X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e34bc76fa1f721aaeb494b31e361ece19cbfaa1b..360b5d19eb0cb595fd34d11aa6426d95b3c974d4:/apps/workbench/app/controllers/application_controller.rb?ds=sidebyside diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb index 1a1ddf5711..f739ee1046 100644 --- a/apps/workbench/app/controllers/application_controller.rb +++ b/apps/workbench/app/controllers/application_controller.rb @@ -59,14 +59,23 @@ class ApplicationController < ActionController::Base else @errors = [e.to_s] end - if e.is_a? ArvadosApiClient::NotLoggedInException - prep_token = :thread_clear - else - prep_token = :set_thread_api_token + # If the user has an active session, and the API server is available, + # make user information available on the error page. + begin + load_api_token(session[:arvados_api_token]) + rescue ArvadosApiClient::ApiError + load_api_token(nil) end - send(prep_token) do - render_error(err_opts) + # Preload projects trees for the template. If that fails, set empty + # trees so error page rendering can proceed. (It's easier to rescue the + # exception here than in a template.) + begin + build_project_trees + rescue ArvadosApiClient::ApiError + @my_project_tree ||= [] + @shared_project_tree ||= [] end + render_error(err_opts) end def render_not_found(e=ActionController::RoutingError.new("Path not found")) @@ -123,12 +132,15 @@ class ApplicationController < ActionController::Base end helper_method :next_page_offset - def next_page_offset - if @objects.respond_to?(:result_offset) and - @objects.respond_to?(:result_limit) and - @objects.respond_to?(:items_available) - next_offset = @objects.result_offset + @objects.result_limit - if next_offset < @objects.items_available + def next_page_offset objects=nil + if !objects + objects = @objects + end + if objects.respond_to?(:result_offset) and + objects.respond_to?(:result_limit) and + objects.respond_to?(:items_available) + next_offset = objects.result_offset + objects.result_limit + if next_offset < objects.items_available next_offset else nil @@ -249,7 +261,7 @@ class ApplicationController < ActionController::Base if @object.name and @object.name != '' @object.name = "Copy of #{@object.name}" else - @object.name = "Copy of unnamed #{@object.class_for_display.downcase}" + @object.name = "" end end @object.save! @@ -271,26 +283,7 @@ class ApplicationController < ActionController::Base end def current_user - return Thread.current[:user] if Thread.current[:user] - - if User.columns.empty? - # We can't even get the discovery document from the API server. - # We're not going to be able to instantiate any user object. - nil - elsif Thread.current[:arvados_api_token] - if session[:user] - if session[:user][:is_active] != true - Thread.current[:user] = User.current - else - Thread.current[:user] = User.new(session[:user]) - end - else - Thread.current[:user] = User.current - end - else - logger.error "No API token in Thread" - return nil - end + Thread.current[:user] end def model_class @@ -340,8 +333,7 @@ class ApplicationController < ActionController::Base [:arvados_api_token, :user].each do |key| start_values[key] = Thread.current[key] end - Thread.current[:arvados_api_token] = api_token - Thread.current[:user] = nil + load_api_token(api_token) begin yield ensure @@ -367,72 +359,97 @@ class ApplicationController < ActionController::Base else @object = model_class.find(params[:uuid]) end - rescue ArvadosApiClient::NotFoundException => error + rescue ArvadosApiClient::NotFoundException, RuntimeError => error + if error.is_a?(RuntimeError) and (error.message !~ /^argument to find\(/) + raise + end render_not_found(error) return false end end def thread_clear - Thread.current[:arvados_api_token] = nil - Thread.current[:user] = nil + load_api_token(nil) Rails.cache.delete_matched(/^request_#{Thread.current.object_id}_/) yield Rails.cache.delete_matched(/^request_#{Thread.current.object_id}_/) end + # Set up the thread with the given API token and associated user object. + def load_api_token(new_token) + Thread.current[:arvados_api_token] = new_token + if new_token.nil? + Thread.current[:user] = nil + elsif (new_token == session[:arvados_api_token]) and + session[:user].andand[:is_active] + Thread.current[:user] = User.new(session[:user]) + else + Thread.current[:user] = User.current + end + end + + # If there's a valid api_token parameter, set up the session with that + # user's information. Return true if the method redirects the request + # (usually a post-login redirect); false otherwise. + def setup_user_session + return false unless params[:api_token] + Thread.current[:arvados_api_token] = params[:api_token] + begin + user = User.current + rescue ArvadosApiClient::NotLoggedInException + false # We may redirect to login, or not, based on the current action. + else + session[:arvados_api_token] = params[:api_token] + session[:user] = { + uuid: user.uuid, + email: user.email, + first_name: user.first_name, + last_name: user.last_name, + is_active: user.is_active, + is_admin: user.is_admin, + prefs: user.prefs + } + if !request.format.json? and request.method.in? ['GET', 'HEAD'] + # Repeat this request with api_token in the (new) session + # cookie instead of the query string. This prevents API + # tokens from appearing in (and being inadvisedly copied + # and pasted from) browser Location bars. + redirect_to strip_token_from_path(request.fullpath) + true + else + false + end + ensure + Thread.current[:arvados_api_token] = nil + end + end + # Save the session API token in thread-local storage, and yield. # This method also takes care of session setup if the request # provides a valid api_token parameter. # If a token is unavailable or expired, the block is still run, with # a nil token. def set_thread_api_token - # If an API token has already been found, pass it through. if Thread.current[:arvados_api_token] - yield + yield # An API token has already been found - pass it through. return + elsif setup_user_session + return # A new session was set up and received a response. end begin - # If there's a valid api_token parameter, use it to set up the session. - if (Thread.current[:arvados_api_token] = params[:api_token]) and - verify_api_token - session[:arvados_api_token] = params[:api_token] - u = User.current - session[:user] = { - uuid: u.uuid, - email: u.email, - first_name: u.first_name, - last_name: u.last_name, - is_active: u.is_active, - is_admin: u.is_admin, - prefs: u.prefs - } - if !request.format.json? and request.method.in? ['GET', 'HEAD'] - # Repeat this request with api_token in the (new) session - # cookie instead of the query string. This prevents API - # tokens from appearing in (and being inadvisedly copied - # and pasted from) browser Location bars. - redirect_to strip_token_from_path(request.fullpath) - return - end - end - - # With setup done, handle the request using the session token. - Thread.current[:arvados_api_token] = session[:arvados_api_token] - begin + load_api_token(session[:arvados_api_token]) + yield + rescue ArvadosApiClient::NotLoggedInException + # If we got this error with a token, it must've expired. + # Retry the request without a token. + unless Thread.current[:arvados_api_token].nil? + load_api_token(nil) yield - rescue ArvadosApiClient::NotLoggedInException - # If we got this error with a token, it must've expired. - # Retry the request without a token. - unless Thread.current[:arvados_api_token].nil? - Thread.current[:arvados_api_token] = nil - yield - end end ensure # Remove token in case this Thread is used for anything else. - Thread.current[:arvados_api_token] = nil + load_api_token(nil) end end @@ -451,15 +468,6 @@ class ApplicationController < ActionController::Base end end - def verify_api_token - begin - Link.where(uuid: 'just-verifying-my-api-token') - true - rescue ArvadosApiClient::NotLoggedInException - false - end - end - def ensure_current_user_is_admin unless current_user and current_user.is_admin @errors = ['Permission denied']