X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6f6235983d91e0b9fb5660d0a2825f510bbdac73..84decc8949fc51ec2eaf906fc2c4cbbb3df807dd:/apps/workbench/app/models/arvados_base.rb?ds=sidebyside diff --git a/apps/workbench/app/models/arvados_base.rb b/apps/workbench/app/models/arvados_base.rb index 47a9d6d02e..7d8603782e 100644 --- a/apps/workbench/app/models/arvados_base.rb +++ b/apps/workbench/app/models/arvados_base.rb @@ -30,27 +30,26 @@ class ArvadosBase < ActiveRecord::Base end def initialize raw_params={} - begin - super self.class.permit_attribute_params(raw_params) - rescue Exception => e - logger.debug raw_params - logger.debug self.class.permit_attribute_params(raw_params).inspect - logger.debug self.class.attribute_info.inspect - raise e - end + super self.class.permit_attribute_params(raw_params) @attribute_sortkey ||= { 'id' => nil, - 'uuid' => '000', - 'owner_uuid' => '001', - 'created_at' => '002', - 'modified_at' => '003', - 'modified_by_user_uuid' => '004', - 'modified_by_client_uuid' => '005', - 'name' => '050', - 'tail_uuid' => '100', - 'head_uuid' => '101', - 'info' => 'zzz-000', - 'updated_at' => 'zzz-999' + 'name' => '000', + 'owner_uuid' => '002', + 'event_type' => '100', + 'link_class' => '100', + 'group_class' => '100', + 'tail_uuid' => '101', + 'head_uuid' => '102', + 'object_uuid' => '102', + 'summary' => '104', + 'description' => '104', + 'properties' => '150', + 'info' => '150', + 'created_at' => '200', + 'modified_at' => '201', + 'modified_by_user_uuid' => '202', + 'modified_by_client_uuid' => '203', + 'uuid' => '999', } end @@ -93,6 +92,11 @@ class ArvadosBase < ActiveRecord::Base raise 'argument to find() must be a uuid string. Acceptable formats: warehouse locator or string with format xxxxx-xxxxx-xxxxxxxxxxxxxxx' end + if self == ArvadosBase + # Determine type from uuid and defer to the appropriate subclass. + return resource_class_for_uuid(uuid).find(uuid, opts) + end + # Only do one lookup on the API side per {class, uuid, workbench # request} unless {cache: false} is given via opts. cache_key = "request_#{Thread.current.object_id}_#{self.to_s}_#{uuid}" @@ -133,11 +137,14 @@ class ArvadosBase < ActiveRecord::Base # strong_parameters does not provide security in Workbench: anyone # who can get this far can just as well do a call directly to our # database (Arvados) with the same credentials we use. + # + # The following permit! is necessary even with + # "ActionController::Parameters.permit_all_parameters = true", + # because permit_all does not permit nested attributes. ActionController::Parameters.new(raw_params).permit! end def self.create raw_params={} - logger.error permit_attribute_params(raw_params).inspect super(permit_attribute_params(raw_params)) end @@ -274,6 +281,10 @@ class ArvadosBase < ActiveRecord::Base } end + def class_for_display + self.class.to_s + end + def self.creatable? current_user end @@ -281,7 +292,9 @@ class ArvadosBase < ActiveRecord::Base def editable? (current_user and current_user.is_active and (current_user.is_admin or - current_user.uuid == self.owner_uuid)) + current_user.uuid == self.owner_uuid or + new_record? or + (writable_by.include? current_user.uuid rescue false))) end def attribute_editable?(attr) @@ -289,10 +302,10 @@ class ArvadosBase < ActiveRecord::Base false elsif not (current_user.andand.is_active) false - elsif "uuid owner_uuid".index(attr.to_s) or current_user.is_admin + elsif attr == 'uuid' current_user.is_admin else - current_user.uuid == self.owner_uuid or current_user.uuid == self.uuid + editable? end end @@ -329,10 +342,18 @@ class ArvadosBase < ActiveRecord::Base (name if self.respond_to? :name) || uuid end + def content_summary + self.class_for_display + end + def selection_label friendly_link_name end + def owner + ArvadosBase.find(owner_uuid) rescue nil + end + protected def forget_uuid!