X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ab723c1c1d8655baeb48e0aa46c5d254a3f359c5..d1449f148c603506e76ad6e1261ad7cc527f37c0:/services/api/app/controllers/application_controller.rb

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index d6efb015cf..2f142b8a01 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
   before_filter :login_required, :except => :render_not_found
   before_filter :catch_redirect_hint
 
+  before_filter :load_where_param, :only => :index
   before_filter :find_objects_for_index, :only => :index
   before_filter :find_object_by_uuid, :except => [:index, :create]
 
@@ -37,8 +38,11 @@ class ApplicationController < ActionController::Base
   end
 
   def update
-    @object.update_attributes resource_attrs
-    show
+    if @object.update_attributes resource_attrs
+      show
+    else
+      render json: { errors: @object.errors.full_messages }, status: 422
+    end
   end
 
   def destroy
@@ -85,6 +89,11 @@ class ApplicationController < ActionController::Base
 
   protected
 
+  def load_where_param
+    @where = params[:where] || {}
+    @where = Oj.load(@where) if @where.is_a?(String)
+  end
+
   def find_objects_for_index
     uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
     sanitized_uuid_list = uuid_list.
@@ -95,15 +104,22 @@ class ApplicationController < ActionController::Base
             true, current_user.is_admin,
             uuid_list,
             current_user.uuid)
-    @where = params[:where] || {}
-    @where = Oj.load(@where) if @where.is_a?(String)
-    if params[:where]
+    if !@where.empty?
       conditions = ['1=1']
       @where.each do |attr,value|
-        if (!value.nil? and
-            attr.to_s.match(/^[a-z][_a-z0-9]+$/) and
-            model_class.columns.collect(&:name).index(attr))
-          if value.is_a? Array
+        if attr == 'any'
+          if value.is_a?(Array) and
+              value[0] == 'contains' and
+              model_class.columns.collect(&:name).index('name') then
+            conditions[0] << " and #{table_name}.name ilike ?"
+            conditions << "%#{value[1]}%"
+          end
+        elsif attr.to_s.match(/^[a-z][_a-z0-9]+$/) and
+            model_class.columns.collect(&:name).index(attr)
+          if value.nil?
+            conditions[0] << " and #{table_name}.#{attr} is ?"
+            conditions << nil
+          elsif value.is_a? Array
             conditions[0] << " and #{table_name}.#{attr} in (?)"
             conditions << value
           elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false
@@ -118,11 +134,6 @@ class ApplicationController < ActionController::Base
               end
             end
           end
-        elsif (!value.nil? and attr == 'any' and
-          value.is_a?(Array) and value[0] == 'contains' and
-          model_class.columns.collect(&:name).index('name')) then
-            conditions[0] << " and #{table_name}.name ilike ?"
-            conditions << "%#{value[1]}%"
         end
       end
       if conditions.length > 1
@@ -135,12 +146,27 @@ class ApplicationController < ActionController::Base
       begin
         @objects = @objects.limit(params[:limit].to_i)
       rescue
-        raise "invalid argument (limit)"
+        raise ArgumentError.new("Invalid value for limit parameter")
       end
     else
       @objects = @objects.limit(100)
     end
-    @objects = @objects.order("#{table_name}.modified_at desc")
+    orders = []
+    if params[:order]
+      params[:order].split(',').each do |order|
+        attr, direction = order.strip.split " "
+        direction ||= 'asc'
+        if attr.match /^[a-z][_a-z0-9]+$/ and
+            model_class.columns.collect(&:name).index(attr) and
+            ['asc','desc'].index direction.downcase
+          orders << "#{table_name}.#{attr} #{direction.downcase}"
+        end
+      end
+    end
+    if orders.empty?
+      orders << "#{table_name}.modified_at desc"
+    end
+    @objects = @objects.order(orders.join ", ")
   end
 
   def resource_attrs
@@ -150,7 +176,12 @@ class ApplicationController < ActionController::Base
       @attrs = uncamelcase_hash_keys(Oj.load @attrs)
     end
     unless @attrs.is_a? Hash
-      raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) hash provided with request #{params.inspect}"
+      message = "No #{resource_name}"
+      if resource_name.index('_')
+        message << " (or #{resource_name.camelcase(:lower)})"
+      end
+      message << " hash provided with request"
+      raise ArgumentError.new(message)
     end
     %w(created_at modified_by_client modified_by_user modified_at).each do |x|
       @attrs.delete x