X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f4ca9ad94a6bb006d1f3c7ba207837f1736d1247..0eb72b526bf8bbb011551ecf019f604e17a534f1:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index e91e3ce03e..3a66f5328d 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -1,3 +1,9 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require 'safe_json' + module ApiTemplateOverride def allowed_to_render?(fieldset, field, model, options) return false if !super @@ -14,19 +20,19 @@ class ActsAsApi::ApiTemplate end require 'load_param' -require 'record_filters' class ApplicationController < ActionController::Base - include CurrentApiClient include ThemesForRails::ActionController + include CurrentApiClient include LoadParam - include RecordFilters + include DbCurrentTime respond_to :json protect_from_forgery ERROR_ACTIONS = [:render_error, :render_not_found] + before_filter :disable_api_methods before_filter :set_cors_headers before_filter :respond_with_json_by_default before_filter :remote_ip @@ -45,9 +51,9 @@ class ApplicationController < ActionController::Base before_filter(:render_404_if_no_object, except: [:index, :create] + ERROR_ACTIONS) - theme :select_theme + theme Rails.configuration.arvados_theme - attr_accessor :resource_attrs + attr_writer :resource_attrs begin rescue_from(Exception, @@ -60,6 +66,18 @@ class ApplicationController < ActionController::Base :with => :render_not_found) end + def initialize *args + super + @object = nil + @objects = nil + @offset = nil + @limit = nil + @select = nil + @distinct = nil + @response_resource_name = nil + @attrs = nil + end + def default_url_options if Rails.configuration.host {:host => Rails.configuration.host} @@ -69,7 +87,9 @@ class ApplicationController < ActionController::Base end def index - @objects.uniq!(&:id) if @select.nil? or @select.include? "id" + if @select.nil? || @select.include?("id") + @objects = @objects.uniq(&:id) + end if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != '' @objects.each(&:eager_load_associations) end @@ -83,41 +103,12 @@ class ApplicationController < ActionController::Base def create @object = model_class.new resource_attrs - if @object.respond_to? :name and params[:ensure_unique_name] - # Record the original name. See below. - name_stem = @object.name - counter = 1 + if @object.respond_to?(:name) && params[:ensure_unique_name] + @object.save_with_unique_name! + else + @object.save! end - begin - @object.save! - rescue ActiveRecord::RecordNotUnique => rn - raise unless params[:ensure_unique_name] - - # Dig into the error to determine if it is specifically calling out a - # (owner_uuid, name) uniqueness violation. In this specific case, and - # the client requested a unique name with ensure_unique_name==true, - # update the name field and try to save again. Loop as necessary to - # discover a unique name. It is necessary to handle name choosing at - # this level (as opposed to the client) to ensure that record creation - # never fails due to a race condition. - raise unless rn.original_exception.is_a? PG::UniqueViolation - - # Unfortunately ActiveRecord doesn't abstract out any of the - # necessary information to figure out if this the error is actually - # the specific case where we want to apply the ensure_unique_name - # behavior, so the following code is specialized to Postgres. - err = rn.original_exception - detail = err.result.error_field(PG::Result::PG_DIAG_MESSAGE_DETAIL) - raise unless /^Key \(owner_uuid, name\)=\([a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{15}, .*?\) already exists\./.match detail - - # OK, this exception really is just a unique name constraint - # violation, and we've been asked to ensure_unique_name. - counter += 1 - @object.uuid = nil - @object.name = "#{name_stem} (#{counter})" - redo - end while false show end @@ -186,32 +177,19 @@ class ApplicationController < ActionController::Base # The obvious render(json: ...) forces a slow JSON encoder. See # #3021 and commit logs. Might be fixed in Rails 4.1. render({ - text: Oj.dump(response, mode: :compat).html_safe, + text: SafeJSON.dump(response).html_safe, content_type: 'application/json' }.merge opts) end - def self.limit_index_columns_read - # This method returns a list of column names. - # If an index request reads that column from the database, - # find_objects_for_index will only fetch objects until it reads - # max_index_database_read bytes of data from those columns. - [] - end - def find_objects_for_index @objects ||= model_class.readable_by(*@read_users) apply_where_limit_order_params - limit_database_read if (action_name == "index") end def apply_filters model_class=nil model_class ||= self.model_class - ft = record_filters @filters, model_class - if ft[:cond_out].any? - @objects = @objects.where('(' + ft[:cond_out].join(') AND (') + ')', - *ft[:param_out]) - end + @objects = model_class.apply_filters(@objects, @filters) end def apply_where_limit_order_params model_class=nil @@ -295,15 +273,21 @@ class ApplicationController < ActionController::Base @objects = @objects.uniq(@distinct) if not @distinct.nil? end - def limit_database_read - limit_columns = self.class.limit_index_columns_read + # limit_database_read ensures @objects (which must be an + # ActiveRelation) does not return too many results to fit in memory, + # by previewing the results and calling @objects.limit() if + # necessary. + def limit_database_read(model_class:) + return if @limit == 0 || @limit == 1 + model_class ||= self.model_class + limit_columns = model_class.limit_index_columns_read limit_columns &= model_class.columns_for_attributes(@select) if @select return if limit_columns.empty? model_class.transaction do limit_query = @objects. - except(:select). + except(:select, :distinct). select("(%s) as read_length" % - limit_columns.map { |s| "octet_length(#{s})" }.join(" + ")) + limit_columns.map { |s| "octet_length(#{model_class.table_name}.#{s})" }.join(" + ")) new_limit = 0 read_total = 0 limit_query.each do |record| @@ -311,12 +295,12 @@ class ApplicationController < ActionController::Base read_total += record.read_length.to_i if read_total >= Rails.configuration.max_index_database_read new_limit -= 1 if new_limit > 1 + @limit = new_limit break elsif new_limit >= @limit break end end - @limit = new_limit @objects = @objects.limit(@limit) # Force @objects to run its query inside this transaction. @objects.each { |_| break } @@ -327,7 +311,7 @@ class ApplicationController < ActionController::Base return @attrs if @attrs @attrs = params[resource_name] if @attrs.is_a? String - @attrs = Oj.load @attrs, symbol_keys: true + @attrs = Oj.strict_load @attrs, symbol_keys: true end unless @attrs.is_a? Hash message = "No #{resource_name}" @@ -391,6 +375,13 @@ class ApplicationController < ActionController::Base end end + def disable_api_methods + if Rails.configuration.disable_api_methods. + include?(controller_name + "." + action_name) + send_error("Disabled", status: 404) + end + end + def set_cors_headers response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE' @@ -418,7 +409,7 @@ class ApplicationController < ActionController::Base end def find_object_by_uuid - if params[:id] and params[:id].match /\D/ + if params[:id] and params[:id].match(/\D/) params[:uuid] = params.delete :id end @where = { uuid: params[:uuid] } @@ -441,7 +432,7 @@ class ApplicationController < ActionController::Base def load_json_value(hash, key, must_be_class=nil) if hash[key].is_a? String - hash[key] = Oj.load(hash[key], symbol_keys: false) + hash[key] = SafeJSON.load(hash[key]) if must_be_class and !hash[key].is_a? must_be_class raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") end @@ -471,7 +462,10 @@ class ApplicationController < ActionController::Base end accept_param_as_json :reader_tokens, Array - def object_list + def object_list(model_class:) + if @objects.respond_to?(:except) + limit_database_read(model_class: model_class) + end list = { :kind => "arvados##{(@response_resource_name || resource_name).camelize(:lower)}List", :etag => "", @@ -480,21 +474,27 @@ class ApplicationController < ActionController::Base :limit => @limit, :items => @objects.as_api_response(nil, {select: @select}) } - if @objects.respond_to? :except - list[:items_available] = @objects. - except(:limit).except(:offset). - count(:id, distinct: true) + case params[:count] + when nil, '', 'exact' + if @objects.respond_to? :except + list[:items_available] = @objects. + except(:limit).except(:offset). + count(:id, distinct: true) + end + when 'none' + else + raise ArgumentError.new("count parameter must be 'exact' or 'none'") end list end def render_list - send_json object_list + send_json object_list(model_class: self.model_class) end def remote_ip # Caveat: this is highly dependent on the proxy setup. YMMV. - if request.headers.has_key?('HTTP_X_REAL_IP') then + if request.headers.key?('HTTP_X_REAL_IP') then # We're behind a reverse proxy @remote_ip = request.headers['HTTP_X_REAL_IP'] else @@ -546,6 +546,7 @@ class ApplicationController < ActionController::Base distinct: { type: 'boolean', required: false }, limit: { type: 'integer', required: false, default: DEFAULT_LIMIT }, offset: { type: 'integer', required: false, default: 0 }, + count: { type: 'string', required: false, default: 'exact' }, } end @@ -565,10 +566,6 @@ class ApplicationController < ActionController::Base } end end - super *opts - end - - def select_theme - return Rails.configuration.arvados_theme + super(*opts) end end