X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a3aee2781cfcd006fa1b7ce3cfeeb1dd2d53c270..3f5b1be0f705c8f1491fdca5e3b57982d97378fd:/services/api/lib/update_permissions.rb diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb index 33a8d97365..7b1b900cac 100644 --- a/services/api/lib/update_permissions.rb +++ b/services/api/lib/update_permissions.rb @@ -2,34 +2,14 @@ # # SPDX-License-Identifier: AGPL-3.0 -PERMISSION_VIEW = "materialized_permissions" -TRASHED_GROUPS = "trashed_groups" +require '20200501150153_permission_table_constants' -def refresh_permissions - ActiveRecord::Base.transaction do - ActiveRecord::Base.connection.execute("LOCK TABLE #{PERMISSION_VIEW}") - ActiveRecord::Base.connection.execute("DELETE FROM #{PERMISSION_VIEW}") - - ActiveRecord::Base.connection.execute %{ -INSERT INTO materialized_permissions - #{PERM_QUERY_TEMPLATE % {:base_case => %{ - select uuid, uuid, 3, true, true from users -}, -:override => '' -} } -}, "refresh_permission_view.do" - end -end +REVOKE_PERM = 0 +CAN_MANAGE_PERM = 3 -def refresh_trashed - ActiveRecord::Base.transaction do - ActiveRecord::Base.connection.execute("LOCK TABLE #{TRASHED_GROUPS}") - ActiveRecord::Base.connection.execute("DELETE FROM #{TRASHED_GROUPS}") - ActiveRecord::Base.connection.execute("INSERT INTO #{TRASHED_GROUPS} select * from compute_trashed()") - end -end +def update_permissions perm_origin_uuid, starting_uuid, perm_level, edge_id=nil + return if Thread.current[:suppress_update_permissions] -def update_permissions perm_origin_uuid, starting_uuid, perm_level # # Update a subset of the permission table affected by adding or # removing a particular permission relationship (ownership or a @@ -71,6 +51,15 @@ def update_permissions perm_origin_uuid, starting_uuid, perm_level # see db/migrate/20200501150153_permission_table.rb for details on # how the permissions are computed. + if edge_id.nil? + # For changes of ownership, edge_id is starting_uuid. In turns + # out most invocations of update_permissions are for changes of + # ownership, so make this parameter optional to reduce + # clutter. + # For permission links, the uuid of the link object will be passed in for edge_id. + edge_id = starting_uuid + end + ActiveRecord::Base.transaction do # "Conflicts with the ROW EXCLUSIVE, SHARE UPDATE EXCLUSIVE, SHARE @@ -117,12 +106,13 @@ def update_permissions perm_origin_uuid, starting_uuid, perm_level temptable_perms = "temp_perms_#{rand(2**64).to_s(10)}" ActiveRecord::Base.connection.exec_query %{ create temporary table #{temptable_perms} on commit drop -as select * from compute_permission_subgraph($1, $2, $3) +as select * from compute_permission_subgraph($1, $2, $3, $4) }, 'update_permissions.select', [[nil, perm_origin_uuid], [nil, starting_uuid], - [nil, perm_level]] + [nil, perm_level], + [nil, edge_id]] ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to true;" @@ -152,7 +142,7 @@ end def check_permissions_against_full_refresh # No-op except when running tests - return unless Rails.env == 'test' and !Thread.current[:no_check_permissions_against_full_refresh] + return unless Rails.env == 'test' and !Thread.current[:no_check_permissions_against_full_refresh] and !Thread.current[:suppress_update_permissions] # For checking correctness of the incremental permission updates. # Check contents of the current 'materialized_permission' table @@ -168,7 +158,7 @@ order by user_uuid, target_uuid #{PERM_QUERY_TEMPLATE % {:base_case => %{ select uuid, uuid, 3, true, true from users }, -:override => '' +:edge_perm => 'edges.val' } }) as pq order by origin_uuid, target_uuid }, "check_permissions_against_full_refresh.full_recompute" @@ -203,22 +193,26 @@ def skip_check_permissions_against_full_refresh end end -PERM_QUERY_TEMPLATE = %{ -WITH RECURSIVE - traverse_graph(origin_uuid, target_uuid, val, traverse_owned, starting_set) as ( - %{base_case} - union - (select traverse_graph.origin_uuid, - edges.head_uuid, - least(edges.val, - traverse_graph.val - %{override}), - should_traverse_owned(edges.head_uuid, edges.val), - false - from permission_graph_edges as edges, traverse_graph - where traverse_graph.target_uuid = edges.tail_uuid - and (edges.tail_uuid like '_____-j7d0g-_______________' or - traverse_graph.starting_set))) - select traverse_graph.origin_uuid, target_uuid, max(val) as val, bool_or(traverse_owned) as traverse_owned from traverse_graph - group by (traverse_graph.origin_uuid, target_uuid) +def batch_update_permissions + check_perm_was = Thread.current[:suppress_update_permissions] + Thread.current[:suppress_update_permissions] = true + begin + yield + ensure + Thread.current[:suppress_update_permissions] = check_perm_was + refresh_permissions + end +end + +# Used to account for permissions that a user gains by having +# can_manage on another user. +# +# note: in theory a user could have can_manage access to a user +# through multiple levels, that isn't handled here (would require a +# recursive query). I think that's okay because users getting +# transitive access through "can_manage" on a user is is rarely/never +# used feature and something we probably want to deprecate and remove. +USER_UUIDS_SUBQUERY_TEMPLATE = %{ +select target_uuid from materialized_permissions where user_uuid in (%{user}) +and target_uuid like '_____-tpzed-_______________' and traverse_owned=true and perm_level >= %{perm_level} }