[arvados] created: 2.7.0-3-g2e14158bd0

git repository hosting git at public.arvados.org
Fri Oct 13 14:52:53 UTC 2023 

        at  2e14158bd0066efa48cb971cde7f8bf69de44651 (commit)


commit 2e14158bd0066efa48cb971cde7f8bf69de44651
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Thu Oct 12 16:01:29 2023 -0400

    21030: Adds a target_is_user column
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/services/api/db/structure.sql b/services/api/db/structure.sql
index 6e8b128c9e..c1039ce83c 100644
--- a/services/api/db/structure.sql
+++ b/services/api/db/structure.sql
@@ -28,7 +28,7 @@ CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA public;
 -- Name: compute_permission_subgraph(character varying, character varying, integer, character varying); Type: FUNCTION; Schema: public; Owner: -
 --
 
-CREATE FUNCTION public.compute_permission_subgraph(perm_origin_uuid character varying, starting_uuid character varying, starting_perm integer, perm_edge_id character varying) RETURNS TABLE(user_uuid character varying, target_uuid character varying, val integer, traverse_owned boolean)
+CREATE FUNCTION public.compute_permission_subgraph(perm_origin_uuid character varying, starting_uuid character varying, starting_perm integer, perm_edge_id character varying) RETURNS TABLE(user_uuid character varying, target_uuid character varying, val integer, traverse_owned boolean, target_is_user boolean)
     LANGUAGE sql STABLE
     AS $$
 
@@ -62,10 +62,10 @@ with
      permission (permission origin is self).
   */
   perm_from_start(perm_origin_uuid, target_uuid, val, traverse_owned) as (
-    
+
 WITH RECURSIVE
         traverse_graph(origin_uuid, target_uuid, val, traverse_owned, starting_set) as (
-            
+
              values (perm_origin_uuid, starting_uuid, starting_perm,
                     should_traverse_owned(starting_uuid, starting_perm),
                     (perm_origin_uuid = starting_uuid or starting_uuid not like '_____-tpzed-_______________'))
@@ -107,10 +107,10 @@ case (edges.edge_id = perm_edge_id)
        can_manage permission granted by ownership.
   */
   additional_perms(perm_origin_uuid, target_uuid, val, traverse_owned) as (
-    
+
 WITH RECURSIVE
         traverse_graph(origin_uuid, target_uuid, val, traverse_owned, starting_set) as (
-            
+
     select edges.tail_uuid as origin_uuid, edges.head_uuid as target_uuid, edges.val,
            should_traverse_owned(edges.head_uuid, edges.val),
            edges.head_uuid like '_____-j7d0g-_______________'
@@ -174,16 +174,17 @@ case (edges.edge_id = perm_edge_id)
      query also makes sure those permission rows are always
      returned.
   */
-  select v.user_uuid, v.target_uuid, max(v.perm_level), bool_or(v.traverse_owned) from
+  select v.user_uuid, v.target_uuid, max(v.perm_level), bool_or(v.traverse_owned), bool_or(v.target_is_user) from
     (select m.user_uuid,
          u.target_uuid,
          least(u.val, m.perm_level) as perm_level,
-         u.traverse_owned
+         u.traverse_owned,
+         (u.target_uuid like '_____-tpzed-_______________') as target_is_user
       from all_perms as u, materialized_permissions as m
            where u.perm_origin_uuid = m.target_uuid AND m.traverse_owned
-           AND (m.user_uuid = m.target_uuid or m.target_uuid not like '_____-tpzed-_______________')
+           AND (m.user_uuid = m.target_uuid or not m.target_is_user)
     union all
-      select target_uuid as user_uuid, target_uuid, 3, true
+      select target_uuid as user_uuid, target_uuid, 3, true, true
         from all_perms
         where all_perms.target_uuid like '_____-tpzed-_______________') as v
     group by v.user_uuid, v.target_uuid
@@ -1045,7 +1046,8 @@ CREATE TABLE public.materialized_permissions (
     user_uuid character varying,
     target_uuid character varying,
     perm_level integer,
-    traverse_owned boolean
+    traverse_owned boolean,
+    target_is_user boolean
 );
 
 
@@ -2037,6 +2039,13 @@ CREATE INDEX index_collections_on_modified_at_and_uuid ON public.collections USI
 CREATE INDEX index_collections_on_name ON public.collections USING gin (name public.gin_trgm_ops);
 
 
+--
+-- Name: index_collections_on_name_btree; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX index_collections_on_name_btree ON public.collections USING btree (name);
+
+
 --
 -- Name: index_collections_on_owner_uuid; Type: INDEX; Schema: public; Owner: -
 --
@@ -2233,6 +2242,13 @@ CREATE INDEX index_groups_on_modified_at_and_uuid ON public.groups USING btree (
 CREATE INDEX index_groups_on_name ON public.groups USING gin (name public.gin_trgm_ops);
 
 
+--
+-- Name: index_groups_on_name_btree; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX index_groups_on_name_btree ON public.groups USING btree (name);
+
+
 --
 -- Name: index_groups_on_owner_uuid; Type: INDEX; Schema: public; Owner: -
 --
@@ -3293,6 +3309,8 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20230421142716'),
 ('20230503224107'),
 ('20230815160000'),
-('20230821000000');
+('20230821000000'),
+('20230922000000'),
+('20231012000000');
 
 
diff --git a/services/api/lib/20200501150153_permission_table_constants.rb b/services/api/lib/20200501150153_permission_table_constants.rb
index 7ee5039368..689f17cfed 100644
--- a/services/api/lib/20200501150153_permission_table_constants.rb
+++ b/services/api/lib/20200501150153_permission_table_constants.rb
@@ -47,7 +47,8 @@ WITH RECURSIVE
              where traverse_graph.target_uuid = edges.tail_uuid
              and (edges.tail_uuid like '_____-j7d0g-_______________' or
                   traverse_graph.starting_set)))
-        select traverse_graph.origin_uuid, target_uuid, max(val) as val, bool_or(traverse_owned) as traverse_owned from traverse_graph
+        select traverse_graph.origin_uuid, target_uuid, max(val) as val, bool_or(traverse_owned) as traverse_owned,
+               (target_uuid like '_____-tpzed-_______________') as target_is_user from traverse_graph
         group by (traverse_graph.origin_uuid, target_uuid)
 }
 
diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb
index 138d287f7f..272e8bba97 100644
--- a/services/api/lib/update_permissions.rb
+++ b/services/api/lib/update_permissions.rb
@@ -93,8 +93,8 @@ delete_rows as (
   WHERE clause is important to avoid redundantly updating rows
   that haven't actually changed.
 */
-insert into #{PERMISSION_VIEW} (user_uuid, target_uuid, perm_level, traverse_owned)
-  select user_uuid, target_uuid, val as perm_level, traverse_owned from temptable_perms where val>0
+insert into #{PERMISSION_VIEW} (user_uuid, target_uuid, perm_level, traverse_owned, target_is_user)
+  select user_uuid, target_uuid, val as perm_level, traverse_owned, target_is_user from temptable_perms where val>0
 on conflict (user_uuid, target_uuid) do update
 set perm_level=EXCLUDED.perm_level, traverse_owned=EXCLUDED.traverse_owned
 where #{PERMISSION_VIEW}.user_uuid=EXCLUDED.user_uuid and

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list