diff --git a/apps/dashboard/app/controllers/projects_controller.rb b/apps/dashboard/app/controllers/projects_controller.rb
index f33375ad2..ac9f2157a 100644
--- a/apps/dashboard/app/controllers/projects_controller.rb
+++ b/apps/dashboard/app/controllers/projects_controller.rb
@@ -236,7 +236,7 @@ def templates
def project_params
params
.require(:project)
- .permit(:name, :directory, :description, :icon, :id, :template, :group_owner)
+ .permit(:name, :directory, :description, :icon, :id, :template, :group_owner, :setgid)
end
def show_project_params
diff --git a/apps/dashboard/app/helpers/projects_helper.rb b/apps/dashboard/app/helpers/projects_helper.rb
index 73ce821e3..1d9febe19 100644
--- a/apps/dashboard/app/helpers/projects_helper.rb
+++ b/apps/dashboard/app/helpers/projects_helper.rb
@@ -53,4 +53,8 @@ def button_category(status)
status
end
end
+
+ def form_label_tooltip(content)
+ ""
+ end
end
diff --git a/apps/dashboard/app/models/project.rb b/apps/dashboard/app/models/project.rb
index 5a9c50400..28455868d 100644
--- a/apps/dashboard/app/models/project.rb
+++ b/apps/dashboard/app/models/project.rb
@@ -113,7 +113,7 @@ def importable_directories
end
end
- attr_reader :id, :name, :description, :icon, :directory, :template, :files, :group_owner
+ attr_reader :id, :name, :description, :icon, :directory, :template, :files, :group_owner, :setgid
validates :name, presence: { message: :required }, on: [:create, :update]
validates :id, :directory, :icon, presence: { message: :required }, on: [:update]
@@ -131,6 +131,7 @@ def initialize(attributes = {})
@directory = File.expand_path(@directory) unless @directory.blank?
@template = attributes[:template]
@group_owner = attributes[:group_owner] || directory_group_owner
+ @setgid = attributes[:setgid].to_s == '1'
return if new_record?
@@ -351,8 +352,14 @@ def make_dir
end
def update_permission
- project_dataroot.chmod(0750)
- chgrp_directory
+ return false unless chgrp_directory
+
+ root_mode = 0o750
+ unless private? # allow group to edit shared projects
+ root_mode += (setgid ? 0o2020 : 0o020)
+ end
+ project_dataroot.chmod(root_mode)
+ true
rescue StandardError => e
errors.add(:save, "Failed to update permissions of the directory: #{e.message}")
false
diff --git a/apps/dashboard/app/views/projects/_form.html.erb b/apps/dashboard/app/views/projects/_form.html.erb
index 10b5541b1..4884b4827 100644
--- a/apps/dashboard/app/views/projects/_form.html.erb
+++ b/apps/dashboard/app/views/projects/_form.html.erb
@@ -55,18 +55,20 @@
<% unless @project.private? && edit_project_action %>
- <% help_html =
- if edit_project_action
- ''
- else
- ""
- end
- %>
+ <% help_html = edit_project_action ? '' : form_label_tooltip(I18n.t('dashboard.jobs_project_group_help')) %>
<%= form.select(:group_owner,
CurrentUser.group_names,
{ label: "#{I18n.t('dashboard.jobs_project_group_owner')} #{help_html}".html_safe },
{ disabled: edit_project_action })
%>
+ <%= form.form_group(:setgid) do
+ form.check_box(:setgid,
+ checked: edit_project_action ? @project.project_dataroot.setgid? : true,
+ switch: true,
+ label: "Set setgid bit? #{form_label_tooltip(I18n.t('dashboard.jobs_project_setgid_help'))}".html_safe,
+ disabled: edit_project_action)
+ end
+ %>
<% end %>
diff --git a/apps/dashboard/config/locales/en.yml b/apps/dashboard/config/locales/en.yml
index faba1ad42..1ef063f33 100644
--- a/apps/dashboard/config/locales/en.yml
+++ b/apps/dashboard/config/locales/en.yml
@@ -187,6 +187,7 @@ en:
jobs_project_name_validation: Project name may only contain letters, digits, dashes, underscores, and spaces
jobs_project_not_found: Cannot find project %{project_id}
jobs_project_save_error: Cannot save manifest to %{path}
+ jobs_project_setgid_help: Leaving setgid checked ensures project files are created with the selected group. Does not affect projects in your home directory.
jobs_project_validation_error: Invalid Request. Please review the errors below
jobs_select_directory_placeholder: Click on project below to import to your home page (Optional)
jobs_workflows: Workflows