X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c58a2c83fa6338358962b8161c576e5391d7bf2b..4ab2fa0e6033a7c638a80f3ba73f220d8181fa3c:/services/api/lib/current_api_client.rb diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb index 197dcd8f3e..7c99c911f8 100644 --- a/services/api/lib/current_api_client.rb +++ b/services/api/lib/current_api_client.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + module CurrentApiClient def current_user Thread.current[:user] @@ -30,62 +34,67 @@ module CurrentApiClient end def system_user_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, User.uuid_prefix, '000000000000000'].join('-') end def system_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, '000000000000000'].join('-') end def anonymous_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, 'anonymouspublic'].join('-') end def anonymous_user_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, User.uuid_prefix, 'anonymouspublic'].join('-') end + def public_project_uuid + [Rails.configuration.ClusterID, + Group.uuid_prefix, + 'publicfavorites'].join('-') + end + def system_user - $system_user = check_cache $system_user do - real_current_user = Thread.current[:user] - begin - Thread.current[:user] = User.new(is_admin: true, - is_active: true, - uuid: system_user_uuid) + real_current_user = Thread.current[:user] + begin + Thread.current[:user] = User.new(is_admin: true, + is_active: true, + uuid: system_user_uuid) + $system_user = check_cache($system_user) do User.where(uuid: system_user_uuid). first_or_create!(is_active: true, is_admin: true, email: 'root', first_name: 'root', last_name: '') - ensure - Thread.current[:user] = real_current_user end + ensure + Thread.current[:user] = real_current_user end end def system_group - $system_group = check_cache $system_group do + $system_group = check_cache($system_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: system_group_uuid). first_or_create!(name: "System group", - description: "System group") do |g| + description: "System group", + group_class: "role") do |g| g.save! User.all.collect(&:uuid).each do |user_uuid| Link.create!(link_class: 'permission', name: 'can_manage', - tail_kind: 'arvados#group', tail_uuid: system_group_uuid, - head_kind: 'arvados#user', head_uuid: user_uuid) end end @@ -95,13 +104,13 @@ module CurrentApiClient end def all_users_group_uuid - [Server::Application.config.uuid_prefix, + [Rails.configuration.ClusterID, Group.uuid_prefix, 'fffffffffffffff'].join('-') end def all_users_group - $all_users_group = check_cache $all_users_group do + $all_users_group = check_cache($all_users_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: all_users_group_uuid). @@ -130,11 +139,14 @@ module CurrentApiClient yield ensure Thread.current[:user] = user_was + if user_was + user_was.forget_cached_group_perms + end end end def anonymous_group - $anonymous_group = check_cache $anonymous_group do + $anonymous_group = check_cache($anonymous_group) do act_as_system_user do ActiveRecord::Base.transaction do Group.where(uuid: anonymous_group_uuid). @@ -146,8 +158,19 @@ module CurrentApiClient end end + def anonymous_group_read_permission + $anonymous_group_read_permission = check_cache($anonymous_group_read_permission) do + act_as_system_user do + Link.where(tail_uuid: all_users_group.uuid, + head_uuid: anonymous_group.uuid, + link_class: "permission", + name: "can_read").first_or_create! + end + end + end + def anonymous_user - $anonymous_user = check_cache $anonymous_user do + $anonymous_user = check_cache($anonymous_user) do act_as_system_user do User.where(uuid: anonymous_user_uuid). first_or_create!(is_active: false, @@ -166,32 +189,109 @@ module CurrentApiClient end end - def empty_collection_uuid + def public_project_group + $public_project_group = check_cache($public_project_group) do + act_as_system_user do + ActiveRecord::Base.transaction do + Group.where(uuid: public_project_uuid). + first_or_create!(group_class: "project", + name: "Public favorites", + description: "Public favorites") + end + end + end + end + + def public_project_read_permission + $public_project_group_read_permission = check_cache($public_project_group_read_permission) do + act_as_system_user do + Link.where(tail_uuid: anonymous_group.uuid, + head_uuid: public_project_group.uuid, + link_class: "permission", + name: "can_read").first_or_create! + end + end + end + + def anonymous_user_token_api_client + $anonymous_user_token_api_client = check_cache($anonymous_user_token_api_client) do + act_as_system_user do + ActiveRecord::Base.transaction do + ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken") + end + end + end + end + + def system_root_token_api_client + $system_root_token_api_client = check_cache($system_root_token_api_client) do + act_as_system_user do + ActiveRecord::Base.transaction do + ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken") + end + end + end + end + + def empty_collection_pdh 'd41d8cd98f00b204e9800998ecf8427e+0' end def empty_collection - $empty_collection = check_cache $empty_collection do + $empty_collection = check_cache($empty_collection) do act_as_system_user do ActiveRecord::Base.transaction do Collection. - where(portable_data_hash: empty_collection_uuid). - first_or_create!(manifest_text: '', owner_uuid: anonymous_group.uuid) + where(portable_data_hash: empty_collection_pdh). + first_or_create(manifest_text: '', owner_uuid: system_user.uuid, name: "empty collection") do |c| + c.save! + Link.where(tail_uuid: anonymous_group.uuid, + head_uuid: c.uuid, + link_class: 'permission', + name: 'can_read'). + first_or_create! + c + end end end end end - private - - # If the given value is nil, or the cache has been cleared since it - # was set, yield. Otherwise, return the given value. - def check_cache value - Rails.cache.fetch "CurrentApiClient.$globals" do - value = nil - true + # Purge the module globals if necessary. If the cached value is + # non-nil and the globals weren't purged, return the cached + # value. Otherwise, call the block. + # + # Purge is only done in test mode. + def check_cache(cached) + if Rails.env != 'test' + return (cached || yield) + end + t = Rails.cache.fetch "CurrentApiClient.$system_globals_reset" do + Time.now.to_f + end + if t != $system_globals_reset + reset_system_globals(t) + yield + else + cached || yield end - return value unless value.nil? - yield end + + def reset_system_globals(t) + $system_globals_reset = t + $system_user = nil + $system_group = nil + $all_users_group = nil + $anonymous_group = nil + $anonymous_group_read_permission = nil + $anonymous_user = nil + $public_project_group = nil + $public_project_group_read_permission = nil + $anonymous_user_token_api_client = nil + $system_root_token_api_client = nil + $empty_collection = nil + end + module_function :reset_system_globals end + +CurrentApiClient.reset_system_globals(0)