X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f9ae5b90a5e04477133ca7a7d34bd3eebf862474..c3481a62091153eb0f74cd2f769d46c552765fcb:/services/api/app/models/collection.rb diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb index 7f7a320074..1bbe8cc661 100644 --- a/services/api/app/models/collection.rb +++ b/services/api/app/models/collection.rb @@ -17,26 +17,30 @@ class Collection < ArvadosModel # Posgresql JSONB columns should NOT be declared as serialized, Rails 5 # already know how to properly treat them. attribute :properties, :jsonbHash, default: {} - attribute :storage_classes_desired, :jsonbArray, default: ["default"] + attribute :storage_classes_desired, :jsonbArray, default: lambda { Rails.configuration.DefaultStorageClasses } attribute :storage_classes_confirmed, :jsonbArray, default: [] before_validation :default_empty_manifest before_validation :default_storage_classes, on: :create + before_validation :managed_properties, on: :create before_validation :check_encoding before_validation :check_manifest_validity before_validation :check_signatures before_validation :strip_signatures_and_update_replication_confirmed + before_validation :name_null_if_empty + validate :ensure_filesystem_compatible_name validate :ensure_pdh_matches_manifest_text validate :ensure_storage_classes_desired_is_not_empty validate :ensure_storage_classes_contain_non_empty_strings validate :versioning_metadata_updates, on: :update validate :past_versions_cannot_be_updated, on: :update + validate :protected_managed_properties_updates, on: :update after_validation :set_file_count_and_total_size before_save :set_file_names - around_update :manage_versioning + around_update :manage_versioning, unless: :is_past_version? api_accessible :user, extend: :common do |t| - t.add :name + t.add lambda { |x| x.name || "" }, as: :name t.add :description t.add :properties t.add :portable_data_hash @@ -58,6 +62,8 @@ class Collection < ArvadosModel t.add :file_size_total end + UNLOGGED_CHANGES = ['preserve_version', 'updated_at'] + after_initialize do @signatures_checked = false @computed_pdh_for_manifest_text = false @@ -75,6 +81,7 @@ class Collection < ArvadosModel # correct timestamp in signed_manifest_text. 'manifest_text' => ['manifest_text', 'trash_at', 'is_trashed'], 'unsigned_manifest_text' => ['manifest_text'], + 'name' => ['name'], ) end @@ -125,7 +132,7 @@ class Collection < ArvadosModel # Signature provided, but verify_signature did not like it. logger.warn "Invalid signature on locator #{tok}" raise ArvadosModel::PermissionDeniedError - elsif !Rails.configuration.Collections["BlobSigning"] + elsif !Rails.configuration.Collections.BlobSigning # No signature provided, but we are running in insecure mode. logger.debug "Missing signature on locator #{tok} ignored" elsif Blob.new(tok).empty? @@ -143,7 +150,9 @@ class Collection < ArvadosModel def strip_signatures_and_update_replication_confirmed if self.manifest_text_changed? in_old_manifest = {} - if not self.replication_confirmed.nil? + # manifest_text_was could be nil when dealing with a freshly created snapshot, + # so we skip this case because there was no real manifest change. (Bug #18005) + if (not self.replication_confirmed.nil?) and (not self.manifest_text_was.nil?) self.class.each_manifest_locator(manifest_text_was) do |match| in_old_manifest[match[1]] = true end @@ -193,6 +202,12 @@ class Collection < ArvadosModel end end + def name_null_if_empty + if name == "" + self.name = nil + end + end + def set_file_names if self.manifest_text_changed? self.file_names = manifest_files @@ -248,20 +263,22 @@ class Collection < ArvadosModel should_preserve_version = should_preserve_version? # Time sensitive, cache value return(yield) unless (should_preserve_version || syncable_updates.any?) - # Put aside the changes because with_lock forces a record reload + # Put aside the changes because with_lock does a record reload changes = self.changes snapshot = nil + restore_attributes with_lock do # Copy the original state to save it as old version if should_preserve_version snapshot = self.dup snapshot.uuid = nil # Reset UUID so it's created as a new record snapshot.created_at = self.created_at + snapshot.modified_at = self.modified_at_was end # Restore requested changes on the current version changes.keys.each do |attr| - if attr == 'preserve_version' && changes[attr].last == false + if attr == 'preserve_version' && changes[attr].last == false && !should_preserve_version next # Ignore false assignment, once true it'll be true until next version end self.attributes = {attr => changes[attr].last} @@ -273,7 +290,6 @@ class Collection < ArvadosModel if should_preserve_version self.version += 1 - self.preserve_version = false end yield @@ -281,20 +297,37 @@ class Collection < ArvadosModel sync_past_versions if syncable_updates.any? if snapshot snapshot.attributes = self.syncable_updates - snapshot.manifest_text = snapshot.signed_manifest_text - snapshot.save + leave_modified_by_user_alone do + leave_modified_at_alone do + act_as_system_user do + snapshot.save + end + end + end end end end + def maybe_update_modified_by_fields + if !(self.changes.keys - ['updated_at', 'preserve_version']).empty? + super + end + end + def syncable_updates updates = {} - (syncable_attrs & self.changes.keys).each do |attr| + if self.changes.any? + changes = self.changes + else + # If called after save... + changes = self.saved_changes + end + (syncable_attrs & changes.keys).each do |attr| if attr == 'uuid' # Point old versions to current version's new UUID - updates['current_version_uuid'] = self.changes[attr].last + updates['current_version_uuid'] = changes[attr].last else - updates[attr] = self.changes[attr].last + updates[attr] = changes[attr].last end end return updates @@ -302,9 +335,9 @@ class Collection < ArvadosModel def sync_past_versions updates = self.syncable_updates - Collection.where('current_version_uuid = ? AND uuid != ?', self.uuid_was, self.uuid_was).each do |c| + Collection.where('current_version_uuid = ? AND uuid != ?', self.uuid_before_last_save, self.uuid_before_last_save).each do |c| c.attributes = updates - # Use a different validation context to skip the 'old_versions_cannot_be_updated' + # Use a different validation context to skip the 'past_versions_cannot_be_updated' # validator, as on this case it is legal to update some fields. leave_modified_by_user_alone do leave_modified_at_alone do @@ -322,11 +355,20 @@ class Collection < ArvadosModel ['uuid', 'owner_uuid', 'delete_at', 'trash_at', 'is_trashed', 'replication_desired', 'storage_classes_desired'] end + def is_past_version? + # Check for the '_was' values just in case the update operation + # includes a change on current_version_uuid or uuid. + !(new_record? || self.current_version_uuid_was == self.uuid_was) + end + def should_preserve_version? - return false unless (Rails.configuration.Collections["CollectionVersioning"] && versionable_updates?(self.changes.keys)) + return false unless (Rails.configuration.Collections.CollectionVersioning && versionable_updates?(self.changes.keys)) - idle_threshold = Rails.configuration.Collections["PreserveVersionIfIdle"] + return false if self.is_trashed + + idle_threshold = Rails.configuration.Collections.PreserveVersionIfIdle if !self.preserve_version_was && + !self.preserve_version && (idle_threshold < 0 || (idle_threshold > 0 && self.modified_at_was > db_current_time-idle_threshold.seconds)) return false @@ -371,7 +413,7 @@ class Collection < ArvadosModel return manifest_text else token = Thread.current[:token] - exp = [db_current_time.to_i + Rails.configuration.Collections["BlobSigningTTL"], + exp = [db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i, trash_at].compact.map(&:to_i).min self.class.sign_manifest manifest_text, token, exp end @@ -379,7 +421,7 @@ class Collection < ArvadosModel def self.sign_manifest manifest, token, exp=nil if exp.nil? - exp = db_current_time.to_i + Rails.configuration.Collections["BlobSigningTTL"] + exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i end signing_opts = { api_token: token, @@ -489,7 +531,7 @@ class Collection < ArvadosModel # # If filter_compatible_format is true (the default), only return image # collections which are support by the installation as indicated by - # Rails.configuration.Containers["SupportedDockerImageFormats"]. Will follow + # Rails.configuration.Containers.SupportedDockerImageFormats. Will follow # 'docker_image_migration' links if search_term resolves to an incompatible # image, but an equivalent compatible image is available. def self.find_all_for_docker_image(search_term, search_tag=nil, readers=nil, filter_compatible_format: true) @@ -500,7 +542,7 @@ class Collection < ArvadosModel joins("JOIN collections ON links.head_uuid = collections.uuid"). order("links.created_at DESC") - docker_image_formats = Rails.configuration.Containers["SupportedDockerImageFormats"] + docker_image_formats = Rails.configuration.Containers.SupportedDockerImageFormats.keys.map(&:to_s) if (docker_image_formats.include? 'v1' and docker_image_formats.include? 'v2') or filter_compatible_format == false @@ -519,7 +561,7 @@ class Collection < ArvadosModel loc.strip_hints! coll_match = readable_by(*readers).where(portable_data_hash: loc.to_s).limit(1) rc = Rails.configuration.RemoteClusters.select{ |k| - k != "*" && k != Rails.configuration.ClusterID} + k != :"*" && k != Rails.configuration.ClusterID} if coll_match.any? or rc.length == 0 return get_compatible_images(readers, pattern, coll_match) else @@ -590,11 +632,28 @@ class Collection < ArvadosModel # validation on empty desired storage classes return an error. def default_storage_classes if self.storage_classes_desired.nil? || self.storage_classes_desired.empty? - self.storage_classes_desired = ["default"] + self.storage_classes_desired = Rails.configuration.DefaultStorageClasses end self.storage_classes_confirmed ||= [] end + # Sets managed properties at creation time + def managed_properties + managed_props = Rails.configuration.Collections.ManagedProperties.with_indifferent_access + if managed_props.empty? + return + end + (managed_props.keys - self.properties.keys).each do |key| + if managed_props[key]['Function'] == 'original_owner' + self.properties[key] = self.user_owner_uuid + elsif managed_props[key]['Value'] + self.properties[key] = managed_props[key]['Value'] + else + logger.warn "Unidentified default property definition '#{key}': #{managed_props[key].inspect}" + end + end + end + def portable_manifest_text self.class.munge_manifest_locators(manifest_text) do |match| if match[2] # size @@ -650,17 +709,34 @@ class Collection < ArvadosModel end def past_versions_cannot_be_updated - # We check for the '_was' values just in case the update operation - # includes a change on current_version_uuid or uuid. - if current_version_uuid_was != uuid_was + if is_past_version? errors.add(:base, "past versions cannot be updated") false end end + def protected_managed_properties_updates + managed_properties = Rails.configuration.Collections.ManagedProperties.with_indifferent_access + if managed_properties.empty? || !properties_changed? || current_user.is_admin + return true + end + protected_props = managed_properties.keys.select do |p| + Rails.configuration.Collections.ManagedProperties[p]['Protected'] + end + # Pre-existent protected properties can't be updated + invalid_updates = properties_was.keys.select{|p| properties_was[p] != properties[p]} & protected_props + if !invalid_updates.empty? + invalid_updates.each do |p| + errors.add("protected property cannot be updated:", p) + end + raise PermissionDeniedError.new + end + true + end + def versioning_metadata_updates valid = true - if (current_version_uuid_was == uuid_was) && current_version_uuid_changed? + if !is_past_version? && current_version_uuid_changed? errors.add(:current_version_uuid, "cannot be updated") valid = false end @@ -676,4 +752,8 @@ class Collection < ArvadosModel self.current_version_uuid ||= self.uuid true end + + def log_update + super unless (saved_changes.keys - UNLOGGED_CHANGES).empty? + end end