X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/744ca00ccd1e7fda9d4210b18c1f4a734f3b2261..a25971cae157b6bc40037e391db226da36dc9b30:/services/api/lib/has_uuid.rb diff --git a/services/api/lib/has_uuid.rb b/services/api/lib/has_uuid.rb index 3bd330edca..e0a56134fc 100644 --- a/services/api/lib/has_uuid.rb +++ b/services/api/lib/has_uuid.rb @@ -1,7 +1,10 @@ module HasUuid + UUID_REGEX = /^[0-9a-z]{5}-([0-9a-z]{5})-[0-9a-z]{15}$/ + def self.included(base) base.extend(ClassMethods) + base.validate :validate_uuid base.before_create :assign_uuid base.before_destroy :destroy_permission_links base.has_many :links_via_head, class_name: 'Link', foreign_key: :head_uuid, primary_key: :uuid, conditions: "not (link_class = 'permission')", dependent: :restrict @@ -26,17 +29,44 @@ module HasUuid self.respond_to? :uuid end - def assign_uuid - return true if !self.respond_to_uuid? - if (uuid.is_a?(String) and uuid.length>0 and - current_user and current_user.is_admin) + def validate_uuid + if self.respond_to_uuid? and self.uuid_changed? + if current_user.andand.is_admin and self.uuid.is_a?(String) + if (re = self.uuid.match HasUuid::UUID_REGEX) + if re[1] == self.class.uuid_prefix + return true + else + self.errors.add(:uuid, "type field is '#{re[1]}', expected '#{self.class.uuid_prefix}'") + return false + end + else + self.errors.add(:uuid, "not a valid Arvados uuid '#{self.uuid}'") + return false + end + else + if self.new_record? + self.errors.add(:uuid, "assignment not permitted") + else + self.errors.add(:uuid, "change not permitted") + end + return false + end + else return true end - self.uuid = self.class.generate_uuid + end + + def assign_uuid + if self.respond_to_uuid? and self.uuid.nil? or self.uuid.empty? + self.uuid = self.class.generate_uuid + end + true end def destroy_permission_links - Link.destroy_all(['link_class=? and (head_uuid=? or tail_uuid=?)', - 'permission', uuid, uuid]) + if uuid + Link.destroy_all(['link_class=? and (head_uuid=? or tail_uuid=?)', + 'permission', uuid, uuid]) + end end end