| # Copyright 2016 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style |
| # license that can be found in the LICENSE file or at |
| # https://developers.google.com/open-source/licenses/bsd |
| |
| """Servlet that searches for issues that the specified user cannot view. |
| |
| The GET request to a backend has query string parameters for the |
| shard_id, a user_id, and list of project IDs. It returns a |
| JSON-formatted dict with issue_ids that that user is not allowed to |
| view. As a side-effect, this servlet updates multiple entries |
| in memcache, including each "nonviewable:USER_ID;PROJECT_ID;SHARD_ID". |
| """ |
| from __future__ import print_function |
| from __future__ import division |
| from __future__ import absolute_import |
| |
| import logging |
| |
| from google.appengine.api import memcache |
| |
| import settings |
| from framework import authdata |
| from framework import framework_constants |
| from framework import framework_helpers |
| from framework import jsonfeed |
| from framework import permissions |
| from framework import sql |
| from search import search_helpers |
| |
| |
| |
| # We cache the set of IIDs that a given user cannot view, and we invalidate |
| # that set when the issues are changed via Monorail. Also, we limit the live |
| # those cache entries so that changes in a user's (direct or indirect) roles |
| # in a project will take effect. |
| NONVIEWABLE_MEMCACHE_EXPIRATION = 15 * framework_constants.SECS_PER_MINUTE |
| |
| |
| class BackendNonviewable(jsonfeed.FlaskInternalTask): |
| """JSON servlet for getting issue IDs that the specified user cannot view.""" |
| |
| CHECK_SAME_APP = True |
| |
| def HandleRequest(self, mr): |
| """Get all the user IDs that the specified user cannot view. |
| |
| Args: |
| mr: common information parsed from the HTTP request. |
| |
| Returns: |
| Results dictionary {project_id: [issue_id]} in JSON format. |
| """ |
| if mr.shard_id is None: |
| return {'message': 'Cannot proceed without a valid shard_id.'} |
| user_id = mr.specified_logged_in_user_id |
| auth = authdata.AuthData.FromUserID(mr.cnxn, user_id, self.services) |
| project_id = mr.specified_project_id |
| project = self.services.project.GetProject(mr.cnxn, project_id) |
| |
| perms = permissions.GetPermissions( |
| auth.user_pb, auth.effective_ids, project) |
| |
| nonviewable_iids = self.GetNonviewableIIDs( |
| mr.cnxn, auth.user_pb, auth.effective_ids, project, perms, mr.shard_id) |
| |
| cached_ts = mr.invalidation_timestep |
| if mr.specified_project_id: |
| memcache.set( |
| 'nonviewable:%d;%d;%d' % (project_id, user_id, mr.shard_id), |
| (nonviewable_iids, cached_ts), |
| time=NONVIEWABLE_MEMCACHE_EXPIRATION, |
| namespace=settings.memcache_namespace) |
| else: |
| memcache.set( |
| 'nonviewable:all;%d;%d' % (user_id, mr.shard_id), |
| (nonviewable_iids, cached_ts), |
| time=NONVIEWABLE_MEMCACHE_EXPIRATION, |
| namespace=settings.memcache_namespace) |
| |
| logging.info('set nonviewable:%s;%d;%d to %r', project_id, user_id, |
| mr.shard_id, nonviewable_iids) |
| |
| return { |
| 'nonviewable': nonviewable_iids, |
| |
| # These are not used in the frontend, but useful for debugging. |
| 'project_id': project_id, |
| 'user_id': user_id, |
| 'shard_id': mr.shard_id, |
| } |
| |
| def GetNonviewableIIDs( |
| self, cnxn, user, effective_ids, project, perms, shard_id): |
| """Return a list of IIDs that the user cannot view in the project shard.""" |
| # Project owners and site admins can see all issues. |
| if not perms.consider_restrictions: |
| return [] |
| |
| # There are two main parts to the computation that we do in parallel: |
| # getting at-risk IIDs and getting OK-iids. |
| cnxn_2 = sql.MonorailConnection() |
| at_risk_iids_promise = framework_helpers.Promise( |
| self.GetAtRiskIIDs, cnxn_2, user, effective_ids, project, perms, shard_id) |
| ok_iids = self.GetViewableIIDs( |
| cnxn, effective_ids, project.project_id, shard_id) |
| at_risk_iids = at_risk_iids_promise.WaitAndGetValue() |
| |
| # The set of non-viewable issues is the at-risk ones minus the ones where |
| # the user is the reporter, owner, CC'd, or granted "View" permission. |
| nonviewable_iids = set(at_risk_iids).difference(ok_iids) |
| |
| return list(nonviewable_iids) |
| |
| def GetAtRiskIIDs( |
| self, cnxn, user, effective_ids, project, perms, shard_id): |
| # type: (MonorailConnection, proto.user_pb2.User, Sequence[int], Project, |
| # permission_objects_pb2.PermissionSet, int) -> Sequence[int] |
| """Return IIDs of restricted issues that user might not be able to view.""" |
| at_risk_label_ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| cnxn, user, self.services.config, effective_ids, project, perms) |
| at_risk_iids = self.services.issue.GetIIDsByLabelIDs( |
| cnxn, at_risk_label_ids, project.project_id, shard_id) |
| |
| return at_risk_iids |
| |
| |
| def GetViewableIIDs(self, cnxn, effective_ids, project_id, shard_id): |
| """Return IIDs of issues that user can view because they participate.""" |
| # Anon user is never reporter, owner, CC'd or granted perms. |
| if not effective_ids: |
| return [] |
| |
| ok_iids = self.services.issue.GetIIDsByParticipant( |
| cnxn, effective_ids, [project_id], shard_id) |
| |
| return ok_iids |
| |
| def GetBackendNonviewable(self, **kwargs): |
| return self.handler(**kwargs) |
| |
| def PostBackendNonviewable(self, **kwargs): |
| return self.handler(**kwargs) |