X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b7ab0180bbe96dd1b61b9713d5a3f033f48386c5..b86543493dffefb1ec245f48550cfa9e0119f4d1:/services/api/app/controllers/arvados/v1/collections_controller.rb diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb index d136b9955d..922cf7dac1 100644 --- a/services/api/app/controllers/arvados/v1/collections_controller.rb +++ b/services/api/app/controllers/arvados/v1/collections_controller.rb @@ -1,67 +1,26 @@ +require "arvados/keep" + class Arvados::V1::CollectionsController < ApplicationController - def create - if !resource_attrs[:manifest_text] - return send_error("'manifest_text' attribute must be specified", - status: :unprocessable_entity) - end + def self.limit_index_columns_read + ["manifest_text"] + end - # Check permissions on the collection manifest. - # If any signature cannot be verified, return 403 Permission denied. - api_token = current_api_client_authorization.andand.api_token - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - resource_attrs[:manifest_text].lines.each do |entry| - entry.split[1..-1].each do |tok| - if /^[[:digit:]]+:[[:digit:]]+:/.match tok - # This is a filename token, not a blob locator. Note that we - # keep checking tokens after this, even though manifest - # format dictates that all subsequent tokens will also be - # filenames. Safety first! - elsif Blob.verify_signature tok, signing_opts - # OK. - elsif Locator.parse(tok).andand.signature - # Signature provided, but verify_signature did not like it. - logger.warn "Invalid signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - elsif Rails.configuration.permit_create_collection_with_unsigned_manifest - # No signature provided, but we are running in insecure mode. - logger.debug "Missing signature on locator #{tok} ignored" - elsif Blob.new(tok).empty? - # No signature provided -- but no data to protect, either. - else - logger.warn "Missing signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - end - end + def create + if resource_attrs[:uuid] and (loc = Keep::Locator.parse(resource_attrs[:uuid])) + resource_attrs[:portable_data_hash] = loc.to_s + resource_attrs.delete :uuid end - - # Remove any permission signatures from the manifest. - resource_attrs[:manifest_text] - .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| - word.strip! - loc = Locator.parse(word) - if loc - " " + loc.without_signature.to_s - else - " " + word - end - } - super end def find_object_by_uuid - if loc = Locator.parse(params[:id]) + if loc = Keep::Locator.parse(params[:id]) loc.strip_hints! if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first @object = { + uuid: c.portable_data_hash, portable_data_hash: c.portable_data_hash, - manifest_text: c.manifest_text, - files: c.files, - data_size: c.data_size + manifest_text: c.signed_manifest_text, } end else @@ -71,44 +30,32 @@ class Arvados::V1::CollectionsController < ApplicationController end def show - if current_api_client_authorization - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: current_api_client_authorization.api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - @object[:manifest_text] - .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| - word.strip! - loc = Locator.parse(word) - if loc - " " + Blob.sign_locator(word, signing_opts) - else - " " + word - end - } - end if @object.is_a? Collection - render json: @object.as_api_response(:with_data) + super else - render json: @object + send_json @object end end - def script_param_edges(visited, sp) + def find_collections(visited, sp, &b) case sp + when ArvadosModel + sp.class.columns.each do |c| + find_collections(visited, sp[c.name.to_sym], &b) if c.name != "log" + end when Hash sp.each do |k, v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when Array sp.each do |v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when String - return if sp.empty? - if loc = Locator.parse(sp) - search_edges(visited, loc.to_s, :search_up) + if m = /[a-f0-9]{32}\+\d+/.match(sp) + yield m[0], nil + elsif m = Collection.uuid_regex.match(sp) + yield nil, m[0] end end end @@ -118,7 +65,7 @@ class Arvados::V1::CollectionsController < ApplicationController return end - if loc = Locator.parse(uuid) + if loc = Keep::Locator.parse(uuid) loc.strip_hints! return if visited[loc.to_s] end @@ -127,12 +74,23 @@ class Arvados::V1::CollectionsController < ApplicationController if loc # uuid is a portable_data_hash - if c = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s).limit(1).first - visited[loc.to_s] = { - portable_data_hash: c.portable_data_hash, - files: c.files, - data_size: c.data_size - } + collections = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s) + c = collections.limit(2).all + if c.size == 1 + visited[loc.to_s] = c[0] + elsif c.size > 1 + name = collections.limit(1).where("name <> ''").first + if name + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: "#{name.name} + #{collections.count-1} more" + } + else + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: loc.to_s + } + end end if direction == :search_up @@ -154,6 +112,10 @@ class Arvados::V1::CollectionsController < ApplicationController Job.readable_by(*@read_users).where(["jobs.script_parameters like ?", "%#{loc.to_s}%"]).each do |job| search_edges(visited, job.uuid, :search_down) end + + Job.readable_by(*@read_users).where(["jobs.docker_image_locator = ?", "#{loc.to_s}"]).each do |job| + search_edges(visited, job.uuid, :search_down) + end end else # uuid is a regular Arvados UUID @@ -163,7 +125,10 @@ class Arvados::V1::CollectionsController < ApplicationController visited[uuid] = job.as_api_response if direction == :search_up # Follow upstream collections referenced in the script parameters - script_param_edges(visited, job.script_parameters) + find_collections(visited, job) do |hash, uuid| + search_edges(visited, hash, :search_up) if hash + search_edges(visited, uuid, :search_up) if uuid + end elsif direction == :search_down # Follow downstream job output search_edges(visited, job.output, direction) @@ -171,8 +136,8 @@ class Arvados::V1::CollectionsController < ApplicationController end elsif rsc == Collection if c = Collection.readable_by(*@read_users).where(uuid: uuid).limit(1).first - visited[uuid] = c.as_api_response search_edges(visited, c.portable_data_hash, direction) + visited[c.portable_data_hash] = c.as_api_response end elsif rsc != nil rsc.where(uuid: uuid).each do |r| @@ -202,14 +167,25 @@ class Arvados::V1::CollectionsController < ApplicationController def provenance visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_up) - render json: visited + search_edges(visited, @object[:portable_data_hash], :search_up) + search_edges(visited, @object[:uuid], :search_up) + send_json visited end def used_by visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_down) - render json: visited + search_edges(visited, @object[:uuid], :search_down) + search_edges(visited, @object[:portable_data_hash], :search_down) + send_json visited end + protected + + def load_limit_offset_order_params *args + super + if action_name == 'index' + # Omit manifest_text from index results unless expressly selected. + @select ||= model_class.selectable_attributes - ["manifest_text"] + end + end end