blob: d76eeef9a5f9d5d30e0e38d1b5c5d66cfe059487 [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2016 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6"""Servlet that searches for issues that the specified user cannot view.
7
8The GET request to a backend has query string parameters for the
9shard_id, a user_id, and list of project IDs. It returns a
10JSON-formatted dict with issue_ids that that user is not allowed to
11view. As a side-effect, this servlet updates multiple entries
12in memcache, including each "nonviewable:USER_ID;PROJECT_ID;SHARD_ID".
13"""
14from __future__ import print_function
15from __future__ import division
16from __future__ import absolute_import
17
18import logging
19
20from google.appengine.api import memcache
21
22import settings
23from framework import authdata
24from framework import framework_constants
25from framework import framework_helpers
26from framework import jsonfeed
27from framework import permissions
28from framework import sql
29from search import search_helpers
30
31
32
33# We cache the set of IIDs that a given user cannot view, and we invalidate
34# that set when the issues are changed via Monorail. Also, we limit the live
35# those cache entries so that changes in a user's (direct or indirect) roles
36# in a project will take effect.
37NONVIEWABLE_MEMCACHE_EXPIRATION = 15 * framework_constants.SECS_PER_MINUTE
38
39
40class BackendNonviewable(jsonfeed.InternalTask):
41 """JSON servlet for getting issue IDs that the specified user cannot view."""
42
43 CHECK_SAME_APP = True
44
45 def HandleRequest(self, mr):
46 """Get all the user IDs that the specified user cannot view.
47
48 Args:
49 mr: common information parsed from the HTTP request.
50
51 Returns:
52 Results dictionary {project_id: [issue_id]} in JSON format.
53 """
54 if mr.shard_id is None:
55 return {'message': 'Cannot proceed without a valid shard_id.'}
56 user_id = mr.specified_logged_in_user_id
57 auth = authdata.AuthData.FromUserID(mr.cnxn, user_id, self.services)
58 project_id = mr.specified_project_id
59 project = self.services.project.GetProject(mr.cnxn, project_id)
60
61 perms = permissions.GetPermissions(
62 auth.user_pb, auth.effective_ids, project)
63
64 nonviewable_iids = self.GetNonviewableIIDs(
65 mr.cnxn, auth.user_pb, auth.effective_ids, project, perms, mr.shard_id)
66
67 cached_ts = mr.invalidation_timestep
68 if mr.specified_project_id:
69 memcache.set(
70 'nonviewable:%d;%d;%d' % (project_id, user_id, mr.shard_id),
71 (nonviewable_iids, cached_ts),
72 time=NONVIEWABLE_MEMCACHE_EXPIRATION,
73 namespace=settings.memcache_namespace)
74 else:
75 memcache.set(
76 'nonviewable:all;%d;%d' % (user_id, mr.shard_id),
77 (nonviewable_iids, cached_ts),
78 time=NONVIEWABLE_MEMCACHE_EXPIRATION,
79 namespace=settings.memcache_namespace)
80
81 logging.info('set nonviewable:%s;%d;%d to %r', project_id, user_id,
82 mr.shard_id, nonviewable_iids)
83
84 return {
85 'nonviewable': nonviewable_iids,
86
87 # These are not used in the frontend, but useful for debugging.
88 'project_id': project_id,
89 'user_id': user_id,
90 'shard_id': mr.shard_id,
91 }
92
93 def GetNonviewableIIDs(
94 self, cnxn, user, effective_ids, project, perms, shard_id):
95 """Return a list of IIDs that the user cannot view in the project shard."""
96 # Project owners and site admins can see all issues.
97 if not perms.consider_restrictions:
98 return []
99
100 # There are two main parts to the computation that we do in parallel:
101 # getting at-risk IIDs and getting OK-iids.
102 cnxn_2 = sql.MonorailConnection()
103 at_risk_iids_promise = framework_helpers.Promise(
104 self.GetAtRiskIIDs, cnxn_2, user, effective_ids, project, perms, shard_id)
105 ok_iids = self.GetViewableIIDs(
106 cnxn, effective_ids, project.project_id, shard_id)
107 at_risk_iids = at_risk_iids_promise.WaitAndGetValue()
108
109 # The set of non-viewable issues is the at-risk ones minus the ones where
110 # the user is the reporter, owner, CC'd, or granted "View" permission.
111 nonviewable_iids = set(at_risk_iids).difference(ok_iids)
112
113 return list(nonviewable_iids)
114
115 def GetAtRiskIIDs(
116 self, cnxn, user, effective_ids, project, perms, shard_id):
117 # type: (MonorailConnection, proto.user_pb2.User, Sequence[int], Project,
118 # permission_objects_pb2.PermissionSet, int) -> Sequence[int]
119 """Return IIDs of restricted issues that user might not be able to view."""
120 at_risk_label_ids = search_helpers.GetPersonalAtRiskLabelIDs(
121 cnxn, user, self.services.config, effective_ids, project, perms)
122 at_risk_iids = self.services.issue.GetIIDsByLabelIDs(
123 cnxn, at_risk_label_ids, project.project_id, shard_id)
124
125 return at_risk_iids
126
127
128 def GetViewableIIDs(self, cnxn, effective_ids, project_id, shard_id):
129 """Return IIDs of issues that user can view because they participate."""
130 # Anon user is never reporter, owner, CC'd or granted perms.
131 if not effective_ids:
132 return []
133
134 ok_iids = self.services.issue.GetIIDsByParticipant(
135 cnxn, effective_ids, [project_id], shard_id)
136
137 return ok_iids