X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/67c0a6e006f6e181204559dc28af16a8656878b8..f2a79e0cc9bffcbe941d9a05b78f102fa6f09d03:/services/api/app/controllers/arvados/v1/collections_controller.rb diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb index 443bbb46a5..3803d37691 100644 --- a/services/api/app/controllers/arvados/v1/collections_controller.rb +++ b/services/api/app/controllers/arvados/v1/collections_controller.rb @@ -1,114 +1,84 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require "arvados/keep" +require "trashable" + class Arvados::V1::CollectionsController < ApplicationController + include DbCurrentTime + include TrashableController + + def self._index_requires_parameters + (super rescue {}). + merge({ + include_trash: { + type: 'boolean', required: false, description: "Include collections whose is_trashed attribute is true." + }, + }) + end + def create - if !resource_attrs[:manifest_text] - return send_error("'manifest_text' attribute must be specified", - status: :unprocessable_entity) + if resource_attrs[:uuid] and (loc = Keep::Locator.parse(resource_attrs[:uuid])) + resource_attrs[:portable_data_hash] = loc.to_s + resource_attrs.delete :uuid end + super + end - # Check permissions on the collection manifest. - # If any signature cannot be verified, return 403 Permission denied. - api_token = current_api_client_authorization.andand.api_token - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - resource_attrs[:manifest_text].lines.each do |entry| - entry.split[1..-1].each do |tok| - if /^[[:digit:]]+:[[:digit:]]+:/.match tok - # This is a filename token, not a blob locator. Note that we - # keep checking tokens after this, even though manifest - # format dictates that all subsequent tokens will also be - # filenames. Safety first! - elsif Blob.verify_signature tok, signing_opts - # OK. - elsif Locator.parse(tok).andand.signature - # Signature provided, but verify_signature did not like it. - logger.warn "Invalid signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - elsif Rails.configuration.permit_create_collection_with_unsigned_manifest - # No signature provided, but we are running in insecure mode. - logger.debug "Missing signature on locator #{tok} ignored" - elsif Blob.new(tok).empty? - # No signature provided -- but no data to protect, either. - else - logger.warn "Missing signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - end - end + def find_objects_for_index + if params[:include_trash] || ['destroy', 'trash', 'untrash'].include?(action_name) + @objects = Collection.readable_by(*@read_users, {include_trash: true, query_on: Collection.unscoped}) end - - # Remove any permission signatures from the manifest. - resource_attrs[:manifest_text] - .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| - word.strip! - loc = Locator.parse(word) - if loc - " " + loc.without_signature.to_s - else - " " + word - end - } - super end def find_object_by_uuid - if loc = Locator.parse(params[:id]) + if loc = Keep::Locator.parse(params[:id]) loc.strip_hints! if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first @object = { + uuid: c.portable_data_hash, portable_data_hash: c.portable_data_hash, - manifest_text: c.manifest_text, - files: c.files, - data_size: c.data_size + manifest_text: c.signed_manifest_text, } end + true else super end - true end def show - if current_api_client_authorization - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: current_api_client_authorization.api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - @object[:manifest_text] - .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| - word.strip! - loc = Locator.parse(word) - if loc - " " + Blob.sign_locator(word, signing_opts) - else - " " + word - end - } - end if @object.is_a? Collection - render json: @object.as_api_response(:with_data) + # Omit unsigned_manifest_text + @select ||= model_class.selectable_attributes - ["unsigned_manifest_text"] + super else - render json: @object + send_json @object end end - def script_param_edges(visited, sp) + + def find_collections(visited, sp, &b) case sp + when ArvadosModel + sp.class.columns.each do |c| + find_collections(visited, sp[c.name.to_sym], &b) if c.name != "log" + end when Hash sp.each do |k, v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when Array sp.each do |v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when String - return if sp.empty? - if loc = Locator.parse(sp) - search_edges(visited, loc.to_s, :search_up) + if m = /[a-f0-9]{32}\+\d+/.match(sp) + yield m[0], nil + elsif m = Collection.uuid_regex.match(sp) + yield nil, m[0] end end end @@ -118,7 +88,7 @@ class Arvados::V1::CollectionsController < ApplicationController return end - if loc = Locator.parse(uuid) + if loc = Keep::Locator.parse(uuid) loc.strip_hints! return if visited[loc.to_s] end @@ -127,12 +97,23 @@ class Arvados::V1::CollectionsController < ApplicationController if loc # uuid is a portable_data_hash - if c = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s).limit(1).first - visited[loc.to_s] = { - portable_data_hash: c.portable_data_hash, - files: c.files, - data_size: c.data_size - } + collections = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s) + c = collections.limit(2).all + if c.size == 1 + visited[loc.to_s] = c[0] + elsif c.size > 1 + name = collections.limit(1).where("name <> ''").first + if name + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: "#{name.name} + #{collections.count-1} more" + } + else + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: loc.to_s + } + end end if direction == :search_up @@ -154,6 +135,10 @@ class Arvados::V1::CollectionsController < ApplicationController Job.readable_by(*@read_users).where(["jobs.script_parameters like ?", "%#{loc.to_s}%"]).each do |job| search_edges(visited, job.uuid, :search_down) end + + Job.readable_by(*@read_users).where(["jobs.docker_image_locator = ?", "#{loc.to_s}"]).each do |job| + search_edges(visited, job.uuid, :search_down) + end end else # uuid is a regular Arvados UUID @@ -163,7 +148,10 @@ class Arvados::V1::CollectionsController < ApplicationController visited[uuid] = job.as_api_response if direction == :search_up # Follow upstream collections referenced in the script parameters - script_param_edges(visited, job.script_parameters) + find_collections(visited, job) do |hash, col_uuid| + search_edges(visited, hash, :search_up) if hash + search_edges(visited, col_uuid, :search_up) if col_uuid + end elsif direction == :search_down # Follow downstream job output search_edges(visited, job.output, direction) @@ -202,14 +190,25 @@ class Arvados::V1::CollectionsController < ApplicationController def provenance visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_up) - render json: visited + search_edges(visited, @object[:portable_data_hash], :search_up) + search_edges(visited, @object[:uuid], :search_up) + send_json visited end def used_by visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_down) - render json: visited + search_edges(visited, @object[:uuid], :search_down) + search_edges(visited, @object[:portable_data_hash], :search_down) + send_json visited end + protected + + def load_limit_offset_order_params *args + super + if action_name == 'index' + # Omit manifest_text and unsigned_manifest_text from index results unless expressly selected. + @select ||= model_class.selectable_attributes - ["manifest_text", "unsigned_manifest_text"] + end + end end