and use that in collections.provenance instead of plain where().
refs #1977
refs #2037
end
def find_objects_for_index
- uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
- sanitized_uuid_list = uuid_list.
- collect { |uuid| model_class.sanitize(uuid) }.join(', ')
- or_references_me = ''
- if model_class == Link and current_user
- or_references_me = "OR (#{table_name}.link_class in (#{model_class.sanitize 'permission'}, #{model_class.sanitize 'resources'}) AND #{model_class.sanitize current_user.uuid} IN (#{table_name}.head_uuid, #{table_name}.tail_uuid))"
- end
- @objects ||= model_class.
- joins("LEFT JOIN links permissions ON permissions.head_uuid in (#{table_name}.owner_uuid, #{table_name}.uuid) AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
- where("?=? OR #{table_name}.owner_uuid in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL #{or_references_me}",
- true, current_user.is_admin,
- uuid_list,
- current_user.uuid)
+ @objects ||= model_class.readable_by(current_user)
if !@where.empty?
conditions = ['1=1']
@where.each do |attr,value|
return ""
end
- #puts "visiting #{uuid}"
+ logger.debug "visiting #{uuid}"
if m
# uuid is a collection
- Collection.where(uuid: uuid).each do |c|
+ Collection.readable_by(current_user).where(uuid: uuid).each do |c|
visited[uuid] = c.as_api_response
visited[uuid][:files] = []
c.files.each do |f|
end
end
- Job.where(output: uuid).each do |job|
+ Job.readable_by(current_user).where(output: uuid).each do |job|
generate_provenance_edges(visited, job.uuid)
end
- Job.where(log: uuid).each do |job|
+ Job.readable_by(current_user).where(log: uuid).each do |job|
generate_provenance_edges(visited, job.uuid)
end
# uuid is something else
rsc = ArvadosModel::resource_class_for_uuid uuid
if rsc == Job
- Job.where(uuid: uuid).each do |job|
+ Job.readable_by(current_user).where(uuid: uuid).each do |job|
visited[uuid] = job.as_api_response
script_param_edges(visited, job.script_parameters)
end
end
end
- Link.where(head_uuid: uuid, link_class: "provenance").each do |link|
+ Link.readable_by(current_user).
+ where(head_uuid: uuid, link_class: "provenance").
+ each do |link|
visited[link.uuid] = link.as_api_response
generate_provenance_edges(visited, link.tail_uuid)
end
end
end
+ def self.readable_by user
+ uuid_list = [user.uuid, *user.groups_i_can(:read)]
+ sanitized_uuid_list = uuid_list.
+ collect { |uuid| sanitize(uuid) }.join(', ')
+ or_references_me = ''
+ if self == Link and user
+ or_references_me = "OR (#{table_name}.link_class in (#{sanitize 'permission'}, #{sanitize 'resources'}) AND #{sanitize user.uuid} IN (#{table_name}.head_uuid, #{table_name}.tail_uuid))"
+ end
+ joins("LEFT JOIN links permissions ON permissions.head_uuid in (#{table_name}.owner_uuid, #{table_name}.uuid) AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+ where("?=? OR #{table_name}.owner_uuid in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL #{or_references_me}",
+ true, user.is_admin,
+ uuid_list,
+ user.uuid)
+ end
+
protected
def ensure_permission_to_create
link_class: permission
name: can_read
head_kind: arvados#job
- head_uuid: zzzzz-8i9sb-aceg2bnq7jt7kon
+ head_uuid: zzzzz-8i9sb-cjs4pklxxjykyuq
properties: {}