X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b7f67c80916c2efa0c234ab5f4e92c24d47223c5..3fa4a2b6138e3e9e468dd885a743ca38f08f0755:/services/api/app/models/log.rb

diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 39f789e69f..3207d1f288 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -4,7 +4,6 @@ class Log < ArvadosModel
   include CommonApiTemplate
   serialize :properties, Hash
   before_validation :set_default_event_at
-  attr_accessor :object, :object_kind
   after_save :send_notify
 
   api_accessible :user, extend: :common do |t|
@@ -47,12 +46,30 @@ class Log < ArvadosModel
       self.event_at = thing.created_at
     when "update"
       self.event_at = thing.modified_at
-    when "destroy"
-      self.event_at = Time.now
+    when "delete"
+      self.event_at = db_current_time
     end
     self
   end
 
+  def self.readable_by(*users_list)
+    if users_list.select { |u| u.is_admin }.any?
+      return self
+    end
+    user_uuids = users_list.map { |u| u.uuid }
+    uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
+    uuid_list.uniq!
+    permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
+    joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
+      where("logs.object_uuid IN #{permitted} OR "+
+            "container_requests.uuid IN (:uuids) OR "+
+            "container_requests.owner_uuid IN (:uuids) OR "+
+            "logs.object_uuid IN (:uuids) OR "+
+            "logs.owner_uuid IN (:uuids) OR "+
+            "logs.object_owner_uuid IN (:uuids)",
+            uuids: uuid_list)
+  end
+
   protected
 
   def permission_to_create
@@ -66,7 +83,7 @@ class Log < ArvadosModel
   alias_method :permission_to_delete, :permission_to_update
 
   def set_default_event_at
-    self.event_at ||= Time.now
+    self.event_at ||= db_current_time
   end
 
   def log_start_state