X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6a18fc0d6f3f9859e905d4762796d813a157605b..7a537556b3503bf957ad3da2bf27885518a33230:/services/api/app/models/user.rb diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 672dd1950b..563bb07170 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -111,65 +111,38 @@ class User < ArvadosModel def self.setup(user, openid_prefix, repo_name=nil, vm_uuid=nil) login_perm_props = {identity_url_prefix: openid_prefix} - if user[:uuid] - found = User.find_by_uuid user[:uuid] - end - - if !found - if !user[:email] - raise "No email found in the input. Aborting user creation." - end - if !user.save - raise "Save failed" - end - else - user = found - end - - # Check opd_login_perm - oid_login_perm = Link.where(tail_uuid: user[:email], - head_kind: 'arvados#user', - link_class: 'permission', - name: 'can_login') + # Check oid_login_perm + oid_login_perms = Link.where(tail_uuid: user.email, + head_kind: 'arvados#user', + link_class: 'permission', + name: 'can_login') - if !oid_login_perm.any? + if !oid_login_perms.any? # create openid login permission oid_login_perm = Link.create(link_class: 'permission', name: 'can_login', tail_kind: 'email', - tail_uuid: user[:email], + tail_uuid: user.email, head_kind: 'arvados#user', - head_uuid: user[:uuid], + head_uuid: user.uuid, properties: login_perm_props ) logger.info { "openid login permission: " + oid_login_perm[:uuid] } + else + oid_login_perm = oid_login_perms.first end - # create repo, vm, and group links - response = {user: user, oid_login_perm: oid_login_perm} - - user.setup_links(repo_name, vm_uuid, openid_prefix, response) - - return response + return [oid_login_perm] + user.setup_repo_vm_links(repo_name, vm_uuid) end # create links - def setup_links(repo_name, vm_uuid, openid_prefix, response) + def setup_repo_vm_links(repo_name, vm_uuid) repo_perm = create_user_repo_link repo_name - if repo_perm - response[:repo_perm] = repo_perm - end - vm_login_perm = create_vm_login_permission_link vm_uuid, repo_name - if vm_login_perm - response[:vm_login_perm] = vm_login_perm - end + group_perm = create_user_group_link - group_perm = create_user_group_links - if group_perm - response[:group_perm] = group_perm - end + return [repo_perm, vm_login_perm, group_perm, self].compact end protected @@ -242,6 +215,7 @@ class User < ArvadosModel end def create_user_repo_link(repo_name) + # repo_name is optional if not repo_name logger.warn ("Repository name not given for #{self.uuid}.") return @@ -282,23 +256,28 @@ class User < ArvadosModel # create login permission for the given vm_uuid, if it does not already exist def create_vm_login_permission_link(vm_uuid, repo_name) - # Look up the given virtual machine just to make sure it really exists. begin - vm = VirtualMachine.where(uuid: vm_uuid).first - - if not vm - logger.warn "Could not find virtual machine for #{vm_uuid.inspect}" - return + + # vm uuid is optional + if vm_uuid + vm = VirtualMachine.where(uuid: vm_uuid).first + + if not vm + logger.warn "Could not find virtual machine for #{vm_uuid.inspect}" + raise "No vm found for #{vm_uuid}" + end + else + return end logger.info { "vm uuid: " + vm[:uuid] } - login_perm = Link.where(tail_uuid: self.uuid, + login_perms = Link.where(tail_uuid: self.uuid, head_uuid: vm[:uuid], head_kind: 'arvados#virtualMachine', link_class: 'permission', name: 'can_login') - if !login_perm.any? + if !login_perms.any? login_perm = Link.create(tail_kind: 'arvados#user', tail_uuid: self.uuid, head_kind: 'arvados#virtualMachine', @@ -307,6 +286,8 @@ class User < ArvadosModel name: 'can_login', properties: {username: repo_name}) logger.info { "login permission: " + login_perm[:uuid] } + else + login_perm = login_perms.first end return login_perm @@ -314,7 +295,7 @@ class User < ArvadosModel end # add the user to the 'All users' group - def create_user_group_links + def create_user_group_link # Look up the "All users" group (we expect uuid *-*-fffffffffffffff). group = Group.where(name: 'All users').select do |g| g[:uuid].match /-f+$/ @@ -322,17 +303,17 @@ class User < ArvadosModel if not group logger.warn "No 'All users' group with uuid '*-*-fffffffffffffff'." - return + raise "No 'All users' group with uuid '*-*-fffffffffffffff' is found" else logger.info { "\"All users\" group uuid: " + group[:uuid] } - group_perm = Link.where(tail_uuid: self.uuid, + group_perms = Link.where(tail_uuid: self.uuid, head_uuid: group[:uuid], head_kind: 'arvados#group', link_class: 'permission', name: 'can_read') - if !group_perm.any? + if !group_perms.any? group_perm = Link.create(tail_kind: 'arvados#user', tail_uuid: self.uuid, head_kind: 'arvados#group', @@ -340,6 +321,8 @@ class User < ArvadosModel link_class: 'permission', name: 'can_read') logger.info { "group permission: " + group_perm[:uuid] } + else + group_perm = group_perms.first end return group_perm