X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cc059aea76194417f5aaf37073b3ae530219b11e..bc408e4ada3c5ee173961b9c61600e3ddf76b88a:/services/api/app/models/arvados_model.rb

diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 74d1d95076..ffcf091724 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -8,7 +8,7 @@ require 'record_filters'
 require 'serializers'
 require 'request_error'
 
-class ArvadosModel < ActiveRecord::Base
+class ArvadosModel < ApplicationRecord
   self.abstract_class = true
 
   include ArvadosModelUpdates
@@ -41,6 +41,16 @@ class ArvadosModel < ActiveRecord::Base
            class_name: 'Link',
            primary_key: :uuid)
 
+  # If async is true at create or update, permission graph
+  # update is deferred allowing making multiple calls without the performance
+  # penalty.
+  attr_accessor :async_permissions_update
+
+  # Ignore listed attributes on mass assignments
+  def self.protected_attributes
+    []
+  end
+
   class PermissionDeniedError < RequestError
     def http_status
       403
@@ -92,7 +102,11 @@ class ArvadosModel < ActiveRecord::Base
     # The following permit! is necessary even with
     # "ActionController::Parameters.permit_all_parameters = true",
     # because permit_all does not permit nested attributes.
+    raw_params ||= {}
+
     if raw_params
+      raw_params = raw_params.to_hash
+      raw_params.delete_if { |k, _| self.protected_attributes.include? k }
       serialized_attributes.each do |colname, coder|
         param = raw_params[colname.to_sym]
         if param.nil?
@@ -274,9 +288,8 @@ class ArvadosModel < ActiveRecord::Base
       if !include_trash
         if sql_table != "api_client_authorizations"
           # Only include records where the owner is not trashed
-          sql_conds = "NOT EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} "+
-                      "WHERE trashed = 1 AND "+
-                      "(#{sql_table}.owner_uuid = target_uuid)) #{exclude_trashed_records}"
+          sql_conds = "#{sql_table}.owner_uuid NOT IN (SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+                      "WHERE trashed = 1) #{exclude_trashed_records}"
         end
       end
     else
@@ -294,14 +307,14 @@ class ArvadosModel < ActiveRecord::Base
       # see issue 13208 for details.
 
       # Match a direct read permission link from the user to the record uuid
-      direct_check = "EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} "+
-                     "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 #{trashed_check} AND target_uuid = #{sql_table}.uuid)"
+      direct_check = "#{sql_table}.uuid IN (SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+                     "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 #{trashed_check})"
 
       # Match a read permission link from the user to the record's owner_uuid
       owner_check = ""
       if sql_table != "api_client_authorizations" and sql_table != "groups" then
-        owner_check = "OR EXISTS(SELECT 1 FROM #{PERMISSION_VIEW} "+
-          "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 #{trashed_check} AND target_uuid = #{sql_table}.owner_uuid AND target_owner_uuid IS NOT NULL) "
+        owner_check = "OR #{sql_table}.owner_uuid IN (SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+          "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 #{trashed_check} AND target_owner_uuid IS NOT NULL) "
       end
 
       links_cond = ""
@@ -353,7 +366,7 @@ class ArvadosModel < ActiveRecord::Base
         # discover a unique name.  It is necessary to handle name choosing at
         # this level (as opposed to the client) to ensure that record creation
         # never fails due to a race condition.
-        err = rn.original_exception
+        err = rn.cause
         raise unless err.is_a?(PG::UniqueViolation)
 
         # Unfortunately ActiveRecord doesn't abstract out any of the
@@ -403,7 +416,7 @@ class ArvadosModel < ActiveRecord::Base
       cast = serialized_attributes[column] ? '::text' : ''
       "coalesce(#{column}#{cast},'')"
     end
-    "to_tsvector('english', substr(#{parts.join(" || ' ' || ")}, 0, 1000000))"
+    "to_tsvector('english', substr(#{parts.join(" || ' ' || ")}, 0, 8000))"
   end
 
   def self.apply_filters query, filters
@@ -445,7 +458,7 @@ class ArvadosModel < ActiveRecord::Base
           end
         rescue ActiveRecord::RecordNotFound => e
           errors.add :owner_uuid, "is not owned by any user: #{e}"
-          return false
+          throw(:abort)
         end
         if uuid_in_path[x]
           if x == owner_uuid
@@ -453,7 +466,7 @@ class ArvadosModel < ActiveRecord::Base
           else
             errors.add :owner_uuid, "has an ownership cycle"
           end
-          return false
+          throw(:abort)
         end
         uuid_in_path[x] = true
       end
@@ -558,6 +571,8 @@ class ArvadosModel < ActiveRecord::Base
     self.owner_uuid ||= current_default_owner if self.respond_to? :owner_uuid=
     if !anonymous_updater
       self.modified_by_user_uuid = current_user ? current_user.uuid : nil
+    end
+    if !timeless_updater
       self.modified_at = current_time
     end
     self.modified_by_client_uuid = current_api_client ? current_api_client.uuid : nil