[ARVADOS] updated: e049bc7067a800c2852ffaf82c9b530cef5b9f19

[git at public.curoverse.com]

Summary of changes:
 .../api/app/controllers/application_controller.rb  |    4 +-
 .../arvados/v1/collections_controller.rb           |   59 +++++++++++++++-----
 2 files changed, 48 insertions(+), 15 deletions(-)

       via  e049bc7067a800c2852ffaf82c9b530cef5b9f19 (commit)
       via  92d1022d103b58ddad0427736a776a27f198667e (commit)
      from  904989797f0e70dad2d4a2da8ed05693ad1619bd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit e049bc7067a800c2852ffaf82c9b530cef5b9f19
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Jan 14 14:12:59 2014 -0800

    In collections.create, set owner to root and add a permission link
    rather than setting owner to current_user. This gives the expected
    behavior when two different users create identical collections: both
    users can read the resulting object.
    
    closes #1870

diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb
index d81f441..4b63747 100644
--- a/services/api/app/controllers/arvados/v1/collections_controller.rb
+++ b/services/api/app/controllers/arvados/v1/collections_controller.rb
@@ -1,19 +1,50 @@
 class Arvados::V1::CollectionsController < ApplicationController
   def create
-    # It's not an error for a client to re-register a manifest that we
-    # already know about.
-    @object = model_class.new resource_attrs
-    begin
-      @object.save!
-    rescue ActiveRecord::RecordNotUnique
-      logger.debug resource_attrs.inspect
-      if resource_attrs[:manifest_text] and resource_attrs[:uuid]
-        @existing_object = model_class.
-          where('uuid=? and manifest_text=?',
-                resource_attrs[:uuid],
-                resource_attrs[:manifest_text]).
-          first
-        @object = @existing_object || @object
+    # Collections are owned by system_user. Creating a collection has
+    # two effects: The collection is added if it doesn't already
+    # exist, and a "permission" Link is added (if one doesn't already
+    # exist) giving the current user (or specified owner_uuid)
+    # permission to read it.
+    owner_uuid = resource_attrs.delete(:owner_uuid) || current_user.uuid
+    owner_kind = if owner_uuid.match(/-(\w+)-/)[1] == User.uuid_prefix
+                   'arvados#user'
+                 else
+                   'arvados#group'
+                 end
+    unless current_user.can? write: owner_uuid
+      raise ArvadosModel::PermissionDeniedError
+    end
+    act_as_system_user do
+      @object = model_class.new resource_attrs.reject { |k,v| k == :owner_uuid }
+      begin
+        @object.save!
+      rescue ActiveRecord::RecordNotUnique
+        logger.debug resource_attrs.inspect
+        if resource_attrs[:manifest_text] and resource_attrs[:uuid]
+          @existing_object = model_class.
+            where('uuid=? and manifest_text=?',
+                  resource_attrs[:uuid],
+                  resource_attrs[:manifest_text]).
+            first
+          @object = @existing_object || @object
+        end
+      end
+
+      if @object
+        link_attrs = {
+          owner_uuid: owner_uuid,
+          link_class: 'permission',
+          name: 'can_read',
+          head_kind: 'arvados#collection',
+          head_uuid: @object.uuid,
+          tail_kind: owner_kind,
+          tail_uuid: owner_uuid
+        }
+        ActiveRecord::Base.transaction do
+          if Link.where(link_attrs).empty?
+            Link.create! link_attrs
+          end
+        end
       end
     end
     show

commit 92d1022d103b58ddad0427736a776a27f198667e
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Jan 14 13:37:30 2014 -0800

    Obey permissions when retrieving object by UUID.
    
    closes #1871

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index c7cbc60..708defe 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -310,7 +310,9 @@ class ApplicationController < ActionController::Base
     if params[:id] and params[:id].match /\D/
       params[:uuid] = params.delete :id
     end
-    @object = model_class.where('uuid=?', params[:uuid]).first
+    @where = { uuid: params[:uuid] }
+    find_objects_for_index
+    @object = @objects.first
   end
 
   def self.accept_attribute_as_json(attr, force_class=nil)

-----------------------------------------------------------------------


hooks/post-receive
--