--- /dev/null
+*agpl-3.0.txt
+apps/workbench/app/assets/javascripts/list.js
+build/package-test-dockerfiles/centos7/localrepo.repo
+build/package-test-dockerfiles/ubuntu1604/etc-apt-preferences.d-arvados
+*by-sa-3.0.txt
+*COPYING
+doc/fonts/*
+*/docker_image
+docker/jobs/apt.arvados.org.list
+*.gif
+.gitignore
+*/.gitignore
+*/.gitkeep
+*/.gitstub
+*.gz
+*.gz.report
+*.ico
+*.jpg
+*.json
+*LICENSE*.txt
+*.lock
+*.log
+*.map
+*.png
+*/proc_stat
+*/README
+*/robots.txt
+*/runit-docker/*
+*/script/rails
+sdk/cwl/tests/input/blorp.txt
+sdk/cwl/tests/tool/blub.txt
+sdk/go/manifest/testdata/*_manifest
+sdk/java/.classpath
+sdk/java/pom.xml
+sdk/java/.project
+sdk/java/.settings/org.eclipse.jdt.core.prefs
+sdk/java/src/main/resources/log4j.properties
+sdk/pam/examples/shellinabox
+sdk/pam/pam-configs/arvados
+sdk/python/tests/data/*
+services/api/config/unbound.template
+services/arv-web/sample-cgi-app/public/.htaccess
+services/arv-web/sample-cgi-app/public/index.cgi
+services/keepproxy/pkg-extras/etc/default/keepproxy
+*.tar
+tools/crunchstat-summary/tests/crunchstat_error_messages.txt
--- /dev/null
+#!/bin/bash
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+set -e
+
+fix=false
+while [[ "${@}" != "" ]]
+do
+ arg=${1}
+ shift
+ case ${arg} in
+ --help)
+ cat <<EOF
+Usage: $0 [--fix] [-- git-ls-args...]
+
+Options:
+
+--fix Insert missing copyright notices where possible.
+
+Git arguments:
+
+Arguments after "--" are passed to \`git ls-files\`; this can be used to
+restrict the set of files to check.
+
+EOF
+ exit 2
+ ;;
+ --fix)
+ fix=true
+ ;;
+ --)
+ break
+ ;;
+ *)
+ echo >&2 "Unrecognized argument '${arg}'. Try $0 --help"
+ exit 2
+ ;;
+ esac
+done
+
+fixer() {
+ want="${want}" perl -pi~ -e 'if ($. == 1) { s{^(\#\!.*\n)?}{${1}$ENV{want}\n\n} }' "${1}"
+}
+
+IFS=$'\n' read -a ignores -r -d $'\000' <.licenseignore || true
+result=0
+git ls-files -z ${@} | \
+ while read -rd $'\000' fnm
+ do
+ grepAfter=2
+ grepBefore=0
+ cs=
+ cc=
+ ce=
+ fixer=
+ if [[ ! -f ${fnm} ]] || [[ -L ${fnm} ]] || [[ ! -s ${fnm} ]]
+ then
+ continue
+ fi
+
+ ignore=
+ for pattern in "${ignores[@]}"
+ do
+ if [[ ${fnm} == ${pattern} ]]
+ then
+ ignore=1
+ fi
+ done
+ if [[ ${ignore} = 1 ]]; then continue; fi
+
+ case ${fnm} in
+ Makefile | */Makefile \
+ | *.dockerfile | */Dockerfile.* | */Dockerfile | *.dockerignore \
+ | */MANIFEST.in | */fuse.conf | */gitolite.rc \
+ | *.pl | *.pm | *.PL \
+ | *.rb | *.rb.example | *.rake | *.ru \
+ | *.gemspec | */Gemfile | */Rakefile \
+ | services/login-sync/bin/* \
+ | sdk/cli/bin/* \
+ | *.py \
+ | sdk/python/bin/arv-* \
+ | sdk/cwl/bin/* \
+ | services/nodemanager/bin/* \
+ | services/fuse/bin/* \
+ | tools/crunchstat-summary/bin/* \
+ | crunch_scripts/* \
+ | *.yaml | *.yml | *.yml.example | *.cwl \
+ | *.sh | *.service \
+ | */run | */run-service | */restart-dns-server \
+ | */nodemanager/doc/*.cfg \
+ | */nginx.conf \
+ | build/build.list)
+ fixer=fixer
+ cc="#"
+ ;;
+ *.md)
+ fixer=fixer
+ cc="[//]: #"
+ ;;
+ *.rst)
+ fixer=fixer
+ cc=".."
+ ;;
+ *.erb)
+ fixer=fixer
+ cs="<%#"
+ cc=""
+ ce=" %>"
+ ;;
+ *.liquid)
+ fixer=fixer
+ cs=$'{% comment %}\n'
+ cc=
+ ce=$'\n%{% endcomment %}'
+ grepAfter=3
+ grepBefore=1
+ ;;
+ *.textile)
+ fixer=fixer
+ cs="###."
+ cc="...."
+ ce=
+ ;;
+ *.css)
+ fixer=fixer
+ cs="/*"
+ cc=""
+ ce=" */"
+ ;;
+ *.go | *.scss | *.java | *.js | *.coffee)
+ fixer=fixer
+ cc="//"
+ ;;
+ *.sql)
+ fixer=fixer
+ cc="--"
+ ;;
+ *.html | *.svg)
+ fixer=fixer
+ cs="<!-- "
+ cc=
+ ce=" -->"
+ ;;
+ *)
+ cc="#"
+ hashbang=$(head -n1 ${fnm})
+ if [[ ${hashbang} = "#!/bin/sh" ]] || [[ ${hashbang} = "#!/bin/bash" ]]
+ then
+ fixer=fixer
+ fi
+ ;;
+ esac
+ wantGPL="${cs:-${cc}} Copyright (C) The Arvados Authors. All rights reserved.
+${cc}
+${cc}${cc:+ }SPDX-License-Identifier: AGPL-3.0${ce}"
+ wantApache="${cs:-${cc}} Copyright (C) The Arvados Authors. All rights reserved.
+${cc}
+${cc}${cc:+ }SPDX-License-Identifier: Apache-2.0${ce}"
+ wantBYSA="${cs:-${cc}} Copyright (C) The Arvados Authors. All rights reserved.
+${cc}
+${cc}${cc:+ }SPDX-License-Identifier: CC-BY-SA-3.0${ce}"
+ found=$(head "$fnm" | egrep -A${grepAfter} -B${grepBefore} 'Copyright.*Arvados' || true)
+ case ${fnm} in
+ Makefile | build/* | lib/* | tools/* | apps/* | services/*)
+ want=${wantGPL}
+ ;;
+ crunch_scripts/* | backports/* | docker/* | sdk/*)
+ want=${wantApache}
+ ;;
+ README.md | doc/*)
+ want=${wantBYSA}
+ ;;
+ *)
+ want=
+ ;;
+ esac
+ case "$found" in
+ "$wantGPL")
+ ;;
+ "$wantApache")
+ ;;
+ "$wantBYSA")
+ ;;
+ "")
+ if [[ -z ${found} ]] && [[ -n ${want} ]] && [[ $fix = true ]] && [[ $fixer != "" ]]
+ then
+ ${fixer} ${fnm}
+ else
+ echo "missing copyright notice: $fnm"
+ result=1
+ fi
+ ;;
+ *)
+ echo "nonstandard copyright notice: $fnm '${found}'"
+ result=1
+ ;;
+ esac
+ done
+exit $result
COLUMNS=80
. `dirname "$(readlink -f "$0")"`/run-library.sh
-#. `dirname "$(readlink -f "$0")"`/libcloud-pin
+#. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh
read -rd "\000" helpmessage <<EOF
$(basename $0): Build Arvados Python packages and Ruby gems
#!/bin/bash
. `dirname "$(readlink -f "$0")"`/run-library.sh
-. `dirname "$(readlink -f "$0")"`/libcloud-pin
+. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh
read -rd "\000" helpmessage <<EOF
$(basename $0): Build Arvados packages
#!/bin/bash
-. `dirname "$(readlink -f "$0")"`/libcloud-pin
+. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh
COLUMNS=80
. `dirname "$(readlink -f "$0")"`/run-library.sh
+++ /dev/null
----
-layout: default
-navsection: start
-title: Welcome to Arvados!
-...
-
-This guide provides an introduction to using Arvados to solve big data bioinformatics problems.
-
-
-h2. Typographic conventions
-
-This manual uses the following typographic conventions:
-
-<notextile>
-<ul>
-<li>Code blocks which are set aside from the text indicate user input to the system. Commands that should be entered into a Unix shell are indicated by the directory where you should enter the command ('~' indicates your home directory) followed by '$', followed by the highlighted <span class="userinput">command to enter</span> (do not enter the '$'), and possibly followed by example command output in black. For example, the following block indicates that you should type <code>ls foo.*</code> while in your home directory and the expected output will be "foo.input" and "foo.output".
-</notextile>
-
-<div class="custom-container key-features">
-<a class="prev" href="#">‹</a>
-
-<div class="carousel">
- <ul>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/dashboard2.png" style="width:909px; height:503px;" title="[START] After logging in, you see Workbench's dashboard."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/running2.png" style="width:909px; height:503px;" title="Pipelines describe a set of computational tasks (jobs)."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/log.png" style="width:909px; height:503px;" title="The output of all jobs is logged and stored automatically."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/graph.png" style="width:909px; height:503px;" title="Pipelines can be also viewed in auto-generated graph form."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/rerun.png" style="width:909px; height:503px;" title="Pipelines can easily be re-run..."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/chooseinputs.png" style="width:909px; height:503px;" title="...by changing parameters or picking new datasets..."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/webupload.png" style="width:909px; height:503px;" title="...which can be uploaded right in Workbench."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/collectionpage.png" style="width:909px; height:503px;" title="Collections allow sharing datasets and job outputs easily."></li>
- <li><img class="hascaption" src="{{ site.baseurl }}/images/keyfeatures/provenance.png" style="width:909px; height:503px;" title="Data provenance is tracked automatically. [END]"></li>
- </ul>
-</div>
-<a class="next" href="#">›</a>
-<div class="clear"></div>
-</div>
-
-<script type="text/javascript">
-(function() {
- $(".key-features .carousel").jCarouselLite({
- btnNext: ".key-features .next",
- btnPrev: ".key-features .prev",
- visible: 1,
- });
-});
-('.hascaption').each(function() {
- $(this).after( "<div style='background: rgba(0,0,0,0.6); color: white; padding: 1.4em;'>" + $(this).attr('title') + "</div>" );
-});
-</script>
reset_container=1
leave_running=0
config=dev
-tag=""
+tag="latest"
while test -n "$1" ; do
arg="$1"
export ARVADOS_API_HOST_INSECURE=1
export ARVADOS_API_TOKEN=\$(cat /var/lib/arvados/superuser_token)
+arv-keepdocker --pull arvados/jobs $tag
+if test "$tag" != "latest" ; then
+ docker tag arvados/jobs:$tag arvados/jobs:latest
+ arv-keepdocker arvados/jobs latest
+fi
+
cat >/tmp/cwltest/arv-cwl-jobs <<EOF2
#!/bin/sh
exec arvados-cwl-runner --api=jobs \\\$@
before_filter :admin_required, :only => :get_all_permissions
def get_all_permissions
- # users is a map of {user_uuid => User object}
- users = {}
# user_aks is a map of {user_uuid => array of public keys}
user_aks = {}
# admins is an array of user_uuids
admins = []
- User.eager_load(:authorized_keys).find_each do |u|
- next unless u.is_active or u.uuid == anonymous_user_uuid
- users[u.uuid] = u
+ User.
+ where('users.is_active = ? or users.uuid = ?', true, anonymous_user_uuid).
+ eager_load(:authorized_keys).find_each do |u|
user_aks[u.uuid] = u.authorized_keys.collect do |ak|
{
public_key: ak.public_key,
end
admins << u.uuid if u.is_admin
end
+ all_group_permissions = User.all_group_permissions
@repo_info = {}
Repository.eager_load(:permissions).find_each do |repo|
@repo_info[repo.uuid] = {
# A group has permission. Each user who has access to this
# group also has access to the repository. Access level is
# min(group-to-repo permission, user-to-group permission).
- users.each do |user_uuid, user|
- perm_mask = user.group_permissions[perm.tail_uuid]
+ user_aks.each do |user_uuid, _|
+ perm_mask = all_group_permissions[user_uuid][perm.tail_uuid]
if not perm_mask
next
elsif perm_mask[:manage] and perm.name == 'can_manage'
evidence << {name: 'can_read', user_uuid: user_uuid}
end
end
- elsif users[perm.tail_uuid]
+ elsif user_aks.has_key?(perm.tail_uuid)
# A user has permission; the user exists; and either the
# user is active, or it's the special case of the anonymous
# user which is never "active" but is allowed to read
([repo.owner_uuid] | admins).each do |user_uuid|
# Except: no permissions for inactive users, even if they own
# repositories.
- next unless users[user_uuid]
+ next unless user_aks.has_key?(user_uuid)
evidence << {name: 'can_manage', user_uuid: user_uuid}
end
# Distill all the evidence about permissions on this repository
end
end
+ # Return a hash of {user_uuid: group_perms}
+ def self.all_group_permissions
+ install_view('permission')
+ all_perms = {}
+ ActiveRecord::Base.connection.
+ exec_query('SELECT user_uuid, target_owner_uuid, max(perm_level)
+ FROM permission_view
+ WHERE target_owner_uuid IS NOT NULL
+ GROUP BY user_uuid, target_owner_uuid',
+ # "name" arg is a query label that appears in logs:
+ "all_group_permissions",
+ ).rows.each do |user_uuid, group_uuid, max_p_val|
+ all_perms[user_uuid] ||= {}
+ all_perms[user_uuid][group_uuid] = PERMS_FOR_VAL[max_p_val.to_i]
+ end
+ all_perms
+ end
+
# Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
# and perm_hash[:write] are true if this user can read and write
# objects owned by group_uuid.
def calculate_group_permissions
- install_view('permission')
+ self.class.install_view('permission')
group_perms = {}
ActiveRecord::Base.connection.
module CanBeAnOwner
def self.included(base)
+ base.extend(ClassMethods)
+
# Rails' "has_many" can prevent us from destroying the owner
# record when other objects refer to it.
ActiveRecord::Base.connection.tables.each do |t|
base.validate :restrict_uuid_change_breaking_associations
end
+ module ClassMethods
+ def install_view(type)
+ conn = ActiveRecord::Base.connection
+ transaction do
+ # Check whether the temporary view has already been created
+ # during this connection. If not, create it.
+ conn.exec_query "SAVEPOINT check_#{type}_view"
+ begin
+ conn.exec_query("SELECT 1 FROM #{type}_view LIMIT 0")
+ rescue
+ conn.exec_query "ROLLBACK TO SAVEPOINT check_#{type}_view"
+ sql = File.read(Rails.root.join("lib", "create_#{type}_view.sql"))
+ conn.exec_query(sql)
+ ensure
+ conn.exec_query "RELEASE SAVEPOINT check_#{type}_view"
+ end
+ end
+ end
+ end
+
def descendant_project_uuids
- install_view('ancestor')
+ self.class.install_view('ancestor')
ActiveRecord::Base.connection.
exec_query('SELECT ancestor_view.uuid
FROM ancestor_view
self.owner_uuid = uuid
end
end
-
- def install_view(type)
- conn = ActiveRecord::Base.connection
- self.class.transaction do
- # Check whether the temporary view has already been created
- # during this connection. If not, create it.
- conn.exec_query "SAVEPOINT check_#{type}_view"
- begin
- conn.exec_query("SELECT 1 FROM #{type}_view LIMIT 0")
- rescue
- conn.exec_query "ROLLBACK TO SAVEPOINT check_#{type}_view"
- sql = File.read(Rails.root.join("lib", "create_#{type}_view.sql"))
- conn.exec_query(sql)
- ensure
- conn.exec_query "RELEASE SAVEPOINT check_#{type}_view"
- end
- end
- end
end