X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b96d5caa0056472fe67b82bd5305448d85c7d0cd..ddff0f5816f8100154c9ae0a95147b2061097da3:/services/api/lib/fix_roles_projects.rb

diff --git a/services/api/lib/fix_roles_projects.rb b/services/api/lib/fix_roles_projects.rb
index 5dd127b3e2..79fea45901 100644
--- a/services/api/lib/fix_roles_projects.rb
+++ b/services/api/lib/fix_roles_projects.rb
@@ -2,6 +2,8 @@
 #
 # SPDX-License-Identifier: AGPL-3.0
 
+require 'update_permissions'
+
 include CurrentApiClient
 
 def fix_roles_projects
@@ -11,8 +13,8 @@ def fix_roles_projects
     # shouldn't be anything to do at all.
     act_as_system_user do
       ActiveRecord::Base.transaction do
-        Group.where("group_class != 'project' or group_class is null").each do |g|
-          # 1) any group not group_class != project becomes a 'role' (both empty and invalid groups)
+        Group.where("(group_class != 'project' and group_class != 'filter') or group_class is null").each do |g|
+          # 1) any group not group_class != project and != filter becomes a 'role' (both empty and invalid groups)
           old_owner = g.owner_uuid
           g.owner_uuid = system_user_uuid
           g.group_class = 'role'
@@ -20,10 +22,11 @@ def fix_roles_projects
 
           if old_owner != system_user_uuid
             # 2) Ownership of a role becomes a can_manage link
-            Link.create!(link_class: 'permission',
+            Link.new(link_class: 'permission',
                          name: 'can_manage',
                          tail_uuid: old_owner,
-                         head_uuid: g.uuid)
+                         head_uuid: g.uuid).
+              save!(validate: false)
           end
         end
 
@@ -37,20 +40,22 @@ def fix_roles_projects
           # 3) If a role owns anything, give it to system user and it
           # becomes a can_manage link
           klass.joins("join groups on groups.uuid=#{klass.table_name}.owner_uuid and groups.group_class='role'").each do |owned|
-            Link.create!(link_class: 'permission',
-                         name: 'can_manage',
-                         tail_uuid: owned.owner_uuid,
-                         head_uuid: owned.uuid)
+            Link.new(link_class: 'permission',
+                     name: 'can_manage',
+                     tail_uuid: owned.owner_uuid,
+                     head_uuid: owned.uuid).
+              save!(validate: false)
             owned.owner_uuid = system_user_uuid
             owned.save_with_unique_name!
           end
         end
 
         Group.joins("join groups as g2 on g2.uuid=groups.owner_uuid and g2.group_class='role'").each do |owned|
-          Link.create!(link_class: 'permission',
+          Link.new(link_class: 'permission',
                        name: 'can_manage',
                        tail_uuid: owned.owner_uuid,
-                       head_uuid: owned.uuid)
+                       head_uuid: owned.uuid).
+            save!(validate: false)
           owned.owner_uuid = system_user_uuid
           owned.save_with_unique_name!
         end