Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 1 | # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file or at |
| 4 | # https://developers.google.com/open-source/licenses/bsd |
| 5 | |
| 6 | """Servlet that searches for issues that the specified user cannot view. |
| 7 | |
| 8 | The GET request to a backend has query string parameters for the |
| 9 | shard_id, a user_id, and list of project IDs. It returns a |
| 10 | JSON-formatted dict with issue_ids that that user is not allowed to |
| 11 | view. As a side-effect, this servlet updates multiple entries |
| 12 | in memcache, including each "nonviewable:USER_ID;PROJECT_ID;SHARD_ID". |
| 13 | """ |
| 14 | from __future__ import print_function |
| 15 | from __future__ import division |
| 16 | from __future__ import absolute_import |
| 17 | |
| 18 | import logging |
| 19 | |
| 20 | from google.appengine.api import memcache |
| 21 | |
| 22 | import settings |
| 23 | from framework import authdata |
| 24 | from framework import framework_constants |
| 25 | from framework import framework_helpers |
| 26 | from framework import jsonfeed |
| 27 | from framework import permissions |
| 28 | from framework import sql |
| 29 | from search import search_helpers |
| 30 | |
| 31 | |
| 32 | |
| 33 | # We cache the set of IIDs that a given user cannot view, and we invalidate |
| 34 | # that set when the issues are changed via Monorail. Also, we limit the live |
| 35 | # those cache entries so that changes in a user's (direct or indirect) roles |
| 36 | # in a project will take effect. |
| 37 | NONVIEWABLE_MEMCACHE_EXPIRATION = 15 * framework_constants.SECS_PER_MINUTE |
| 38 | |
| 39 | |
Adrià Vilanova Martínez | 9f9ade5 | 2022-10-10 23:20:11 +0200 | [diff] [blame^] | 40 | class BackendNonviewable(jsonfeed.FlaskInternalTask): |
Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 41 | """JSON servlet for getting issue IDs that the specified user cannot view.""" |
| 42 | |
| 43 | CHECK_SAME_APP = True |
| 44 | |
| 45 | def HandleRequest(self, mr): |
| 46 | """Get all the user IDs that the specified user cannot view. |
| 47 | |
| 48 | Args: |
| 49 | mr: common information parsed from the HTTP request. |
| 50 | |
| 51 | Returns: |
| 52 | Results dictionary {project_id: [issue_id]} in JSON format. |
| 53 | """ |
| 54 | if mr.shard_id is None: |
| 55 | return {'message': 'Cannot proceed without a valid shard_id.'} |
| 56 | user_id = mr.specified_logged_in_user_id |
| 57 | auth = authdata.AuthData.FromUserID(mr.cnxn, user_id, self.services) |
| 58 | project_id = mr.specified_project_id |
| 59 | project = self.services.project.GetProject(mr.cnxn, project_id) |
| 60 | |
| 61 | perms = permissions.GetPermissions( |
| 62 | auth.user_pb, auth.effective_ids, project) |
| 63 | |
| 64 | nonviewable_iids = self.GetNonviewableIIDs( |
| 65 | mr.cnxn, auth.user_pb, auth.effective_ids, project, perms, mr.shard_id) |
| 66 | |
| 67 | cached_ts = mr.invalidation_timestep |
| 68 | if mr.specified_project_id: |
| 69 | memcache.set( |
| 70 | 'nonviewable:%d;%d;%d' % (project_id, user_id, mr.shard_id), |
| 71 | (nonviewable_iids, cached_ts), |
| 72 | time=NONVIEWABLE_MEMCACHE_EXPIRATION, |
| 73 | namespace=settings.memcache_namespace) |
| 74 | else: |
| 75 | memcache.set( |
| 76 | 'nonviewable:all;%d;%d' % (user_id, mr.shard_id), |
| 77 | (nonviewable_iids, cached_ts), |
| 78 | time=NONVIEWABLE_MEMCACHE_EXPIRATION, |
| 79 | namespace=settings.memcache_namespace) |
| 80 | |
| 81 | logging.info('set nonviewable:%s;%d;%d to %r', project_id, user_id, |
| 82 | mr.shard_id, nonviewable_iids) |
| 83 | |
| 84 | return { |
| 85 | 'nonviewable': nonviewable_iids, |
| 86 | |
| 87 | # These are not used in the frontend, but useful for debugging. |
| 88 | 'project_id': project_id, |
| 89 | 'user_id': user_id, |
| 90 | 'shard_id': mr.shard_id, |
| 91 | } |
| 92 | |
| 93 | def GetNonviewableIIDs( |
| 94 | self, cnxn, user, effective_ids, project, perms, shard_id): |
| 95 | """Return a list of IIDs that the user cannot view in the project shard.""" |
| 96 | # Project owners and site admins can see all issues. |
| 97 | if not perms.consider_restrictions: |
| 98 | return [] |
| 99 | |
| 100 | # There are two main parts to the computation that we do in parallel: |
| 101 | # getting at-risk IIDs and getting OK-iids. |
| 102 | cnxn_2 = sql.MonorailConnection() |
| 103 | at_risk_iids_promise = framework_helpers.Promise( |
| 104 | self.GetAtRiskIIDs, cnxn_2, user, effective_ids, project, perms, shard_id) |
| 105 | ok_iids = self.GetViewableIIDs( |
| 106 | cnxn, effective_ids, project.project_id, shard_id) |
| 107 | at_risk_iids = at_risk_iids_promise.WaitAndGetValue() |
| 108 | |
| 109 | # The set of non-viewable issues is the at-risk ones minus the ones where |
| 110 | # the user is the reporter, owner, CC'd, or granted "View" permission. |
| 111 | nonviewable_iids = set(at_risk_iids).difference(ok_iids) |
| 112 | |
| 113 | return list(nonviewable_iids) |
| 114 | |
| 115 | def GetAtRiskIIDs( |
| 116 | self, cnxn, user, effective_ids, project, perms, shard_id): |
| 117 | # type: (MonorailConnection, proto.user_pb2.User, Sequence[int], Project, |
| 118 | # permission_objects_pb2.PermissionSet, int) -> Sequence[int] |
| 119 | """Return IIDs of restricted issues that user might not be able to view.""" |
| 120 | at_risk_label_ids = search_helpers.GetPersonalAtRiskLabelIDs( |
| 121 | cnxn, user, self.services.config, effective_ids, project, perms) |
| 122 | at_risk_iids = self.services.issue.GetIIDsByLabelIDs( |
| 123 | cnxn, at_risk_label_ids, project.project_id, shard_id) |
| 124 | |
| 125 | return at_risk_iids |
| 126 | |
| 127 | |
| 128 | def GetViewableIIDs(self, cnxn, effective_ids, project_id, shard_id): |
| 129 | """Return IIDs of issues that user can view because they participate.""" |
| 130 | # Anon user is never reporter, owner, CC'd or granted perms. |
| 131 | if not effective_ids: |
| 132 | return [] |
| 133 | |
| 134 | ok_iids = self.services.issue.GetIIDsByParticipant( |
| 135 | cnxn, effective_ids, [project_id], shard_id) |
| 136 | |
| 137 | return ok_iids |
Adrià Vilanova Martínez | de94280 | 2022-07-15 14:06:55 +0200 | [diff] [blame] | 138 | |
Adrià Vilanova Martínez | 9f9ade5 | 2022-10-10 23:20:11 +0200 | [diff] [blame^] | 139 | def GetBackendNonviewable(self, **kwargs): |
| 140 | return self.handler(**kwargs) |
Adrià Vilanova Martínez | de94280 | 2022-07-15 14:06:55 +0200 | [diff] [blame] | 141 | |
Adrià Vilanova Martínez | 9f9ade5 | 2022-10-10 23:20:11 +0200 | [diff] [blame^] | 142 | def PostBackendNonviewable(self, **kwargs): |
| 143 | return self.handler(**kwargs) |