X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cbe594f580c26381d786d7b43d5227eb1d12620d..f2a79e0cc9bffcbe941d9a05b78f102fa6f09d03:/services/api/app/controllers/arvados/v1/collections_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb
index 77bef08b2e..3803d37691 100644
--- a/services/api/app/controllers/arvados/v1/collections_controller.rb
+++ b/services/api/app/controllers/arvados/v1/collections_controller.rb
@@ -1,96 +1,84 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require "arvados/keep"
+require "trashable"
+
 class Arvados::V1::CollectionsController < ApplicationController
-  def create
-    if !resource_attrs[:manifest_text]
-      return send_error("'manifest_text' attribute must be specified",
-                        status: :unprocessable_entity)
-    end
+  include DbCurrentTime
+  include TrashableController
+
+  def self._index_requires_parameters
+    (super rescue {}).
+      merge({
+        include_trash: {
+          type: 'boolean', required: false, description: "Include collections whose is_trashed attribute is true."
+        },
+      })
+  end
 
-    # Check permissions on the collection manifest.
-    # If any signature cannot be verified, return 403 Permission denied.
-    api_token = current_api_client_authorization.andand.api_token
-    signing_opts = {
-      key: Rails.configuration.blob_signing_key,
-      api_token: api_token,
-      ttl: Rails.configuration.blob_signing_ttl,
-    }
-    resource_attrs[:manifest_text].lines.each do |entry|
-      entry.split[1..-1].each do |tok|
-        if /^[[:digit:]]+:[[:digit:]]+:/.match tok
-          # This is a filename token, not a blob locator. Note that we
-          # keep checking tokens after this, even though manifest
-          # format dictates that all subsequent tokens will also be
-          # filenames. Safety first!
-        elsif Blob.verify_signature tok, signing_opts
-          # OK.
-        elsif Locator.parse(tok).andand.signature
-          # Signature provided, but verify_signature did not like it.
-          logger.warn "Invalid signature on locator #{tok}"
-          raise ArvadosModel::PermissionDeniedError
-        elsif Rails.configuration.permit_create_collection_with_unsigned_manifest
-          # No signature provided, but we are running in insecure mode.
-          logger.debug "Missing signature on locator #{tok} ignored"
-        elsif Blob.new(tok).empty?
-          # No signature provided -- but no data to protect, either.
-        else
-          logger.warn "Missing signature on locator #{tok}"
-          raise ArvadosModel::PermissionDeniedError
-        end
-      end
+  def create
+    if resource_attrs[:uuid] and (loc = Keep::Locator.parse(resource_attrs[:uuid]))
+      resource_attrs[:portable_data_hash] = loc.to_s
+      resource_attrs.delete :uuid
     end
+    super
+  end
 
-    # Remove any permission signatures from the manifest.
-    munge_manifest_locators(resource_attrs[:manifest_text]) do |loc|
-      loc.without_signature.to_s
+  def find_objects_for_index
+    if params[:include_trash] || ['destroy', 'trash', 'untrash'].include?(action_name)
+      @objects = Collection.readable_by(*@read_users, {include_trash: true, query_on: Collection.unscoped})
     end
-
     super
   end
 
   def find_object_by_uuid
-    if loc = Locator.parse(params[:id])
+    if loc = Keep::Locator.parse(params[:id])
       loc.strip_hints!
       if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first
         @object = {
+          uuid: c.portable_data_hash,
           portable_data_hash: c.portable_data_hash,
-          manifest_text: c.manifest_text,
-          files: c.files,
-          data_size: c.data_size
+          manifest_text: c.signed_manifest_text,
         }
       end
+      true
     else
       super
     end
-    true
   end
 
   def show
-    sign_manifests(@object[:manifest_text])
     if @object.is_a? Collection
-      render json: @object.as_api_response
+      # Omit unsigned_manifest_text
+      @select ||= model_class.selectable_attributes - ["unsigned_manifest_text"]
+      super
     else
-      render json: @object
+      send_json @object
     end
   end
 
-  def index
-    sign_manifests(*@objects.map { |c| c[:manifest_text] })
-    super
-  end
 
-  def script_param_edges(visited, sp)
+  def find_collections(visited, sp, &b)
     case sp
+    when ArvadosModel
+      sp.class.columns.each do |c|
+        find_collections(visited, sp[c.name.to_sym], &b) if c.name != "log"
+      end
     when Hash
       sp.each do |k, v|
-        script_param_edges(visited, v)
+        find_collections(visited, v, &b)
       end
     when Array
       sp.each do |v|
-        script_param_edges(visited, v)
+        find_collections(visited, v, &b)
       end
     when String
-      return if sp.empty?
-      if loc = Locator.parse(sp)
-        search_edges(visited, loc.to_s, :search_up)
+      if m = /[a-f0-9]{32}\+\d+/.match(sp)
+        yield m[0], nil
+      elsif m = Collection.uuid_regex.match(sp)
+        yield nil, m[0]
       end
     end
   end
@@ -100,7 +88,7 @@ class Arvados::V1::CollectionsController < ApplicationController
       return
     end
 
-    if loc = Locator.parse(uuid)
+    if loc = Keep::Locator.parse(uuid)
       loc.strip_hints!
       return if visited[loc.to_s]
     end
@@ -109,12 +97,23 @@ class Arvados::V1::CollectionsController < ApplicationController
 
     if loc
       # uuid is a portable_data_hash
-      if c = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s).limit(1).first
-        visited[loc.to_s] = {
-          portable_data_hash: c.portable_data_hash,
-          files: c.files,
-          data_size: c.data_size
-        }
+      collections = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s)
+      c = collections.limit(2).all
+      if c.size == 1
+        visited[loc.to_s] = c[0]
+      elsif c.size > 1
+        name = collections.limit(1).where("name <> ''").first
+        if name
+          visited[loc.to_s] = {
+            portable_data_hash: c[0].portable_data_hash,
+            name: "#{name.name} + #{collections.count-1} more"
+          }
+        else
+          visited[loc.to_s] = {
+            portable_data_hash: c[0].portable_data_hash,
+            name: loc.to_s
+          }
+        end
       end
 
       if direction == :search_up
@@ -136,6 +135,10 @@ class Arvados::V1::CollectionsController < ApplicationController
         Job.readable_by(*@read_users).where(["jobs.script_parameters like ?", "%#{loc.to_s}%"]).each do |job|
           search_edges(visited, job.uuid, :search_down)
         end
+
+        Job.readable_by(*@read_users).where(["jobs.docker_image_locator = ?", "#{loc.to_s}"]).each do |job|
+          search_edges(visited, job.uuid, :search_down)
+        end
       end
     else
       # uuid is a regular Arvados UUID
@@ -145,7 +148,10 @@ class Arvados::V1::CollectionsController < ApplicationController
           visited[uuid] = job.as_api_response
           if direction == :search_up
             # Follow upstream collections referenced in the script parameters
-            script_param_edges(visited, job.script_parameters)
+            find_collections(visited, job) do |hash, col_uuid|
+              search_edges(visited, hash, :search_up) if hash
+              search_edges(visited, col_uuid, :search_up) if col_uuid
+            end
           elsif direction == :search_down
             # Follow downstream job output
             search_edges(visited, job.output, direction)
@@ -184,53 +190,25 @@ class Arvados::V1::CollectionsController < ApplicationController
 
   def provenance
     visited = {}
-    search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_up)
-    render json: visited
+    search_edges(visited, @object[:portable_data_hash], :search_up)
+    search_edges(visited, @object[:uuid], :search_up)
+    send_json visited
   end
 
   def used_by
     visited = {}
-    search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_down)
-    render json: visited
-  end
-
-  def self.munge_manifest_locators(manifest)
-    # Given a manifest text and a block, yield each locator,
-    # and replace it with whatever the block returns.
-    manifest.andand.gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) do |word|
-      if loc = Locator.parse(word.strip)
-        " " + yield(loc)
-      else
-        " " + word
-      end
-    end
+    search_edges(visited, @object[:uuid], :search_down)
+    search_edges(visited, @object[:portable_data_hash], :search_down)
+    send_json visited
   end
 
   protected
 
-  def find_objects_for_index
-    # Omit manifest_text from index results unless expressly selected.
-    @select ||= model_class.api_accessible_attributes(:user).
-      map { |attr_spec| attr_spec.first.to_s } - ["manifest_text"]
+  def load_limit_offset_order_params *args
     super
-  end
-
-  def munge_manifest_locators(manifest, &block)
-    self.class.munge_manifest_locators(manifest, &block)
-  end
-
-  def sign_manifests(*manifests)
-    if current_api_client_authorization
-      signing_opts = {
-        key: Rails.configuration.blob_signing_key,
-        api_token: current_api_client_authorization.api_token,
-        ttl: Rails.configuration.blob_signing_ttl,
-      }
-      manifests.each do |text|
-        munge_manifest_locators(text) do |loc|
-          Blob.sign_locator(loc.to_s, signing_opts)
-        end
-      end
+    if action_name == 'index'
+      # Omit manifest_text and unsigned_manifest_text from index results unless expressly selected.
+      @select ||= model_class.selectable_attributes - ["manifest_text", "unsigned_manifest_text"]
     end
   end
 end