+
+func (h *handler) UserPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
+ if tokenUser == nil {
+ return false
+ }
+ var permitDownload bool
+ var permitUpload bool
+ if tokenUser.IsAdmin {
+ permitUpload = h.Config.cluster.Collections.KeepWebPermission.Admin.Upload
+ permitDownload = h.Config.cluster.Collections.KeepWebPermission.Admin.Download
+ } else {
+ permitUpload = h.Config.cluster.Collections.KeepWebPermission.User.Upload
+ permitDownload = h.Config.cluster.Collections.KeepWebPermission.User.Download
+ }
+ if (method == "PUT" || method == "POST") && !permitUpload {
+ // Disallow operations that upload new files.
+ // Permit webdav operations that move existing files around.
+ return false
+ } else if method == "GET" && !permitDownload {
+ // Disallow downloading file contents.
+ // Permit webdav operations like PROPFIND that retrieve metadata
+ // but not file contents.
+ return false
+ }
+ return true
+}
+
+func (h *handler) LogUploadOrDownload(r *http.Request, client *arvadosclient.ArvadosClient, collection *arvados.Collection, user *arvados.User) {
+ log := ctxlog.FromContext(r.Context())
+ props := make(map[string]string)
+ props["reqPath"] = r.URL.Path
+ if user != nil {
+ log = log.WithField("user_uuid", user.UUID).
+ WithField("full_name", user.FullName)
+ }
+ if collection != nil {
+ log = log.WithField("collection_uuid", collection.UUID)
+ props["collection_uuid"] = collection.UUID
+ }
+ if r.Method == "PUT" || r.Method == "POST" {
+ log.Info("File upload")
+ go func() {
+ lr := arvadosclient.Dict{"log": arvadosclient.Dict{
+ "object_uuid": user.UUID,
+ "event_type": "file_upload",
+ "properties": props}}
+ client.Create("logs", lr, nil)
+ }()
+ } else if r.Method == "GET" {
+ if collection != nil {
+ log = log.WithField("portable_data_hash", collection.PortableDataHash)
+ props["portable_data_hash"] = collection.PortableDataHash
+ }
+ log.Info("File download")
+ go func() {
+ lr := arvadosclient.Dict{"log": arvadosclient.Dict{
+ "object_uuid": user.UUID,
+ "event_type": "file_download",
+ "properties": props}}
+ client.Create("logs", lr, nil)
+ }()
+ }
+}