From: Peter Amstutz <peter.amstutz@curii.com>
Date: Thu, 11 Jun 2020 17:12:04 +0000 (-0400)
Subject: 16007: Add REVOKE_PERM and CAN_MANAGE_PERM constants
X-Git-Tag: 2.1.0~193^2~4
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/6f514b3e6aa21afddaa527bf852cff3a5801aa19

16007: Add REVOKE_PERM and CAN_MANAGE_PERM constants

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
---

diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb
index 485205f1eb..36814a3163 100644
--- a/services/api/app/models/group.rb
+++ b/services/api/app/models/group.rb
@@ -80,13 +80,13 @@ on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at;
   def before_ownership_change
     if owner_uuid_changed? and !self.owner_uuid_was.nil?
       MaterializedPermission.where(user_uuid: owner_uuid_was, target_uuid: uuid).delete_all
-      update_permissions self.owner_uuid_was, self.uuid, 0
+      update_permissions self.owner_uuid_was, self.uuid, REVOKE_PERM
     end
   end
 
   def after_ownership_change
     if owner_uuid_changed?
-      update_permissions self.owner_uuid, self.uuid, 3
+      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
     end
   end
 
diff --git a/services/api/app/models/link.rb b/services/api/app/models/link.rb
index da4ca6c870..cd1ff40c22 100644
--- a/services/api/app/models/link.rb
+++ b/services/api/app/models/link.rb
@@ -80,7 +80,7 @@ class Link < ArvadosModel
 
   def clear_permissions
     if self.link_class == 'permission'
-      update_permissions tail_uuid, head_uuid, 0
+      update_permissions tail_uuid, head_uuid, REVOKE_PERM
     end
   end
 
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index a2922cb7b3..d65cfb9c4f 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -146,18 +146,18 @@ SELECT 1 FROM #{PERMISSION_VIEW}
   def before_ownership_change
     if owner_uuid_changed? and !self.owner_uuid_was.nil?
       MaterializedPermission.where(user_uuid: owner_uuid_was, target_uuid: uuid).delete_all
-      update_permissions self.owner_uuid_was, self.uuid, 0
+      update_permissions self.owner_uuid_was, self.uuid, REVOKE_PERM
     end
   end
 
   def after_ownership_change
     if owner_uuid_changed?
-      update_permissions self.owner_uuid, self.uuid, 3
+      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
     end
   end
 
   def clear_permissions
-    update_permissions self.owner_uuid, self.uuid, 0
+    update_permissions self.owner_uuid, self.uuid, REVOKE_PERM
     MaterializedPermission.where("user_uuid = ? or target_uuid = ?", uuid, uuid).delete_all
   end
 
@@ -447,11 +447,11 @@ update #{PERMISSION_VIEW} set target_uuid=$1 where target_uuid = $2
         update_attributes!(redirect_to_user_uuid: new_user.uuid, username: nil)
       end
       skip_check_permissions_against_full_refresh do
-        update_permissions self.owner_uuid, self.uuid, 3
-        update_permissions self.uuid, self.uuid, 3
-        update_permissions new_user.owner_uuid, new_user.uuid, 3
+        update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
+        update_permissions self.uuid, self.uuid, CAN_MANAGE_PERM
+        update_permissions new_user.owner_uuid, new_user.uuid, CAN_MANAGE_PERM
       end
-      update_permissions new_user.uuid, new_user.uuid, 3
+      update_permissions new_user.uuid, new_user.uuid, CAN_MANAGE_PERM
     end
   end
 
diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb
index 4d3986a4b7..1d9c1006b8 100644
--- a/services/api/lib/update_permissions.rb
+++ b/services/api/lib/update_permissions.rb
@@ -4,6 +4,9 @@
 
 require '20200501150153_permission_table_constants'
 
+REVOKE_PERM = 0
+CAN_MANAGE_PERM = 3
+
 def update_permissions perm_origin_uuid, starting_uuid, perm_level
   #
   # Update a subset of the permission table affected by adding or