Merge branch '18511-java-sdk-groups-links' refs #18511

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

diff --git a/doc/install/configure-s3-object-storage.html.textile.liquid b/doc/install/configure-s3-object-storage.html.textile.liquid
index e6b1e095ed8e09b4ee6052196a29b23ec87d7b66..e9866d510344da4e9a58ba7c8a5deee268540da1 100644 (file)
--- a/doc/install/configure-s3-object-storage.html.textile.liquid
+++ b/doc/install/configure-s3-object-storage.html.textile.liquid
@@ -48,7 +48,7 @@ Volumes are configured in the @Volumes@ section of the cluster configuration fil
 
           # Storage provider region. For Google Cloud Storage, use ""
           # or omit.
-          Region: <span class="userinput">us-east-1a</span>
+          Region: <span class="userinput">us-east-1</span>
 
           # Storage provider endpoint. For Amazon S3, use "" or
           # omit. For Google Cloud Storage, use

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 310191517552e3fab0e15408decde47d54f5e727..a84dc5d31673b58b152645f3b73f3efa514ea767 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -1362,7 +1362,7 @@ Clusters:
           AccessKeyID: aaaaa
           SecretAccessKey: aaaaa
           Endpoint: ""
-          Region: us-east-1a
+          Region: us-east-1
           Bucket: aaaaa
           LocationConstraint: false
           V2Signature: false

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 0532d83bb3749245495126e0a3333702a6d19f9c..567ac30a9b7d855cfabdc10374dcf55b8f9694c7 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -1368,7 +1368,7 @@ Clusters:
           AccessKeyID: aaaaa
           SecretAccessKey: aaaaa
           Endpoint: ""
-          Region: us-east-1a
+          Region: us-east-1
           Bucket: aaaaa
           LocationConstraint: false
           V2Signature: false

diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb
index 23e60c8ed94733db647e3aafd911bbd272407646..b7e5476404869f6a89603302eafe828397acd1c5 100644 (file)
--- a/services/api/lib/update_permissions.rb
+++ b/services/api/lib/update_permissions.rb
@@ -118,6 +118,10 @@ as select * from compute_permission_subgraph($1, $2, $3, $4)
 
     ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to true;"
 
+    # Now that we have recomputed a set of permissions, delete any
+    # rows from the materialized_permissions table where (target_uuid,
+    # user_uuid) is not present or has perm_level=0 in the recomputed
+    # set.
     ActiveRecord::Base.connection.exec_delete %{
 delete from #{PERMISSION_VIEW} where
   target_uuid in (select target_uuid from #{temptable_perms}) and
@@ -128,10 +132,18 @@ delete from #{PERMISSION_VIEW} where
 },
                                               "update_permissions.delete"
 
+    # Now insert-or-update permissions in the recomputed set.  The
+    # WHERE clause is important to avoid redundantly updating rows
+    # that haven't actually changed.
     ActiveRecord::Base.connection.exec_query %{
 insert into #{PERMISSION_VIEW} (user_uuid, target_uuid, perm_level, traverse_owned)
   select user_uuid, target_uuid, val as perm_level, traverse_owned from #{temptable_perms} where val>0
-on conflict (user_uuid, target_uuid) do update set perm_level=EXCLUDED.perm_level, traverse_owned=EXCLUDED.traverse_owned;
+on conflict (user_uuid, target_uuid) do update
+set perm_level=EXCLUDED.perm_level, traverse_owned=EXCLUDED.traverse_owned
+where #{PERMISSION_VIEW}.user_uuid=EXCLUDED.user_uuid and
+      #{PERMISSION_VIEW}.target_uuid=EXCLUDED.target_uuid and
+       (#{PERMISSION_VIEW}.perm_level != EXCLUDED.perm_level or
+        #{PERMISSION_VIEW}.traverse_owned != EXCLUDED.traverse_owned);
 },
                                              "update_permissions.insert"