X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9f2369613436b945c1b9322cbf8b64bfabed5ce4..0e239ef805b8c6eda936073197cf96d0329db048:/services/api/app/controllers/arvados/v1/repositories_controller.rb diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb index 6ba98c8e09..fd6ab58207 100644 --- a/services/api/app/controllers/arvados/v1/repositories_controller.rb +++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb @@ -1,21 +1,32 @@ class Arvados::V1::RepositoriesController < ApplicationController + skip_before_filter :find_object_by_uuid, :only => :get_all_permissions + skip_before_filter :render_404_if_no_object, :only => :get_all_permissions before_filter :admin_required, :only => :get_all_permissions def get_all_permissions @users = {} - User.includes(:authorized_keys).all.each do |u| + User.includes(:authorized_keys).find_each do |u| @users[u.uuid] = u end + admins = @users.select { |k,v| v.is_admin } @user_aks = {} @repo_info = {} - @repos = Repository.includes(:permissions).all - @repos.each do |repo| + Repository.includes(:permissions).find_each do |repo| + @repo_info[repo.uuid] = { + uuid: repo.uuid, + name: repo.name, + push_url: repo.push_url, + fetch_url: repo.fetch_url, + user_permissions: {}, + } gitolite_permissions = '' perms = [] repo.permissions.each do |perm| - if perm.tail_kind == 'arvados#group' + if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group @users.each do |user_uuid, user| user.group_permissions.each do |group_uuid, perm_mask| - if perm_mask[:write] + if perm_mask[:manage] + perms << {name: 'can_manage', user_uuid: user_uuid} + elsif perm_mask[:write] perms << {name: 'can_write', user_uuid: user_uuid} elsif perm_mask[:read] perms << {name: 'can_read', user_uuid: user_uuid} @@ -26,6 +37,10 @@ class Arvados::V1::RepositoriesController < ApplicationController perms << {name: perm.name, user_uuid: perm.tail_uuid} end end + # Owner of the repository, and all admins, can RW + ([repo.owner_uuid] + admins.keys).each do |user_uuid| + perms << {name: 'can_write', user_uuid: user_uuid} + end perms.each do |perm| user_uuid = perm[:user_uuid] @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand. @@ -36,13 +51,6 @@ class Arvados::V1::RepositoriesController < ApplicationController } end || [] if @user_aks[user_uuid].any? - @repo_info[repo.uuid] ||= { - uuid: repo.uuid, - name: repo.name, - push_url: repo.push_url, - fetch_url: repo.fetch_url, - user_permissions: {} - } ri = (@repo_info[repo.uuid][:user_permissions][user_uuid] ||= {}) ri[perm[:name]] = true end @@ -50,7 +58,11 @@ class Arvados::V1::RepositoriesController < ApplicationController end @repo_info.values.each do |repo_users| repo_users[:user_permissions].each do |user_uuid,perms| - if perms['can_write'] + if perms['can_manage'] + perms[:gitolite_permissions] = 'RW' + perms['can_write'] = true + perms['can_read'] = true + elsif perms['can_write'] perms[:gitolite_permissions] = 'RW' perms['can_read'] = true elsif perms['can_read'] @@ -58,10 +70,8 @@ class Arvados::V1::RepositoriesController < ApplicationController end end end - render json: { - kind: 'arvados#RepositoryPermissionSnapshot', - repositories: @repo_info.values, - user_keys: @user_aks - } + send_json(kind: 'arvados#RepositoryPermissionSnapshot', + repositories: @repo_info.values, + user_keys: @user_aks) end end