1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 PERMISSION_VIEW = "materialized_permissions"
6 TRASHED_GROUPS = "trashed_groups"
8 def refresh_permission_view
9 ActiveRecord::Base.transaction do
10 ActiveRecord::Base.connection.execute("LOCK TABLE #{PERMISSION_VIEW}")
11 ActiveRecord::Base.connection.execute("DELETE FROM #{PERMISSION_VIEW}")
12 ActiveRecord::Base.connection.execute %{
13 INSERT INTO #{PERMISSION_VIEW}
14 select users.uuid, g.target_uuid, g.val, g.traverse_owned
15 from users, lateral search_permission_graph(users.uuid, 3) as g where g.val > 0
17 "refresh_permission_view.do"
22 ActiveRecord::Base.transaction do
23 ActiveRecord::Base.connection.execute("LOCK TABLE #{TRASHED_GROUPS}")
24 ActiveRecord::Base.connection.execute("DELETE FROM #{TRASHED_GROUPS}")
25 ActiveRecord::Base.connection.execute("INSERT INTO #{TRASHED_GROUPS} select * from compute_trashed()")
29 def update_permissions perm_origin_uuid, starting_uuid, perm_level, check=false
31 # Update a subset of the permission table affected by adding or
32 # removing a particular permission relationship (ownership or a
35 # perm_origin_uuid: This is the object that 'gets' the permission.
36 # It is the owner_uuid or tail_uuid.
38 # starting_uuid: The object we are computing permission for (or head_uuid)
40 # perm_level: The level of permission that perm_origin_uuid gets for starting_uuid.
42 # perm_level is a number from 0-3
46 # or call with perm_level=0 to revoke permissions
48 # check: for testing/debugging only, compare the result of the
49 # incremental update against a full table recompute. Throws an
50 # error if the contents are not identical (ie they produce different
55 # Give a change in a specific permission relationship, we recompute
56 # the set of permissions (for all users) that could possibly be
57 # affected by that relationship. For example, if a project is
58 # shared with another user, we recompute all permissions for all
59 # projects in the hierarchy. This returns a set of updated
60 # permissions, which we stash in a temporary table.
62 # Then, for each user_uuid/target_uuid in the updated permissions
63 # result set we insert/update a permission row in
64 # materialized_permissions, and delete any rows that exist in
65 # materialized_permissions that are not in the result set or have
68 # see db/migrate/20200501150153_permission_table.rb for details on
69 # how the permissions are computed.
71 # "Conflicts with the ROW EXCLUSIVE, SHARE UPDATE EXCLUSIVE, SHARE
72 # ROW EXCLUSIVE, EXCLUSIVE, and ACCESS EXCLUSIVE lock modes. This
73 # mode protects a table against concurrent data changes."
74 ActiveRecord::Base.connection.execute "LOCK TABLE #{PERMISSION_VIEW} in SHARE MODE"
77 # BUG #15160: planner overestimates number of rows in join when there are more than 200 rows coming from CTE
78 # https://www.postgresql.org/message-id/152395805004.19366.3107109716821067806@wrigleys.postgresql.org
80 # For a crucial join in the compute_permission_subgraph() query, the
81 # planner mis-estimates the number of rows in a Common Table
82 # Expression (CTE, this is a subquery in a WITH clause) and as a
83 # result it chooses the wrong join order. The join starts with the
84 # permissions table because it mistakenly thinks
85 # count(materalized_permissions) < count(new computed permissions)
86 # when actually it is the other way around.
88 # Because of the incorrect join order, it choose the wrong join
89 # strategy (merge join, which works best when two tables are roughly
90 # the same size). As a workaround, we can tell it not to use that
91 # join strategy, this causes it to pick hash join instead, which
92 # turns out to be a bit better. However, because the join order is
93 # still wrong, we don't get the full benefit of the index.
95 # This is very unfortunate because it makes the query performance
96 # dependent on the size of the materalized_permissions table, when
97 # the goal of this design was to make permission updates scale-free
98 # and only depend on the number of permissions affected and not the
99 # total table size. In several hours of researching I wasn't able
100 # to find a way to force the correct join order, so I'm calling it
101 # here and I have to move on.
103 # This is apparently addressed in Postgres 12, but I developed &
104 # tested this on Postgres 9.6, so in the future we should reevaluate
105 # the performance & query plan on Postgres 12.
107 # https://git.furworks.de/opensourcemirror/postgresql/commit/a314c34079cf06d05265623dd7c056f8fa9d577f
109 # Disable merge join for just this query (also local for this transaction), then reenable it.
110 ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to false;"
112 temptable_perms = "temp_perms_#{rand(2**64).to_s(10)}"
113 ActiveRecord::Base.connection.exec_query %{
114 create temporary table #{temptable_perms} on commit drop
115 as select * from compute_permission_subgraph($1, $2, $3)
117 'update_permissions.select',
118 [[nil, perm_origin_uuid],
119 [nil, starting_uuid],
122 ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to true;"
124 ActiveRecord::Base.connection.exec_delete %{
125 delete from #{PERMISSION_VIEW} where
126 target_uuid in (select target_uuid from #{temptable_perms}) and
127 not exists (select 1 from #{temptable_perms}
128 where target_uuid=#{PERMISSION_VIEW}.target_uuid and
129 user_uuid=#{PERMISSION_VIEW}.user_uuid and
132 "update_permissions.delete"
134 ActiveRecord::Base.connection.exec_query %{
135 insert into #{PERMISSION_VIEW} (user_uuid, target_uuid, perm_level, traverse_owned)
136 select user_uuid, target_uuid, val as perm_level, traverse_owned from #{temptable_perms} where val>0
137 on conflict (user_uuid, target_uuid) do update set perm_level=EXCLUDED.perm_level, traverse_owned=EXCLUDED.traverse_owned;
139 "update_permissions.insert"
141 if check and perm_level>0
142 check_permissions_against_full_refresh
147 def check_permissions_against_full_refresh
149 # For debugging, this checks contents of the
150 # incrementally-updated 'materialized_permission' against a
151 # from-scratch permission refresh.
154 q1 = ActiveRecord::Base.connection.exec_query %{
155 select user_uuid, target_uuid, perm_level, traverse_owned from #{PERMISSION_VIEW}
156 order by user_uuid, target_uuid
157 }, "check_permissions_against_full_refresh.permission_table"
159 q2 = ActiveRecord::Base.connection.exec_query %{
160 select users.uuid as user_uuid, g.target_uuid, g.val as perm_level, g.traverse_owned
161 from users, lateral search_permission_graph(users.uuid, 3) as g where g.val > 0
162 order by users.uuid, target_uuid
163 }, "check_permissions_against_full_refresh.full_recompute"
165 if q1.count != q2.count
166 puts "Didn't match incremental+: #{q1.count} != full refresh-: #{q2.count}"
169 if q1.count > q2.count
170 q1.each_with_index do |r, i|
172 puts "+#{r}\n-#{q2[i]}"
177 q2.each_with_index do |r, i|
179 puts "+#{q1[i]}\n-#{r}"