blob: 21f1189d09c15cbc5e3d4149b6783c10a24dc455 [file] [log] [blame]
# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Servlet that searches for issues that the specified user cannot view.
The GET request to a backend has query string parameters for the
shard_id, a user_id, and list of project IDs. It returns a
JSON-formatted dict with issue_ids that that user is not allowed to
view. As a side-effect, this servlet updates multiple entries
in memcache, including each "nonviewable:USER_ID;PROJECT_ID;SHARD_ID".
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import
import logging
from google.appengine.api import memcache
import settings
from framework import authdata
from framework import framework_constants
from framework import framework_helpers
from framework import jsonfeed
from framework import permissions
from framework import sql
from search import search_helpers
# We cache the set of IIDs that a given user cannot view, and we invalidate
# that set when the issues are changed via Monorail. Also, we limit the live
# those cache entries so that changes in a user's (direct or indirect) roles
# in a project will take effect.
class BackendNonviewable(jsonfeed.InternalTask):
"""JSON servlet for getting issue IDs that the specified user cannot view."""
def HandleRequest(self, mr):
"""Get all the user IDs that the specified user cannot view.
mr: common information parsed from the HTTP request.
Results dictionary {project_id: [issue_id]} in JSON format.
if mr.shard_id is None:
return {'message': 'Cannot proceed without a valid shard_id.'}
user_id = mr.specified_logged_in_user_id
auth = authdata.AuthData.FromUserID(mr.cnxn, user_id,
project_id = mr.specified_project_id
project =, project_id)
perms = permissions.GetPermissions(
auth.user_pb, auth.effective_ids, project)
nonviewable_iids = self.GetNonviewableIIDs(
mr.cnxn, auth.user_pb, auth.effective_ids, project, perms, mr.shard_id)
cached_ts = mr.invalidation_timestep
if mr.specified_project_id:
'nonviewable:%d;%d;%d' % (project_id, user_id, mr.shard_id),
(nonviewable_iids, cached_ts),
'nonviewable:all;%d;%d' % (user_id, mr.shard_id),
(nonviewable_iids, cached_ts),
namespace=settings.memcache_namespace)'set nonviewable:%s;%d;%d to %r', project_id, user_id,
mr.shard_id, nonviewable_iids)
return {
'nonviewable': nonviewable_iids,
# These are not used in the frontend, but useful for debugging.
'project_id': project_id,
'user_id': user_id,
'shard_id': mr.shard_id,
def GetNonviewableIIDs(
self, cnxn, user, effective_ids, project, perms, shard_id):
"""Return a list of IIDs that the user cannot view in the project shard."""
# Project owners and site admins can see all issues.
if not perms.consider_restrictions:
return []
# There are two main parts to the computation that we do in parallel:
# getting at-risk IIDs and getting OK-iids.
cnxn_2 = sql.MonorailConnection()
at_risk_iids_promise = framework_helpers.Promise(
self.GetAtRiskIIDs, cnxn_2, user, effective_ids, project, perms, shard_id)
ok_iids = self.GetViewableIIDs(
cnxn, effective_ids, project.project_id, shard_id)
at_risk_iids = at_risk_iids_promise.WaitAndGetValue()
# The set of non-viewable issues is the at-risk ones minus the ones where
# the user is the reporter, owner, CC'd, or granted "View" permission.
nonviewable_iids = set(at_risk_iids).difference(ok_iids)
return list(nonviewable_iids)
def GetAtRiskIIDs(
self, cnxn, user, effective_ids, project, perms, shard_id):
# type: (MonorailConnection, mrproto.user_pb2.User, Sequence[int], Project,
# permission_objects_pb2.PermissionSet, int) -> Sequence[int]
"""Return IIDs of restricted issues that user might not be able to view."""
at_risk_label_ids = search_helpers.GetPersonalAtRiskLabelIDs(
cnxn, user,, effective_ids, project, perms)
at_risk_iids =
cnxn, at_risk_label_ids, project.project_id, shard_id)
return at_risk_iids
def GetViewableIIDs(self, cnxn, effective_ids, project_id, shard_id):
"""Return IIDs of issues that user can view because they participate."""
# Anon user is never reporter, owner, CC'd or granted perms.
if not effective_ids:
return []
ok_iids =
cnxn, effective_ids, [project_id], shard_id)
return ok_iids
def GetBackendNonviewable(self, **kwargs):
return self.handler(**kwargs)
def PostBackendNonviewable(self, **kwargs):
return self.handler(**kwargs)