Toggle group ownership on projects

apps/dashboard/app/controllers/projects_controller.rb

@@ -236,7 +236,7 @@ def templates
   def project_params
     params
       .require(:project)
-      .permit(:name, :directory, :description, :icon, :id, :template)
+      .permit(:name, :directory, :description, :icon, :id, :template, :group_owner)
   end
 
   def show_project_params

apps/dashboard/app/helpers/projects_helper.rb

@@ -31,4 +31,39 @@ def button_category(status)
       status
     end
   end
+
+  def possible_user_groups(project)
+    user_groups = Process.groups.map{|id| Etc.getgrgid(id).name}
+    # accept path arg directly for debugging
+    root_dir = project.is_a?(Pathname) ? project : project.project_dataroot
+
+    ancestors = []
+    root_dir.ascend do |parent|
+      ancestors.push(parent) unless parent == root_dir
+    end
+
+    candidates = user_groups.dup
+
+    # check that ancestors are not restricted to specific groups
+    ancestors.each do |a|
+      st = a.stat
+      mode = st.mode & 0o777
+      other_x = (mode & 0o001) != 0
+      group_x = (mode & 0o010) != 0
+
+      next if other_x
+
+      if group_x
+        gname = Etc.getgrgid(st.gid).name rescue nil
+        return [] unless gname
+        # if they are, restrict candidates to that group
+        candidates &= [gname]
+      else
+        return []
+      end
+      break if candidates.empty?
+    end
+
+    candidates.sort.uniq
+  end
 end

apps/dashboard/app/models/project.rb

@@ -111,7 +111,7 @@ def importable_directories
     end
   end
 
-  attr_reader :id, :name, :description, :icon, :directory, :template, :files
+  attr_reader :id, :name, :description, :icon, :directory, :template, :files, :group_owner
 
   validates :name, presence: { message: :required }, on: [:create, :update]
   validates :id, :directory, :icon, presence: { message: :required }, on: [:update]
@@ -128,7 +128,7 @@ def initialize(attributes = {})
     @directory = attributes[:directory]
     @directory = File.expand_path(@directory) unless @directory.blank?
     @template = attributes[:template]
-
+    @group_owner = get_group_owner
     return if new_record?
 
     contents = File.read(manifest_path)
@@ -166,6 +166,7 @@ def save
   def update(attributes)
     update_attrs(attributes)
 
+    return false unless update_ownership(attributes)
     return false unless valid?(:update)
 
     store_manifest(:update)
@@ -203,6 +204,23 @@ def remove_from_lookup
     false
   end
 
+  def get_group_owner
+    if project_dataroot.grpowned?
+      Etc.getgrgid(project_dataroot.stat.gid).name
+    else
+      'None'
+    end
+  end
+
+  def set_group_owner(group)
+    begin 
+      FileUtils.chown(nil, Etc.getgrnam(group).gid, project_dataroot)
+    rescue StandardError => e
+      errors.add(:update, "Unable to modify group ownership with error #{e.class}:#{e.message}")
+      false
+    end
+  end
+
   def icon_class
     # rails will prepopulate the tag with fa- so just the name is needed
     icon.sub('fas://', '')
@@ -299,6 +317,15 @@ def update_attrs(attributes)
     end
   end
 
+  def update_ownership(attributes)
+    new_group = attributes.fetch(:group_owner, false)
+    if new_group
+      (new_group == 'None') ? true : set_group_owner(new_group)
+    else
+      true
+    end
+  end
+
   def make_dir
     project_dataroot.mkpath         unless project_dataroot.exist?
     configuration_directory.mkpath  unless configuration_directory.exist?

apps/dashboard/app/views/projects/_form.html.erb

@@ -50,6 +50,13 @@
           <div class="field">
             <%= form.text_area :description, placeholder: I18n.t('dashboard.jobs_project_description_placeholder') %>
           </div>
+
+          <% groups = edit_project_action ? possible_user_groups(@project) : [] %>
+          <% unless groups.empty? %>
+            <div class="field">
+              <%= form.select :group_owner, groups.unshift('None'), label: 'Group owner' %>
+            </div>
+          <% end %>
         </div>
       </div>
       </div>