X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8cd7249b96576285388ef036d04532f72a8f1ee3..7407f41105f8000bb3908d41a31daaf3a30d9440:/services/api/lib/current_api_client.rb diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb index 6c1ff2807e..98112c858b 100644 --- a/services/api/lib/current_api_client.rb +++ b/services/api/lib/current_api_client.rb @@ -1,3 +1,15 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +$system_user = nil +$system_group = nil +$all_users_group = nil +$anonymous_user = nil +$anonymous_group = nil +$anonymous_group_read_permission = nil +$empty_collection = nil + module CurrentApiClient def current_user Thread.current[:user] @@ -30,25 +42,25 @@ module CurrentApiClient end def system_user_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, User.uuid_prefix, '000000000000000'].join('-') end def system_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, '000000000000000'].join('-') end def anonymous_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, 'anonymouspublic'].join('-') end def anonymous_user_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, User.uuid_prefix, 'anonymouspublic'].join('-') end @@ -78,14 +90,13 @@ module CurrentApiClient ActiveRecord::Base.transaction do Group.where(uuid: system_group_uuid). first_or_create!(name: "System group", - description: "System group") do |g| + description: "System group", + group_class: "role") do |g| g.save! User.all.collect(&:uuid).each do |user_uuid| Link.create!(link_class: 'permission', name: 'can_manage', - tail_kind: 'arvados#group', tail_uuid: system_group_uuid, - head_kind: 'arvados#user', head_uuid: user_uuid) end end @@ -95,7 +106,7 @@ module CurrentApiClient end def all_users_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, 'fffffffffffffff'].join('-') end @@ -146,6 +157,18 @@ module CurrentApiClient end end + def anonymous_group_read_permission + $anonymous_group_read_permission = + check_cache $anonymous_group_read_permission do + act_as_system_user do + Link.where(tail_uuid: all_users_group.uuid, + head_uuid: anonymous_group.uuid, + link_class: "permission", + name: "can_read").first_or_create! + end + end + end + def anonymous_user $anonymous_user = check_cache $anonymous_user do act_as_system_user do @@ -166,7 +189,7 @@ module CurrentApiClient end end - def empty_collection_uuid + def empty_collection_pdh 'd41d8cd98f00b204e9800998ecf8427e+0' end @@ -175,8 +198,16 @@ module CurrentApiClient act_as_system_user do ActiveRecord::Base.transaction do Collection. - where(portable_data_hash: empty_collection_uuid). - first_or_create!(manifest_text: '', owner_uuid: anonymous_group.uuid) + where(portable_data_hash: empty_collection_pdh). + first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c| + c.save! + Link.where(tail_uuid: anonymous_group.uuid, + head_uuid: c.uuid, + link_class: 'permission', + name: 'can_read'). + first_or_create! + c + end end end end