X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/bc078b7d031968061e439309a6a6dbeb1938a407..70d97b98ddf977505069795ef08236fb439b18e1:/services/api/app/models/group.rb diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb index e3df460298..0c36a048dc 100644 --- a/services/api/app/models/group.rb +++ b/services/api/app/models/group.rb @@ -44,6 +44,17 @@ class Group < ArvadosModel t.add :is_trashed t.add :properties t.add :frozen_by_uuid + t.add :can_write + t.add :can_manage + end + + protected + + def self.attributes_required_columns + super.merge( + 'can_write' => ['owner_uuid', 'uuid'], + 'can_manage' => ['owner_uuid', 'uuid'], + ) end def ensure_filesystem_compatible_name @@ -116,6 +127,9 @@ class Group < ArvadosModel if !new_record? && !current_user.can?(manage: uuid) raise PermissionDeniedError end + if trash_at || delete_at || (!new_record? && TrashedGroup.where(group_uuid: uuid).any?) + errors.add(:frozen_by_uuid, "cannot be set on a trashed project") + end if frozen_by_uuid_was.nil? if Rails.configuration.API.FreezeProjectRequiresDescription && !attribute_present?(:description) errors.add(:frozen_by_uuid, "can only be set if description is non-empty") @@ -131,36 +145,38 @@ class Group < ArvadosModel end def update_trash - if saved_change_to_trash_at? or saved_change_to_owner_uuid? - # The group was added or removed from the trash. - # - # Strategy: - # Compute project subtree, propagating trash_at to subprojects - # Remove groups that don't belong from trash - # Add/update groups that do belong in the trash - - temptable = "group_subtree_#{rand(2**64).to_s(10)}" - ActiveRecord::Base.connection.exec_query %{ -create temporary table #{temptable} on commit drop -as select * from project_subtree_with_trash_at($1, LEAST($2, $3)::timestamp) -}, - 'Group.update_trash.select', - [[nil, self.uuid], - [nil, TrashedGroup.find_by_group_uuid(self.owner_uuid).andand.trash_at], - [nil, self.trash_at]] - - ActiveRecord::Base.connection.exec_delete %{ -delete from trashed_groups where group_uuid in (select target_uuid from #{temptable} where trash_at is NULL); -}, - "Group.update_trash.delete" - - ActiveRecord::Base.connection.exec_query %{ -insert into trashed_groups (group_uuid, trash_at) - select target_uuid as group_uuid, trash_at from #{temptable} where trash_at is not NULL -on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at; -}, - "Group.update_trash.insert" + return unless saved_change_to_trash_at? || saved_change_to_owner_uuid? + + # The group was added or removed from the trash. + # + # Strategy: + # Compute project subtree, propagating trash_at to subprojects + # Ensure none of the newly trashed descendants were frozen (if so, bail out) + # Remove groups that don't belong from trash + # Add/update groups that do belong in the trash + + temptable = "group_subtree_#{rand(2**64).to_s(10)}" + ActiveRecord::Base.connection.exec_query( + "create temporary table #{temptable} on commit drop " + + "as select * from project_subtree_with_trash_at($1, LEAST($2, $3)::timestamp)", + "Group.update_trash.select", + [[nil, self.uuid], + [nil, TrashedGroup.find_by_group_uuid(self.owner_uuid).andand.trash_at], + [nil, self.trash_at]]) + frozen_descendants = ActiveRecord::Base.connection.exec_query( + "select uuid from frozen_groups, #{temptable} where uuid = target_uuid", + "Group.update_trash.check_frozen") + if frozen_descendants.any? + raise ArgumentError.new("cannot trash project containing frozen project #{frozen_descendants[0]["uuid"]}") end + ActiveRecord::Base.connection.exec_delete( + "delete from trashed_groups where group_uuid in (select target_uuid from #{temptable} where trash_at is NULL)", + "Group.update_trash.delete") + ActiveRecord::Base.connection.exec_query( + "insert into trashed_groups (group_uuid, trash_at) "+ + "select target_uuid as group_uuid, trash_at from #{temptable} where trash_at is not NULL " + + "on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at", + "Group.update_trash.insert") end def update_frozen @@ -171,6 +187,18 @@ on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at; "Group.update_frozen.select", [[nil, self.uuid], [nil, !self.frozen_by_uuid.nil?]]) + if frozen_by_uuid + rows = ActiveRecord::Base.connection.exec_query( + "select cr.uuid, cr.state from container_requests cr, #{temptable} frozen " + + "where cr.owner_uuid = frozen.uuid and frozen.is_frozen " + + "and cr.state not in ($1, $2) limit 1", + "Group.update_frozen.check_container_requests", + [[nil, ContainerRequest::Uncommitted], + [nil, ContainerRequest::Final]]) + if rows.any? + raise ArgumentError.new("cannot freeze project containing container request #{rows.first['uuid']} with state = #{rows.first['state']}") + end + end ActiveRecord::Base.connection.exec_delete( "delete from frozen_groups where uuid in (select uuid from #{temptable} where not is_frozen)", "Group.update_frozen.delete") @@ -243,11 +271,15 @@ on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at; def permission_to_update if !super return false - elsif frozen_by_uuid && frozen_by_uuid_in_database + elsif frozen_by_uuid && frozen_by_uuid_was errors.add :uuid, "#{uuid} is frozen and cannot be modified" return false else return true end end + + def self.full_text_searchable_columns + super - ["frozen_by_uuid"] + end end