From: Peter Amstutz <pamstutz@veritasgenetics.com>
Date: Thu, 9 Aug 2018 16:44:11 +0000 (-0400)
Subject: 13146: Shared endpoint wip
X-Git-Tag: 1.2.0~22^2~10
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/0befd8da0101dbc7845c8216637c8b621519bc68

13146: Shared endpoint wip

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>
---

diff --git a/services/api/app/controllers/arvados/v1/groups_controller.rb b/services/api/app/controllers/arvados/v1/groups_controller.rb
index ec3b69ab05..aafef2de29 100644
--- a/services/api/app/controllers/arvados/v1/groups_controller.rb
+++ b/services/api/app/controllers/arvados/v1/groups_controller.rb
@@ -7,6 +7,9 @@ require "trashable"
 class Arvados::V1::GroupsController < ApplicationController
   include TrashableController
 
+  skip_before_filter :find_object_by_uuid, only: :shared
+  skip_before_filter :render_404_if_no_object, only: :shared
+
   def self._index_requires_parameters
     (super rescue {}).
       merge({
@@ -63,6 +66,44 @@ class Arvados::V1::GroupsController < ApplicationController
     })
   end
 
+  def shared
+    # The purpose of this endpoint is to return the toplevel set of
+    # projects which are *not* reachable through an ownership chain of
+    # projects starting from the user account.  In other words,
+    # projects which to which access was granted via a permission
+    # link, or indirectly through group permissions.
+    #
+    # This also returns (in the "includes" field) the objects that own
+    # those projects (users or non-project groups).
+    #
+    # select groups that are readable by current user AND
+    #   the owner_uuid is a user (but not the current user) OR
+    #   the owner_uuid is not readable by the current user
+    #   the owner_uuid group_class is not a project
+
+    if current_user.is_admin
+      exists1 = "EXISTS(SELECT 1 from #{PERMISSION_VIEW} WHERE user_uuid=(:user_uuid) AND target_uuid=groups.uuid) AND "
+    end
+
+    g = Group.where("group_class='project' AND "+
+                    exists1+
+                    "(groups.owner_uuid IN (SELECT uuid FROM users WHERE users.uuid != (:user_uuid)) OR "+
+                    "NOT EXISTS(SELECT 1 FROM materialized_permission_view WHERE user_uuid=(:user_uuid) AND target_uuid=groups.owner_uuid) OR "+
+                    "EXISTS(SELECT 1 FROM groups as gp where gp.uuid=groups.owner_uuid and gp.group_class != 'project'))",
+                    user_uuid: current_user.uuid)
+
+    send_json({
+      :kind => "arvados#objectList",
+      :etag => "",
+      :self_link => "",
+      :offset => @offset,
+      :limit => @limit,
+      :items_available => @items_available,
+      :items => g.as_api_response(nil)
+    })
+
+  end
+
   protected
 
   def load_searchable_objects
diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index b0c09840d7..b54c3c5bf1 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -30,6 +30,7 @@ Server::Application.routes.draw do
       resources :groups do
         get 'contents', on: :collection
         get 'contents', on: :member
+        get 'shared', on: :collection
         post 'trash', on: :member
         post 'untrash', on: :member
       end