#
# SPDX-License-Identifier: AGPL-3.0
-PERMISSION_VIEW = "materialized_permissions"
-TRASHED_GROUPS = "trashed_groups"
+require '20200501150153_permission_table_constants'
-def refresh_permissions
- ActiveRecord::Base.transaction do
- ActiveRecord::Base.connection.execute("LOCK TABLE #{PERMISSION_VIEW}")
- ActiveRecord::Base.connection.execute("DELETE FROM #{PERMISSION_VIEW}")
-
- ActiveRecord::Base.connection.execute %{
-INSERT INTO materialized_permissions
- #{PERM_QUERY_TEMPLATE % {:base_case => %{
- select uuid, uuid, 3, true, true from users
-},
-:override => ''
-} }
-}, "refresh_permission_view.do"
- end
-end
+REVOKE_PERM = 0
+CAN_MANAGE_PERM = 3
-def refresh_trashed
- ActiveRecord::Base.transaction do
- ActiveRecord::Base.connection.execute("LOCK TABLE #{TRASHED_GROUPS}")
- ActiveRecord::Base.connection.execute("DELETE FROM #{TRASHED_GROUPS}")
- ActiveRecord::Base.connection.execute("INSERT INTO #{TRASHED_GROUPS} select * from compute_trashed()")
- end
-end
+def update_permissions perm_origin_uuid, starting_uuid, perm_level, edge_id=nil
+ return if Thread.current[:suppress_update_permissions]
-def update_permissions perm_origin_uuid, starting_uuid, perm_level
#
# Update a subset of the permission table affected by adding or
# removing a particular permission relationship (ownership or a
# see db/migrate/20200501150153_permission_table.rb for details on
# how the permissions are computed.
+ if edge_id.nil?
+ # For changes of ownership, edge_id is starting_uuid. In turns
+ # out most invocations of update_permissions are for changes of
+ # ownership, so make this parameter optional to reduce
+ # clutter.
+ # For permission links, the uuid of the link object will be passed in for edge_id.
+ edge_id = starting_uuid
+ end
+
ActiveRecord::Base.transaction do
- # "Conflicts with the ROW EXCLUSIVE, SHARE UPDATE EXCLUSIVE, SHARE
- # ROW EXCLUSIVE, EXCLUSIVE, and ACCESS EXCLUSIVE lock modes. This
- # mode protects a table against concurrent data changes."
- ActiveRecord::Base.connection.execute "LOCK TABLE #{PERMISSION_VIEW} in SHARE MODE"
+ # "Conflicts with the ROW SHARE, ROW EXCLUSIVE, SHARE UPDATE
+ # EXCLUSIVE, SHARE, SHARE ROW EXCLUSIVE, EXCLUSIVE, and ACCESS
+ # EXCLUSIVE lock modes. This mode allows only concurrent ACCESS
+ # SHARE locks, i.e., only reads from the table can proceed in
+ # parallel with a transaction holding this lock mode."
+ ActiveRecord::Base.connection.execute "LOCK TABLE #{PERMISSION_VIEW} in EXCLUSIVE MODE"
# Workaround for
# BUG #15160: planner overestimates number of rows in join when there are more than 200 rows coming from CTE
temptable_perms = "temp_perms_#{rand(2**64).to_s(10)}"
ActiveRecord::Base.connection.exec_query %{
create temporary table #{temptable_perms} on commit drop
-as select * from compute_permission_subgraph($1, $2, $3)
+as select * from compute_permission_subgraph($1, $2, $3, $4)
},
'update_permissions.select',
[[nil, perm_origin_uuid],
[nil, starting_uuid],
- [nil, perm_level]]
+ [nil, perm_level],
+ [nil, edge_id]]
ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to true;"
def check_permissions_against_full_refresh
# No-op except when running tests
- return unless Rails.env == 'test' and !Thread.current[:no_check_permissions_against_full_refresh]
+ return unless Rails.env == 'test' and !Thread.current[:no_check_permissions_against_full_refresh] and !Thread.current[:suppress_update_permissions]
# For checking correctness of the incremental permission updates.
# Check contents of the current 'materialized_permission' table
#{PERM_QUERY_TEMPLATE % {:base_case => %{
select uuid, uuid, 3, true, true from users
},
-:override => ''
+:edge_perm => 'edges.val'
} }) as pq order by origin_uuid, target_uuid
}, "check_permissions_against_full_refresh.full_recompute"
end
end
-PERM_QUERY_TEMPLATE = %{
-WITH RECURSIVE
- traverse_graph(origin_uuid, target_uuid, val, traverse_owned, starting_set) as (
- %{base_case}
- union
- (select traverse_graph.origin_uuid,
- edges.head_uuid,
- least(edges.val,
- traverse_graph.val
- %{override}),
- should_traverse_owned(edges.head_uuid, edges.val),
- false
- from permission_graph_edges as edges, traverse_graph
- where traverse_graph.target_uuid = edges.tail_uuid
- and (edges.tail_uuid like '_____-j7d0g-_______________' or
- traverse_graph.starting_set)))
- select traverse_graph.origin_uuid, target_uuid, max(val) as val, bool_or(traverse_owned) as traverse_owned from traverse_graph
- group by (traverse_graph.origin_uuid, target_uuid)
+def batch_update_permissions
+ check_perm_was = Thread.current[:suppress_update_permissions]
+ Thread.current[:suppress_update_permissions] = true
+ begin
+ yield
+ ensure
+ Thread.current[:suppress_update_permissions] = check_perm_was
+ refresh_permissions
+ end
+end
+
+# Used to account for permissions that a user gains by having
+# can_manage on another user.
+#
+# note: in theory a user could have can_manage access to a user
+# through multiple levels, that isn't handled here (would require a
+# recursive query). I think that's okay because users getting
+# transitive access through "can_manage" on a user is is rarely/never
+# used feature and something we probably want to deprecate and remove.
+USER_UUIDS_SUBQUERY_TEMPLATE = %{
+select target_uuid from materialized_permissions where user_uuid in (%{user})
+and target_uuid like '_____-tpzed-_______________' and traverse_owned=true and perm_level >= %{perm_level}
}