X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cf1dcfb8715822f7ac5fe4fce067197dd84bad54..c0924347a69157d3058a39d238fb0e0bacefa3a2:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index 77e3c75af2..4625ef654c 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -42,16 +42,19 @@ class ApplicationController < ActionController::Base before_action :require_auth_scope, except: ERROR_ACTIONS before_action :catch_redirect_hint - before_action(:find_object_by_uuid, - except: [:index, :create] + ERROR_ACTIONS) before_action :load_required_parameters before_action :load_limit_offset_order_params, only: [:index, :contents] + before_action :load_select_param + before_action(:find_object_by_uuid, + except: [:index, :create] + ERROR_ACTIONS) before_action :load_where_param, only: [:index, :contents] before_action :load_filters_param, only: [:index, :contents] before_action :find_objects_for_index, :only => :index + before_action(:set_nullable_attrs_to_null, only: [:update, :create]) before_action :reload_object_before_update, :only => :update before_action(:render_404_if_no_object, except: [:index, :create] + ERROR_ACTIONS) + before_action :only_admin_can_bypass_federation attr_writer :resource_attrs @@ -61,7 +64,6 @@ class ApplicationController < ActionController::Base :with => :render_error) rescue_from(ActiveRecord::RecordNotFound, ActionController::RoutingError, - ActionController::UnknownController, AbstractController::ActionNotFound, :with => :render_not_found) end @@ -138,10 +140,21 @@ class ApplicationController < ActionController::Base render_not_found "Object not found" if !@object end + def only_admin_can_bypass_federation + unless !params[:bypass_federation] || current_user.andand.is_admin + send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403) + end + end + def render_error(e) logger.error e.inspect - if !e.is_a? RequestError and (e.respond_to? :backtrace and e.backtrace) - logger.error e.backtrace.collect { |x| x + "\n" }.join('') + if e.respond_to? :backtrace and e.backtrace + # This will be cleared by lograge after adding it to the log. + # Usually lograge would get the exceptions, but in our case we're catching + # all of them with exception handlers that cannot re-raise them because they + # don't get propagated. + Thread.current[:exception] = e.inspect + Thread.current[:backtrace] = e.backtrace.collect { |x| x + "\n" }.join('') end if (@object.respond_to? :errors and @object.errors.andand.full_messages.andand.any?) @@ -165,6 +178,17 @@ class ApplicationController < ActionController::Base protected + def bool_param(pname) + if params.include?(pname) + if params[pname].is_a?(Boolean) + return params[pname] + else + logger.warn "Warning: received non-boolean value #{params[pname].inspect} for boolean parameter #{pname} on #{self.class.inspect}, treating as false." + end + end + false + end + def send_error(*args) if args.last.is_a? Hash err = args.pop @@ -172,6 +196,9 @@ class ApplicationController < ActionController::Base err = {} end err[:errors] ||= args + err[:errors].map! do |err| + err += " (#{request.request_id})" + end err[:error_token] = [Time.now.utc.to_i, "%08x" % rand(16 ** 8)].join("+") status = err.delete(:status) || 422 logger.error "Error #{err[:error_token]}: #{status}" @@ -189,8 +216,8 @@ class ApplicationController < ActionController::Base def find_objects_for_index @objects ||= model_class.readable_by(*@read_users, { - :include_trash => (params[:include_trash] || 'untrash' == action_name), - :include_old_versions => params[:include_old_versions] + :include_trash => (bool_param(:include_trash) || 'untrash' == action_name), + :include_old_versions => bool_param(:include_old_versions) }) apply_where_limit_order_params end @@ -237,7 +264,7 @@ class ApplicationController < ActionController::Base conditions[0] << " and #{ar_table_name}.#{attr} in (?)" conditions << value end - elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false + elsif value.is_a? String or value.is_a? Integer or value == true or value == false conditions[0] << " and #{ar_table_name}.#{attr}=?" conditions << value elsif value.is_a? Hash @@ -278,7 +305,7 @@ class ApplicationController < ActionController::Base @objects = @objects.order(@orders.join ", ") if @orders.any? @objects = @objects.limit(@limit) @objects = @objects.offset(@offset) - @objects = @objects.distinct(@distinct) if not @distinct.nil? + @objects = @objects.distinct() if @distinct end # limit_database_read ensures @objects (which must be an @@ -334,7 +361,7 @@ class ApplicationController < ActionController::Base %w(created_at modified_by_client_uuid modified_by_user_uuid modified_at).each do |x| @attrs.delete x.to_sym end - @attrs = @attrs.symbolize_keys if @attrs.is_a? HashWithIndifferentAccess + @attrs = @attrs.symbolize_keys if @attrs.is_a? ActiveSupport::HashWithIndifferentAccess @attrs end @@ -371,7 +398,7 @@ class ApplicationController < ActionController::Base if not current_user respond_to do |format| format.json { send_error("Not logged in", status: 401) } - format.html { redirect_to '/auth/joshid' } + format.html { redirect_to '/login' } end false end @@ -393,28 +420,20 @@ class ApplicationController < ActionController::Base end def set_current_request_id - req_id = request.headers['X-Request-Id'] - if !req_id || req_id.length < 1 || req_id.length > 1024 - # Client-supplied ID is either missing or too long to be - # considered friendly. - req_id = "req-" + Random::DEFAULT.rand(2**128).to_s(36)[0..19] - end - response.headers['X-Request-Id'] = Thread.current[:request_id] = req_id - Rails.logger.tagged(req_id) do + Rails.logger.tagged(request.request_id) do yield end - Thread.current[:request_id] = nil end def append_info_to_payload(payload) super - payload[:request_id] = response.headers['X-Request-Id'] + payload[:request_id] = request.request_id payload[:client_ipaddr] = @remote_ip payload[:client_auth] = current_api_client_authorization.andand.uuid || nil end def disable_api_methods - if Rails.configuration.API.DisabledAPIs.include?(controller_name + "." + action_name) + if Rails.configuration.API.DisabledAPIs[controller_name + "." + action_name] send_error("Disabled", status: 404) end end @@ -459,6 +478,29 @@ class ApplicationController < ActionController::Base @object = @objects.first end + def nullable_attributes + [] + end + + # Go code may send empty values (ie: empty string instead of NULL) that + # should be translated to NULL on the database. + def set_nullable_attrs_to_null + nullify_attrs(resource_attrs.to_hash).each do |k, v| + resource_attrs[k] = v + end + end + + def nullify_attrs(a = {}) + new_attrs = a.to_hash.symbolize_keys + (new_attrs.keys & nullable_attributes).each do |attr| + val = new_attrs[attr] + if (val.class == Integer && val == 0) || (val.class == String && val == "") + new_attrs[attr] = nil + end + end + return new_attrs + end + def reload_object_before_update # This is necessary to prevent an ActiveRecord::ReadOnlyRecord # error when updating an object which was retrieved using a join. @@ -468,11 +510,21 @@ class ApplicationController < ActionController::Base end def load_json_value(hash, key, must_be_class=nil) - if hash[key].is_a? String - hash[key] = SafeJSON.load(hash[key]) - if must_be_class and !hash[key].is_a? must_be_class - raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") - end + return if hash[key].nil? + + val = hash[key] + if val.is_a? ActionController::Parameters + val = val.to_unsafe_hash + elsif val.is_a? String + val = SafeJSON.load(val) + hash[key] = val + end + # When assigning a Hash to an ActionController::Parameters and then + # retrieve it, we get another ActionController::Parameters instead of + # a Hash. This doesn't happen with other types. This is why 'val' is + # being used to do type checking below. + if must_be_class and !val.is_a? must_be_class + raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") end end @@ -482,7 +534,7 @@ class ApplicationController < ActionController::Base accept_attribute_as_json :properties, Hash accept_attribute_as_json :info, Hash def accept_attribute_as_json(attr, must_be_class) - if params[resource_name] and resource_attrs.is_a? Hash + if params[resource_name] and [Hash, ActionController::Parameters].include?(resource_attrs.class) if resource_attrs[attr].is_a? Hash # Convert symbol keys to strings (in hashes provided by # resource_attrs) @@ -519,7 +571,7 @@ class ApplicationController < ActionController::Base if @objects.respond_to? :except list[:items_available] = @objects. except(:limit).except(:offset). - distinct.count(:id) + count(@distinct ? :id : '*') end when 'none' else @@ -552,7 +604,7 @@ class ApplicationController < ActionController::Base # Make sure params[key] is either true or false -- not a # string, not nil, etc. if not params.include?(key) - params[key] = info[:default] + params[key] = info[:default] || false elsif [false, 'false', '0', 0].include? params[key] params[key] = false elsif [true, 'true', '1', 1].include? params[key] @@ -567,6 +619,11 @@ class ApplicationController < ActionController::Base def self._create_requires_parameters { + select: { + type: 'array', + description: "Attributes of the new object to return in the response.", + required: false, + }, ensure_unique_name: { type: "boolean", description: "Adjust name to ensure uniqueness instead of returning an error on (owner_uuid, name) collision.", @@ -584,7 +641,23 @@ class ApplicationController < ActionController::Base end def self._update_requires_parameters - {} + { + select: { + type: 'array', + description: "Attributes of the updated object to return in the response.", + required: false, + }, + } + end + + def self._show_requires_parameters + { + select: { + type: 'array', + description: "Attributes of the object to return in the response.", + required: false, + }, + } end def self._index_requires_parameters @@ -592,8 +665,12 @@ class ApplicationController < ActionController::Base filters: { type: 'array', required: false }, where: { type: 'object', required: false }, order: { type: 'array', required: false }, - select: { type: 'array', required: false }, - distinct: { type: 'boolean', required: false }, + select: { + type: 'array', + description: "Attributes of each object to return in the response.", + required: false, + }, + distinct: { type: 'boolean', required: false, default: false }, limit: { type: 'integer', required: false, default: DEFAULT_LIMIT }, offset: { type: 'integer', required: false, default: 0 }, count: { type: 'string', required: false, default: 'exact' }, @@ -603,14 +680,14 @@ class ApplicationController < ActionController::Base location: "query", required: false, }, + bypass_federation: { + type: 'boolean', + required: false, + description: 'bypass federation behavior, list items from local instance database only' + } } end - def client_accepts_plain_text_stream - (request.headers['Accept'].split(' ') & - ['text/plain', '*/*']).count > 0 - end - def render *opts if opts.first response = opts.first[:json]