X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9e1d5923421b3439f0cd3297240beebebed38754..7d598997ce1851f37ac0ec21c47abc76d5e84277:/services/api/app/models/user.rb diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 677685d67a..64e0d09451 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -13,6 +13,8 @@ class User < ArvadosModel before_create :check_auto_admin after_create :add_system_group_permission_link after_create :send_admin_notifications + after_update :send_profile_created_notification + has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid @@ -51,9 +53,13 @@ class User < ArvadosModel def can?(actions) return true if is_admin actions.each do |action, target| - target_uuid = target - if target.respond_to? :uuid - target_uuid = target.uuid + unless target.nil? + if target.respond_to? :uuid + target_uuid = target.uuid + else + target_uuid = target + target = ArvadosModel.find_by_uuid(target_uuid) + end end next if target_uuid == self.uuid next if (group_permissions[target_uuid] and @@ -75,19 +81,30 @@ class User < ArvadosModel # Return a hash of {group_uuid: perm_hash} where perm_hash[:read] # and perm_hash[:write] are true if this user can read and write # objects owned by group_uuid. + # + # The permission graph is built by repeatedly enumerating all + # permission links reachable from self.uuid, and then calling + # search_permissions def group_permissions Rails.cache.fetch "groups_for_user_#{self.uuid}" do permissions_from = {} todo = {self.uuid => true} done = {} + # Build the equivalence class of permissions starting with + # self.uuid. On each iteration of this loop, todo contains + # the next set of uuids in the permission equivalence class + # to evaluate. while !todo.empty? lookup_uuids = todo.keys lookup_uuids.each do |uuid| done[uuid] = true end todo = {} newgroups = [] + # include all groups owned by the current set of uuids. Group.where('owner_uuid in (?)', lookup_uuids).each do |group| newgroups << [group.owner_uuid, group.uuid, 'can_manage'] end + # add any permission links from the current lookup_uuids to a + # User or Group. Link.where('tail_uuid in (?) and link_class = ? and (head_uuid like ? or head_uuid like ?)', lookup_uuids, 'permission', @@ -146,7 +163,7 @@ class User < ArvadosModel # delete repo_perms for this user repo_perms = Link.where(tail_uuid: self.uuid, link_class: 'permission', - name: 'can_write') + name: 'can_manage') repo_perms.each do |perm| Link.delete perm end @@ -203,7 +220,7 @@ class User < ArvadosModel def check_auto_admin if User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0 and Rails.configuration.auto_admin_user - if current_user.email == Rails.configuration.auto_admin_user + if self.email == Rails.configuration.auto_admin_user self.is_admin = true self.is_active = true end @@ -297,7 +314,7 @@ class User < ArvadosModel repo_perms = Link.where(tail_uuid: self.uuid, head_uuid: repo[:uuid], link_class: 'permission', - name: 'can_write') + name: 'can_manage') if repo_perms.any? logger.warn "User already has repository access " + repo_perms.collect { |p| p[:uuid] }.inspect @@ -312,7 +329,7 @@ class User < ArvadosModel repo_perm = Link.create(tail_uuid: self.uuid, head_uuid: repo[:uuid], link_class: 'permission', - name: 'can_write') + name: 'can_manage') logger.info { "repo permission: " + repo_perm[:uuid] } return repo_perm end @@ -414,4 +431,15 @@ class User < ArvadosModel AdminNotifier.new_inactive_user(self).deliver end end + + # Send notification if the user saved profile for the first time + def send_profile_created_notification + if self.prefs_changed? + if self.prefs_was.andand.empty? || !self.prefs_was.andand['profile'] + profile_notification_address = Rails.configuration.user_profile_notification_address + ProfileNotifier.profile_created(self, profile_notification_address).deliver if profile_notification_address + end + end + end + end