Story #13146

Updated by Peter Amstutz about 3 years ago

To get "projects shared with me" efficiently requires a new API endpoint. The way arv-mount currently determines what to list in "shared" currently requires looking at all projects and finding the ones where owner_uuid is not another project which is visible to us (meaning: users, non-project groups, or shared subprojects where the parent is not visible). This is expensive to compute on
the client, but can probably be accomplished with a single query on the API server.

Proposed endpoint: /arvados/v1/groups/shared

Return in "items" a list of toplevel projects and collections which are shared with me. Toplevel projects are ones which are either owned by a user, owned by a non-project group, or owned by a group which the user cannot read.

Support "includes" to return the set of owner objects as well (users, groups).

Possible query
Query (abbreviated):

* select groups that are readable by current user AND
** the owner_uuid is a user (not a group) OR
** the owner_uuid is a group is not a project or is not readable by the current user

<pre>
select uuid from groups where
exists(select 1 from materialized_permission_view where user_uuid='2tlax-tpzed-51vcbmac4uv6bpb' and target_uuid=groups.uuid) and
(groups.owner_uuid in (select uuid from users) or
not exists(select 1 from materialized_permission_view where user_uuid='2tlax-tpzed-51vcbmac4uv6bpb' and target_uuid=groups.owner_uuid)) and
owner_uuid != '2tlax-tpzed-51vcbmac4uv6bpb';
</pre>

Back