def invalidate_permissions_cache
# Ensure a new group can be accessed by the appropriate users
# immediately after being created.
- User.invalidate_permissions_cache db_current_time.to_i, self.async_permissions_update
+ User.invalidate_permissions_cache self.async_permissions_update
end
def assign_name
true
end
- def self.invalidate_permissions_cache(timestamp=nil, async=false)
- if Rails.configuration.async_permissions_update
- timestamp = DbCurrentTime::db_current_time.to_i if timestamp.nil?
- connection.execute "NOTIFY invalidate_permissions_cache, '#{timestamp}'"
- else
- refresh_permission_view(async)
- end
+ def self.invalidate_permissions_cache(async=false)
+ refresh_permission_view(async)
end
- def invalidate_permissions_cache(timestamp=nil)
+ def invalidate_permissions_cache
User.invalidate_permissions_cache
end
# (included in vendor packages).
package_version: false
- # Enable asynchronous permission graph rebuild. Must run
- # script/permission-updater.rb as a separate process. When the permission
- # cache is invalidated, the background process will update the permission
- # graph cache. This feature is experimental!
- async_permissions_update: false
-
# Default value for container_count_max for container requests. This is the
# number of times Arvados will create a new container to satisfy a container
# request. If a container is cancelled it will retry a new container if
+++ /dev/null
-#!/usr/bin/env ruby
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-ENV["RAILS_ENV"] = ARGV[0] || ENV["RAILS_ENV"] || "development"
-require File.dirname(__FILE__) + '/../config/boot'
-require File.dirname(__FILE__) + '/../config/environment'
-include DbCurrentTime
-
-def update_permissions
- timestamp = DbCurrentTime::db_current_time.to_i
- Rails.logger.info "Begin updating permission cache"
- User.all.each do |u|
- u.calculate_group_permissions
- end
- Rails.cache.write "last_updated_permissions", timestamp
- Rails.logger.info "Permission cache updated"
-end
-
-ActiveRecord::Base.connection_pool.with_connection do |connection|
- conn = connection.instance_variable_get(:@connection)
- begin
- conn.async_exec "LISTEN invalidate_permissions_cache"
-
- # Initial refresh of permissions graph
- update_permissions
-
- while true
- # wait_for_notify will block until there is a change
- # notification from Postgres about the permission cache,
- # and then rebuild the permission cache.
- conn.wait_for_notify do |channel, pid, payload|
- last_updated = Rails.cache.read("last_updated_permissions")
- Rails.logger.info "Got notify #{payload} last update #{last_updated}"
- if last_updated.nil? || last_updated.to_i <= payload.to_i
- update_permissions
- end
- end
- end
- ensure
- # Don't want the connection to still be listening once we return
- # it to the pool - could result in weird behavior for the next
- # thread to check it out.
- conn.async_exec "UNLISTEN *"
- end
-end