[ARVADOS] created: 1.1.4-745-gd413a4a2d
Git user
git at public.curoverse.com
Thu Aug 2 16:35:54 EDT 2018
at d413a4a2db69387115651eaf4d73259afb1f8f13 (commit)
commit d413a4a2db69387115651eaf4d73259afb1f8f13
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Aug 2 16:35:37 2018 -0400
13146: Implement the actual "Shared with me" query
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/lib/controller/shared.go b/lib/controller/shared.go
index 2d3ccc711..b5d8bdac4 100644
--- a/lib/controller/shared.go
+++ b/lib/controller/shared.go
@@ -3,6 +3,7 @@ package controller
import (
"database/sql"
"encoding/json"
+ "fmt"
"net/http"
"git.curoverse.com/arvados.git/sdk/go/arvados"
@@ -19,12 +20,25 @@ func (h *Handler) groupsShared(w http.ResponseWriter, req *http.Request, current
gl := arvados.GroupList{}
- err = db.QueryRowContext(req.Context(), `SELECT count(uuid) from groups`).Scan(&gl.ItemsAvailable)
+ // select groups that are readable by current user AND
+ // the owner_uuid is a user (but not the current user) OR
+ // the owner_uuid is not readable by the current user
+ // the owner_uuid group_class is not a project
+
+ baseQuery := `SELECT %s from groups
+WHERE
+ EXISTS(SELECT 1 from materialized_permission_view WHERE user_uuid=$1 AND target_uuid=groups.uuid) AND
+ (groups.owner_uuid IN (SELECT uuid FROM users WHERE users.uuid != $1) OR
+ NOT EXISTS(SELECT 1 FROM materialized_permission_view WHERE user_uuid=$1 AND target_uuid=groups.owner_uuid) OR
+ EXISTS(SELECT 1 FROM groups as gp where gp.uuid=groups.owner_uuid and gp.group_class != 'project'))
+LIMIT 50`
+
+ err = db.QueryRowContext(req.Context(), fmt.Sprintf(baseQuery, "count(uuid)"), currentUser.UUID).Scan(&gl.ItemsAvailable)
if err != nil {
return err
}
- rows, err := db.QueryContext(req.Context(), `SELECT uuid, name, owner_uuid, group_class from groups limit 50`)
+ rows, err := db.QueryContext(req.Context(), fmt.Sprintf(baseQuery, "uuid, name, owner_uuid, group_class"), currentUser.UUID)
if err != nil {
return err
}
commit 11b8abbc549c93c5d1fa70de38d18fbb60caf074
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Aug 2 16:09:52 2018 -0400
13146: Returns real json response
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/lib/controller/shared.go b/lib/controller/shared.go
index a816ef736..2d3ccc711 100644
--- a/lib/controller/shared.go
+++ b/lib/controller/shared.go
@@ -2,7 +2,7 @@ package controller
import (
"database/sql"
- "fmt"
+ "encoding/json"
"net/http"
"git.curoverse.com/arvados.git/sdk/go/arvados"
@@ -10,8 +10,39 @@ import (
"git.curoverse.com/arvados.git/sdk/go/httpserver"
)
-func (h *Handler) groupsShared(w http.ResponseWriter, req *http.Request, currentUser CurrentUser) {
- w.Write([]byte(fmt.Sprintf("Hello world %v\n", currentUser.UUID)))
+func (h *Handler) groupsShared(w http.ResponseWriter, req *http.Request, currentUser CurrentUser) error {
+
+ db, err := h.db(req)
+ if err != nil {
+ return err
+ }
+
+ gl := arvados.GroupList{}
+
+ err = db.QueryRowContext(req.Context(), `SELECT count(uuid) from groups`).Scan(&gl.ItemsAvailable)
+ if err != nil {
+ return err
+ }
+
+ rows, err := db.QueryContext(req.Context(), `SELECT uuid, name, owner_uuid, group_class from groups limit 50`)
+ if err != nil {
+ return err
+ }
+
+ defer rows.Close()
+ for rows.Next() {
+ var g arvados.Group
+ rows.Scan(&g.UUID, &g.Name, &g.OwnerUUID, &g.GroupClass)
+ gl.Items = append(gl.Items, g)
+ }
+
+ enc := json.NewEncoder(w)
+ err = enc.Encode(gl)
+ if err != nil {
+ return err
+ }
+
+ return nil
}
func (h *Handler) handleGoAPI(w http.ResponseWriter, req *http.Request, next http.Handler) {
@@ -43,5 +74,8 @@ func (h *Handler) handleGoAPI(w http.ResponseWriter, req *http.Request, next htt
// Handle /arvados/v1/groups/shared
- h.groupsShared(w, req, currentUser)
+ err = h.groupsShared(w, req, currentUser)
+ if err != nil {
+ httpserver.Error(w, err.Error(), http.StatusBadRequest)
+ }
}
commit 69908de75499f96955a58d8c723724fc89d28812
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Aug 2 15:35:17 2018 -0400
13146: Projects shared with me WIP
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/lib/controller/federation.go b/lib/controller/federation.go
index 24b925053..c610a70ec 100644
--- a/lib/controller/federation.go
+++ b/lib/controller/federation.go
@@ -54,6 +54,19 @@ func (h *Handler) proxyRemoteCluster(w http.ResponseWriter, req *http.Request, n
h.proxy.Do(w, req, urlOut, client)
}
+type CurrentUser struct {
+ Authorization arvados.APIClientAuthorization
+ UUID string
+}
+
+func (h *Handler) validateAPItoken(req *http.Request, user *CurrentUser) error {
+ db, err := h.db(req)
+ if err != nil {
+ return err
+ }
+ return db.QueryRowContext(req.Context(), `SELECT api_client_authorizations.uuid, users.uuid FROM api_client_authorizations JOIN users on api_client_authorizations.user_id=users.id WHERE api_token=$1 AND (expires_at IS NULL OR expires_at > current_timestamp) LIMIT 1`, user.Authorization.APIToken).Scan(&user.Authorization.UUID, &user.UUID)
+}
+
// Extract the auth token supplied in req, and replace it with a
// salted token for the remote cluster.
func (h *Handler) saltAuthToken(req *http.Request, remote string) error {
@@ -82,20 +95,16 @@ func (h *Handler) saltAuthToken(req *http.Request, remote string) error {
// If the token exists in our own database, salt it
// for the remote. Otherwise, assume it was issued by
// the remote, and pass it through unmodified.
- db, err := h.db(req)
- if err != nil {
- return err
- }
- aca := arvados.APIClientAuthorization{APIToken: creds.Tokens[0]}
- err = db.QueryRowContext(req.Context(), `SELECT uuid FROM api_client_authorizations WHERE api_token=$1 AND (expires_at IS NULL OR expires_at > current_timestamp) LIMIT 1`, aca.APIToken).Scan(&aca.UUID)
+ currentUser := CurrentUser{Authorization: arvados.APIClientAuthorization{APIToken: creds.Tokens[0]}}
+ err = h.validateAPItoken(req, ¤tUser)
if err == sql.ErrNoRows {
// Not ours; pass through unmodified.
- token = aca.APIToken
+ token = currentUser.Authorization.APIToken
} else if err != nil {
return err
} else {
// Found; make V2 version and salt it.
- token, err = auth.SaltToken(aca.TokenV2(), remote)
+ token, err = auth.SaltToken(currentUser.Authorization.TokenV2(), remote)
if err != nil {
return err
}
diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index 25799aae9..caa84a90c 100644
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -68,6 +68,7 @@ func (h *Handler) setup() {
})
hs := http.NotFoundHandler()
hs = prepend(hs, h.proxyRailsAPI)
+ hs = prepend(hs, h.handleGoAPI)
hs = prepend(hs, h.proxyRemoteCluster)
mux.Handle("/", hs)
h.handlerStack = mux
diff --git a/lib/controller/shared.go b/lib/controller/shared.go
new file mode 100644
index 000000000..a816ef736
--- /dev/null
+++ b/lib/controller/shared.go
@@ -0,0 +1,47 @@
+package controller
+
+import (
+ "database/sql"
+ "fmt"
+ "net/http"
+
+ "git.curoverse.com/arvados.git/sdk/go/arvados"
+ "git.curoverse.com/arvados.git/sdk/go/auth"
+ "git.curoverse.com/arvados.git/sdk/go/httpserver"
+)
+
+func (h *Handler) groupsShared(w http.ResponseWriter, req *http.Request, currentUser CurrentUser) {
+ w.Write([]byte(fmt.Sprintf("Hello world %v\n", currentUser.UUID)))
+}
+
+func (h *Handler) handleGoAPI(w http.ResponseWriter, req *http.Request, next http.Handler) {
+ if req.URL.Path != "/arvados/v1/groups/shared" {
+ next.ServeHTTP(w, req)
+ return
+ }
+
+ // Check token and get user UUID
+
+ creds := auth.NewCredentials()
+ creds.LoadTokensFromHTTPRequest(req)
+
+ if len(creds.Tokens) == 0 {
+ httpserver.Error(w, "Not logged in", http.StatusForbidden)
+ return
+ }
+
+ currentUser := CurrentUser{Authorization: arvados.APIClientAuthorization{APIToken: creds.Tokens[0]}}
+ err := h.validateAPItoken(req, ¤tUser)
+ if err != nil {
+ if err == sql.ErrNoRows {
+ httpserver.Error(w, "Not logged in", http.StatusForbidden)
+ } else {
+ httpserver.Error(w, err.Error(), http.StatusBadRequest)
+ }
+ return
+ }
+
+ // Handle /arvados/v1/groups/shared
+
+ h.groupsShared(w, req, currentUser)
+}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list