X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f88280e6c45755b9df41af3cc88d623a07d864c6..1498ac2bab4aabdd71066e4644ad20a6ac555827:/app/controllers/application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 96c95592ec..b9d9743bdb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,41 +1,203 @@
 class ApplicationController < ActionController::Base
+  include CurrentApiClient
+
   protect_from_forgery
   before_filter :uncamelcase_params_hash_keys
-  before_filter :find_object_by_uuid, :except => :index
+  around_filter :thread_with_auth_info, :except => [:render_error, :render_not_found]
+  before_filter :find_object_by_uuid, :except => [:index, :create]
+
+  before_filter :remote_ip
+  before_filter :login_required, :except => :render_not_found
+
+  before_filter :catch_redirect_hint
+  attr_accessor :resource_attrs
+
+  def catch_redirect_hint
+    if !current_user
+      if params.has_key?('redirect_to') then
+        session[:redirect_to] = params[:redirect_to]
+      end
+    end
+  end
+
+  unless Rails.application.config.consider_all_requests_local
+    rescue_from Exception,
+    :with => :render_error
+    rescue_from ActiveRecord::RecordNotFound,
+    :with => :render_not_found
+    rescue_from ActionController::RoutingError,
+    :with => :render_not_found
+    rescue_from ActionController::UnknownController,
+    :with => :render_not_found
+    rescue_from ActionController::UnknownAction,
+    :with => :render_not_found
+  end
+
+  def render_error(e)
+    logger.error e.inspect
+    logger.error e.backtrace.collect { |x| x + "\n" }.join('') if e.backtrace
+    if @object and @object.errors and @object.errors.full_messages
+      errors = @object.errors.full_messages
+    else
+      errors = [e.inspect]
+    end
+    render json: { errors: errors }, status: 422
+  end
+
+  def render_not_found(e=ActionController::RoutingError.new("Path not found"))
+    logger.error e.inspect
+    render json: { errors: ["Path not found"] }, status: 404
+  end
 
   def index
-    @objects ||= model_class.all
+    uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
+    sanitized_uuid_list = uuid_list.
+      collect { |uuid| model_class.sanitize(uuid) }.join(', ')
+    @objects ||= model_class.
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+            true, current_user.is_admin,
+            uuid_list,
+            current_user.uuid)
+    if params[:where]
+      where = params[:where]
+      where = Oj.load(where) if where.is_a?(String)
+      conditions = ['1=1']
+      where.each do |attr,value|
+        if (!value.nil? and
+            attr.to_s.match(/^[a-z][_a-z0-9]+$/) and
+            model_class.columns.collect(&:name).index(attr))
+          if value.is_a? Array
+            conditions[0] << " and #{table_name}.#{attr} in (?)"
+            conditions << value
+          else
+            conditions[0] << " and #{table_name}.#{attr}=?"
+            conditions << value
+          end
+        elsif (!value.nil? and attr == 'any' and
+          value.is_a?(Array) and value[0] == 'contains' and
+          model_class.columns.collect(&:name).index('name')) then
+            conditions[0] << " and #{table_name}.name ilike ?"
+            conditions << "%#{value[1]}%"
+        end
+      end
+      if conditions.length > 1
+        conditions[0].sub!(/^1=1 and /, '')
+        @objects = @objects.
+          where(*conditions)
+      end
+    end
+    if params[:limit]
+      begin
+        @objects = @objects.limit(params[:limit].to_i)
+      rescue
+        raise "invalid argument (limit)"
+      end
+    else
+      @objects = @objects.limit(100)
+    end
+    @objects = @objects.order('modified_at desc')
+    @objects.uniq!(&:id)
+    if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != ''
+      @objects.each(&:eager_load_associations)
+    end
     render_list
   end
 
   def show
-    render json: @object
+    if @object
+      render json: @object.as_api_response(:superuser)
+    else
+      render_not_found("object not found")
+    end
   end
 
   def create
-    @attrs = params[resource_name]
-    if @attrs.nil?
-      raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) provided with request #{params.inspect}"
-    end
-    if @attrs.class == String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
-    end
-    @object = model_class.new @attrs
+    @object = model_class.new resource_attrs
     @object.save
     show
   end
 
   def update
-    @attrs = params[resource_name]
-    if @attrs.class == String
-      @attrs = uncamelcase_hash_keys(JSON.parse @attrs)
-    end
-    @object.update_attributes @attrs
+    @object.update_attributes resource_attrs
     show
   end
 
   protected
 
+  def resource_attrs
+    return @attrs if @attrs
+    @attrs = params[resource_name]
+    if @attrs.is_a? String
+      @attrs = uncamelcase_hash_keys(Oj.load @attrs)
+    end
+    unless @attrs.is_a? Hash
+      raise "no #{resource_name} (or #{resource_name.camelcase(:lower)}) hash provided with request #{params.inspect}"
+    end
+    %w(created_at modified_by_client modified_by_user modified_at).each do |x|
+      @attrs.delete x
+    end
+    @attrs
+  end
+
+  # Authentication
+  def login_required
+    if !current_user
+      respond_to do |format|
+        format.html  {
+          redirect_to '/auth/joshid'
+        }
+        format.json {
+          render :json => { errors: ['Not logged in'] }.to_json
+        }
+      end
+    end
+  end
+
+  def thread_with_auth_info
+    begin
+      user = nil
+      api_client = nil
+      api_client_auth = nil
+      supplied_token = params[:api_token] || params[:oauth_token]
+      if supplied_token
+        api_client_auth = ApiClientAuthorization.
+          includes(:api_client, :user).
+          where('api_token=?', supplied_token).
+          first
+        if api_client_auth
+          session[:user_id] = api_client_auth.user.id
+          session[:api_client_uuid] = api_client_auth.api_client.uuid
+          session[:api_client_authorization_id] = api_client_auth.id
+          user = api_client_auth.user
+          api_client = api_client_auth.api_client
+        end
+      elsif session[:user_id]
+        user = User.find(session[:user_id]) rescue nil
+        api_client = ApiClient.
+          where('uuid=?',session[:api_client_uuid]).
+          first rescue nil
+        api_client_auth = ApiClientAuthorization.
+          find session[:api_client_authorization_id]
+      end
+      Thread.current[:api_client_trusted] = session[:api_client_trusted]
+      Thread.current[:api_client_ip_address] = remote_ip
+      Thread.current[:api_client_authorization] = api_client_auth
+      Thread.current[:api_client_uuid] = api_client && api_client.uuid
+      Thread.current[:api_client] = api_client
+      Thread.current[:user] = user
+      yield
+    ensure
+      Thread.current[:api_client_trusted] = nil
+      Thread.current[:api_client_ip_address] = nil
+      Thread.current[:api_client_authorization] = nil
+      Thread.current[:api_client_uuid] = nil
+      Thread.current[:api_client] = nil
+      Thread.current[:user] = nil
+    end
+  end
+  # /Authentication
+
   def model_class
     controller_name.classify.constantize
   end
@@ -44,20 +206,37 @@ class ApplicationController < ActionController::Base
     controller_name.singularize
   end
 
+  def table_name
+    controller_name
+  end
+
   def find_object_by_uuid
-    logger.info params.inspect
     if params[:id] and params[:id].match /\D/
       params[:uuid] = params.delete :id
     end
     @object = model_class.where('uuid=?', params[:uuid]).first
   end
 
+  def self.accept_attribute_as_json(attr, force_class=nil)
+    before_filter lambda { accept_attribute_as_json attr, force_class }
+  end
+  def accept_attribute_as_json(attr, force_class)
+    if params[resource_name].is_a? Hash
+      if params[resource_name][attr].is_a? String
+        params[resource_name][attr] = Oj.load params[resource_name][attr]
+        if force_class and !params[resource_name][attr].is_a? force_class
+          raise TypeError.new("#{resource_name}[#{attr.to_s}] must be a #{force_class.to_s}")
+        end
+      end
+    end
+  end
+
   def uncamelcase_params_hash_keys
     self.params = uncamelcase_hash_keys(params)
   end
 
-  def uncamelcase_hash_keys(h)
-    if h.is_a? Hash
+  def uncamelcase_hash_keys(h, max_depth=-1)
+    if h.is_a? Hash and max_depth != 0
       nh = Hash.new
       h.each do |k,v|
         if k.class == String
@@ -67,7 +246,7 @@ class ApplicationController < ActionController::Base
         else
           nk = k
         end
-        nh[nk] = uncamelcase_hash_keys(v)
+        nh[nk] = uncamelcase_hash_keys(v, max_depth-1)
       end
       h.replace(nh)
     end
@@ -81,8 +260,19 @@ class ApplicationController < ActionController::Base
       :self_link => "",
       :next_page_token => "",
       :next_link => "",
-      :items => @objects.map { |x| x }
+      :items => @objects.as_api_response(:superuser)
     }
     render json: @object_list
   end
+
+  def remote_ip
+    # Caveat: this is highly dependent on the proxy setup. YMMV.
+    if request.headers.has_key?('HTTP_X_REAL_IP') then
+      # We're behind a reverse proxy
+      @remote_ip = request.headers['HTTP_X_REAL_IP']
+    else
+      # Hopefully, we are not!
+      @remote_ip = request.env['REMOTE_ADDR']
+    end
+  end
 end