.get? and params[:reader_tokens] and - params[:reader_tokens].size < 100 + params[:reader_tokens].size < 100 + secrets = params[:reader_tokens].map { |t| + if t.is_a? String and t.starts_with? "v2/" + t.split("/")[2] + else + t + end + } @read_auths += ApiClientAuthorization .includes(:user) .where('api_token IN (?) AND (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)', - params[:reader_tokens]) - .all + secrets) + .to_a end @read_auths.select! { |auth| auth.scopes_allow_request? request } @read_users = @read_auths.map(&:user).uniq @@ -383,7 +400,9 @@ class ApplicationController < ActionController::Base req_id = "req-" + Random::DEFAULT.rand(2**128).to_s(36)[0..19] end response.headers['X-Request-Id'] = Thread.current[:request_id] = req_id - yield + Rails.logger.tagged(req_id) do + yield + end Thread.current[:request_id] = nil end @@ -395,8 +414,7 @@ class ApplicationController < ActionController::Base end def disable_api_methods - if Rails.configuration.disable_api_methods. - include?(controller_name + "." + action_name) + if Rails.configuration.API.DisabledAPIs.include?(controller_name + "." + action_name) send_error("Disabled", status: 404) end end @@ -409,8 +427,8 @@ class ApplicationController < ActionController::Base end def respond_with_json_by_default - html_index = request.accepts.index(Mime::HTML) - if html_index.nil? or request.accepts[0...html_index].include?(Mime::JSON) + html_index = request.accepts.index(Mime[:html]) + if html_index.nil? or request.accepts[0...html_index].include?(Mime[:json]) request.format = :json end end @@ -450,21 +468,31 @@ class ApplicationController < ActionController::Base end def load_json_value(hash, key, must_be_class=nil) - if hash[key].is_a? String - hash[key] = SafeJSON.load(hash[key]) - if must_be_class and !hash[key].is_a? must_be_class - raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") - end + return if hash[key].nil? + + val = hash[key] + if val.is_a? ActionController::Parameters + val = val.to_unsafe_hash + elsif val.is_a? String + val = SafeJSON.load(val) + hash[key] = val + end + # When assigning a Hash to an ActionController::Parameters and then + # retrieve it, we get another ActionController::Parameters instead of + # a Hash. This doesn't happen with other types. This is why 'val' is + # being used to do type checking below. + if must_be_class and !val.is_a? must_be_class + raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") end end def self.accept_attribute_as_json(attr, must_be_class=nil) - before_filter lambda { accept_attribute_as_json attr, must_be_class } + before_action lambda { accept_attribute_as_json attr, must_be_class } end accept_attribute_as_json :properties, Hash accept_attribute_as_json :info, Hash def accept_attribute_as_json(attr, must_be_class) - if params[resource_name] and resource_attrs.is_a? Hash + if params[resource_name] and [Hash, ActionController::Parameters].include?(resource_attrs.class) if resource_attrs[attr].is_a? Hash # Convert symbol keys to strings (in hashes provided by # resource_attrs) @@ -477,7 +505,7 @@ class ApplicationController < ActionController::Base end def self.accept_param_as_json(key, must_be_class=nil) - prepend_before_filter lambda { load_json_value(params, key, must_be_class) } + prepend_before_action lambda { load_json_value(params, key, must_be_class) } end accept_param_as_json :reader_tokens, Array @@ -491,15 +519,17 @@ class ApplicationController < ActionController::Base :self_link => "", :offset => @offset, :limit => @limit, - :items => @objects.as_api_response(nil, {select: @select}), - :included => @extra_included.as_api_response(nil, {select: @select}), + :items => @objects.as_api_response(nil, {select: @select}) } + if @extra_included + list[:included] = @extra_included.as_api_response(nil, {select: @select}) + end case params[:count] when nil, '', 'exact' if @objects.respond_to? :except list[:items_available] = @objects. except(:limit).except(:offset). - count(:id, distinct: true) + distinct.count(:id) end when 'none' else @@ -553,7 +583,13 @@ class ApplicationController < ActionController::Base location: "query", required: false, default: false - } + }, + cluster_id: { + type: 'string', + description: "Create object on a remote federated cluster instead of the current one.", + location: "query", + required: false, + }, } end @@ -571,6 +607,12 @@ class ApplicationController < ActionController::Base limit: { type: 'integer', required: false, default: DEFAULT_LIMIT }, offset: { type: 'integer', required: false, default: 0 }, count: { type: 'string', required: false, default: 'exact' }, + cluster_id: { + type: 'string', + description: "List objects on a remote federated cluster instead of the current one.", + location: "query", + required: false, + }, } end