def update_permissions
- puts "Update permissions for #{uuid}"
- User.printdump %{
-select * from materialized_permissions where user_uuid='#{uuid}'
-}
- puts "---"
+# puts "Update permissions for #{uuid}"
+# User.printdump %{
+# select * from materialized_permissions where user_uuid='#{uuid}'
+# }
+# puts "---"
User.update_permissions self.owner_uuid, self.uuid, 3
- puts "post-update"
- User.printdump %{
-select * from materialized_permissions where user_uuid='#{uuid}'
-}
- puts "<<<"
+# puts "post-update"
+# User.printdump %{
+# select * from materialized_permissions where user_uuid='#{uuid}'
+# }
+# puts "<<<"
end
def self.printdump qr
# 4. Upsert each permission in our subset (user, group, val)
## testinging
- puts "__ update_permissions __"
- puts "What's in there now for #{starting_uuid}"
- printdump %{
-select * from materialized_permissions where user_uuid='#{starting_uuid}'
-}
+# puts "__ update_permissions __"
+# puts "What's in there now for #{starting_uuid}"
+# printdump %{
+# select * from materialized_permissions where user_uuid='#{starting_uuid}'
+# }
- puts "search_permission_graph #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
- printdump %{
-select '#{perm_origin_uuid}'::varchar as perm_origin_uuid, target_uuid, val, traverse_owned from search_permission_graph('#{starting_uuid}', #{perm_level})
-}
+# puts "search_permission_graph #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
+# printdump %{
+# select '#{perm_origin_uuid}'::varchar as perm_origin_uuid, target_uuid, val, traverse_owned from search_permission_graph('#{starting_uuid}', #{perm_level})
+# }
+
+# puts "other_links #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
+# printdump %{
+# with
+# perm_from_start(perm_origin_uuid, target_uuid, val, traverse_owned) as (
+# select '#{perm_origin_uuid}'::varchar, target_uuid, val, traverse_owned
+# from search_permission_graph('#{starting_uuid}'::varchar, #{perm_level}))
+
+# select links.tail_uuid as perm_origin_uuid, links.head_uuid, links.name
+# from links
+# where links.link_class='permission' and
+# links.tail_uuid not in (select target_uuid from perm_from_start where traverse_owned) and
+# links.tail_uuid != '#{perm_origin_uuid}' and
+# links.head_uuid in (select target_uuid from perm_from_start)
+# }
+
+# puts "additional_perms #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
+# printdump %{
+# with
+# perm_from_start(perm_origin_uuid, target_uuid, val, traverse_owned) as (
+# select '#{perm_origin_uuid}'::varchar, target_uuid, val, traverse_owned
+# from search_permission_graph('#{starting_uuid}'::varchar, #{perm_level}))
+
+# select links.tail_uuid as perm_origin_uuid, ps.target_uuid, ps.val, true
+# from links, lateral search_permission_graph(links.head_uuid,
+# CASE
+# WHEN links.name = 'can_read' THEN 1
+# WHEN links.name = 'can_login' THEN 1
+# WHEN links.name = 'can_write' THEN 2
+# WHEN links.name = 'can_manage' THEN 3
+# END) as ps
+# where links.link_class='permission' and
+# links.tail_uuid not in (select target_uuid from perm_from_start where traverse_owned) and
+# links.tail_uuid != '#{perm_origin_uuid}' and
+# links.head_uuid in (select target_uuid from perm_from_start)
+# }
# puts "Perms out"
# printdump %{
[nil, starting_uuid],
[nil, perm_level]]
- q1 = ActiveRecord::Base.connection.exec_query %{
-select * from #{temptable_perms}
-}
- puts "recomputed perms was #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
- q1.each do |r|
- puts r
- end
- puts "<<<<"
+# q1 = ActiveRecord::Base.connection.exec_query %{
+# select * from #{temptable_perms} order by user_uuid, target_uuid
+# }
+# puts "recomputed perms was #{perm_origin_uuid} #{starting_uuid}, #{perm_level}"
+# q1.each do |r|
+# puts r
+# end
+# puts "<<<<"
ActiveRecord::Base.connection.exec_query %{
delete from materialized_permissions where
select perm_origin_uuid, target_uuid, val, traverse_owned
from search_permission_graph(starting_uuid, starting_perm)),
- additional_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
+ link_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
select links.tail_uuid as perm_origin_uuid, ps.target_uuid, ps.val, true
from links, lateral search_permission_graph(links.head_uuid,
CASE
WHEN links.name = 'can_manage' THEN 3
END) as ps
where links.link_class='permission' and
- links.tail_uuid not in (select target_uuid from perm_from_start) and
+ (not (links.tail_uuid = perm_origin_uuid and links.head_uuid = starting_uuid)) and
+ links.tail_uuid not in (select target_uuid from perm_from_start where traverse_owned) and
links.head_uuid in (select target_uuid from perm_from_start)),
- identity_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
- select target_uuid as perm_origin_uuid, target_uuid, 3, true
- from perm_from_start where target_uuid like '_____-tpzed-_______________'),
+ user_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
+ select x.target_uuid as perm_origin_uuid, y.target_uuid, y.val, y.traverse_owned
+ from (select * from perm_from_start union select * from link_perms) as x,
+ lateral search_permission_graph(x.target_uuid, 3) as y
+ where x.target_uuid like '_____-tpzed-_______________'
+ ),
all_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
select * from perm_from_start
union
- select * from additional_perms
+ select * from link_perms
union
- select * from identity_perms
+ select * from user_perms
)
- select materialized_permissions.user_uuid,
+ select v.user_uuid, v.target_uuid, max(v.perm_level), bool_or(v.traverse_owned) from
+ (select materialized_permissions.user_uuid,
u.target_uuid,
- max(least(u.val, materialized_permissions.perm_level)),
- bool_or(u.traverse_owned)
- from all_perms as u
- join materialized_permissions on (u.perm_origin_uuid = materialized_permissions.target_uuid)
- where materialized_permissions.traverse_owned
- group by user_uuid, u.target_uuid
+ least(u.val, materialized_permissions.perm_level) as perm_level,
+ u.traverse_owned
+ from all_perms as u
+ join materialized_permissions on (u.perm_origin_uuid = materialized_permissions.target_uuid)
+ where materialized_permissions.traverse_owned
+ union
+ select perm_origin_uuid as user_uuid, target_uuid, val as perm_level, traverse_owned
+ from all_perms
+ where perm_origin_uuid like '_____-tpzed-_______________') as v
+ group by v.user_uuid, v.target_uuid
$$;
}
projects / arvados.git / commitdiff