18490: Add comments.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb
index f782ac5cdda94fdf7219a7e22250c3d0aa952e28..b7e5476404869f6a89603302eafe828397acd1c5 100644 (file)
--- a/services/api/lib/update_permissions.rb
+++ b/services/api/lib/update_permissions.rb
@@ -118,6 +118,10 @@ as select * from compute_permission_subgraph($1, $2, $3, $4)
 
     ActiveRecord::Base.connection.exec_query "SET LOCAL enable_mergejoin to true;"
 
+    # Now that we have recomputed a set of permissions, delete any
+    # rows from the materialized_permissions table where (target_uuid,
+    # user_uuid) is not present or has perm_level=0 in the recomputed
+    # set.
     ActiveRecord::Base.connection.exec_delete %{
 delete from #{PERMISSION_VIEW} where
   target_uuid in (select target_uuid from #{temptable_perms}) and
@@ -128,6 +132,9 @@ delete from #{PERMISSION_VIEW} where
 },
                                               "update_permissions.delete"
 
+    # Now insert-or-update permissions in the recomputed set.  The
+    # WHERE clause is important to avoid redundantly updating rows
+    # that haven't actually changed.
     ActiveRecord::Base.connection.exec_query %{
 insert into #{PERMISSION_VIEW} (user_uuid, target_uuid, perm_level, traverse_owned)
   select user_uuid, target_uuid, val as perm_level, traverse_owned from #{temptable_perms} where val>0