projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: b879b9c) | patch
16007: Special handing for users with permissions on other users
authorPeter Amstutz <peter.amstutz@curii.com>
Thu, 4 Jun 2020 20:58:18 +0000 (16:58 -0400)
committerPeter Amstutz <peter.amstutz@curii.com>
Fri, 5 Jun 2020 15:03:00 +0000 (11:03 -0400)
commita3aee2781cfcd006fa1b7ce3cfeeb1dd2d53c270
tree7bd1e982d71a7d3a6e50c414d1cedd0d5259ab81tree | snapshot
parentb879b9cd18ddba6ba87b65f81eba676114478a06commit | diff
16007: Special handing for users with permissions on other users

Revise & simplify permission traversal.  Don't traverse users except
when starting from the user (origin_uuid = starting_uuid).

This avoids disasterous queries where we re-traverse other users "just
in case" and end up recomputing the whole database.  As a tradeoff,
our epic readable_by query gets a touch more epic, as it now has to go
to the permissions table to check if there are other user permissions
the current user also is allowed to use.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
services/api/app/models/arvados_model.rb diff | blob | history
services/api/app/models/user.rb diff | blob | history
services/api/db/migrate/20200501150153_permission_table.rb diff | blob | history
services/api/db/structure.sql diff | blob | history
services/api/lib/update_permissions.rb diff | blob | history
services/api/test/unit/permission_test.rb diff | blob | history
services/api/test/unit/user_test.rb diff | blob | history