[Crunch2] System-owned container outputs should be garbage-collected
When a container finishes, crunch-run creates an output collection and records its PDH in the container record.
On the API server, the container update triggers a hook that creates one copy of the output collection for each of N container requests that have been waiting on this container.
The original output collection is owned by root and
there is no cleanup process has trash_at set to now+defaultTrashLifetime.
In crunch-run, create the output collection with trash_at=now.
In the API server hook that creates a collection for each relevant container request, when looking up the container output manifest, make sure to include trashed collections in the search.
#12 Updated by Peter Amstutz about 4 years ago
- Status changed from Resolved to Feedback
def validate_output # Output must exist and be readable by the current user. This is so # that a container cannot "claim" a collection that it doesn't otherwise # have access to just by setting the output field to the collection PDH. if output_changed? c = Collection. readable_by(current_user). where(portable_data_hash: self.output). first if !c errors.add :output, "collection must exist and be readable by current user." end end end
This also needs to be unscoped.
#13 Updated by Peter Amstutz about 4 years ago
Additional fixes on 9277-container-output