diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-17 15:09:14 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-17 15:09:14 +0300 |
commit | 14c3ebc6364f7d5eb31cbf2e66a79ec574e88b70 (patch) | |
tree | b05db97dc0a40721e3f99b70454d309197615428 /lib | |
parent | db1b40c0ae61a0b647c114b22c990419de05de7a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/cleanup/personal_access_tokens.rb | 15 | ||||
-rw-r--r-- | lib/gitlab/hook_data/project_builder.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/project_authorizations.rb | 68 | ||||
-rw-r--r-- | lib/tasks/gitlab/seed/group_seed.rake | 2 |
4 files changed, 15 insertions, 74 deletions
diff --git a/lib/gitlab/cleanup/personal_access_tokens.rb b/lib/gitlab/cleanup/personal_access_tokens.rb index a1e4b5765c2..fbc8c24f3cc 100644 --- a/lib/gitlab/cleanup/personal_access_tokens.rb +++ b/lib/gitlab/cleanup/personal_access_tokens.rb @@ -56,13 +56,15 @@ module Gitlab .active .owner_is_human .created_before(cut_off_date) - .for_users(group.users) + .for_users(group.group_members.select(:user_id)) + .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/436661") else PersonalAccessToken .active .owner_is_human .last_used_before_or_unused(cut_off_date) - .for_users(group.users) + .for_users(group.group_members.select(:user_id)) + .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/436661") end end @@ -72,9 +74,12 @@ module Gitlab # updated attrs = access_tokens.as_json(only: [:id, :user_id]) - # Use `update_all` to bypass any validations which might - # prevent revocation. Manually specify updated_at. - affected_row_count = dry_run ? 0 : access_tokens.update_all(revoked: true, updated_at: @revocation_time) + cross_joins_issue = "https://gitlab.com/gitlab-org/gitlab/-/issues/436661" + affected_row_count = ::Gitlab::Database.allow_cross_joins_across_databases(url: cross_joins_issue) do + # Use `update_all` to bypass any validations which might + # prevent revocation. Manually specify updated_at. + dry_run ? 0 : access_tokens.update_all(revoked: true, updated_at: @revocation_time) + end message = { dry_run: dry_run, diff --git a/lib/gitlab/hook_data/project_builder.rb b/lib/gitlab/hook_data/project_builder.rb index 1f7459e57af..6e24f99a498 100644 --- a/lib/gitlab/hook_data/project_builder.rb +++ b/lib/gitlab/hook_data/project_builder.rb @@ -54,10 +54,10 @@ module Gitlab # Can be consolidate again once https://gitlab.com/gitlab-org/gitlab/-/issues/432606 is addressed if project.group project.group.all_owner_members.select(:id, :user_id) - .preload_user.find_each.map { |member| owner_data(member.user) if member.user } + .preload_users.find_each.map { |member| owner_data(member.user) if member.user } else data = [] - project.project_authorizations.owners.preload_user.each_batch(column: :user_id) do |relation| + project.project_authorizations.owners.preload_users.each_batch(column: :user_id) do |relation| data.concat(relation.map { |member| owner_data(member.user) }) end data |= Array.wrap(owner_data(project.owner)) if project.owner diff --git a/lib/gitlab/project_authorizations.rb b/lib/gitlab/project_authorizations.rb index 0fcb8321dae..a3a14439b74 100644 --- a/lib/gitlab/project_authorizations.rb +++ b/lib/gitlab/project_authorizations.rb @@ -12,46 +12,6 @@ module Gitlab end def calculate - if Feature.enabled?(:compare_project_authorization_linear_cte, user) - linear_relation = calculate_with_linear_query - recursive_relation = calculate_with_recursive_query - recursive_set = Set.new(recursive_relation.to_a.pluck(:project_id, :access_level)) - linear_set = Set.new(linear_relation.to_a.pluck(:project_id, :access_level)) - if linear_set == recursive_set - Gitlab::AppJsonLogger.info(event: 'linear_authorized_projects_check', - user_id: user.id, - matching_results: true) - return calculate_with_linear_query - else - Gitlab::AppJsonLogger.warn(event: 'linear_authorized_projects_check', - user_id: user.id, - matching_results: false) - end - end - - Gitlab::AppJsonLogger.info(event: 'linear_authorized_projects_check_with_flag', - feature_flag_status: Feature.enabled?(:linear_project_authorization, user)) - - if Feature.enabled?(:linear_project_authorization, user) - calculate_with_linear_query - else - calculate_with_recursive_query - end - end - - private - - def calculate_with_linear_query - cte = linear_cte - cte_alias = cte.table.alias(Group.table_name) - - ProjectAuthorization - .unscoped - .with(cte.to_arel) - .select_from_union(relations(cte_alias: cte_alias)) - end - - def calculate_with_recursive_query cte = recursive_cte cte_alias = cte.table.alias(Group.table_name) @@ -62,6 +22,8 @@ module Gitlab .select_from_union(relations(cte_alias: cte_alias)) end + private + # Builds a recursive CTE that gets all the groups the current user has # access to, including any nested groups and any shared groups. def recursive_cte @@ -97,32 +59,6 @@ module Gitlab cte end - def linear_cte - # Groups shared with user and their parent groups - shared_groups = Group - .select("namespaces.id, MAX(LEAST(members.access_level, group_group_links.group_access)) as access_level") - .joins("INNER JOIN group_group_links ON group_group_links.shared_group_id = namespaces.id - OR namespaces.traversal_ids @> ARRAY[group_group_links.shared_group_id::int]") - .joins("INNER JOIN members ON group_group_links.shared_with_group_id = members.source_id") - .merge(user.group_members) - .merge(GroupMember.active_state) - .group("namespaces.id") - - # Groups the user is a member of and their parent groups. - lateral_query = Group.as_ids.where("namespaces.traversal_ids @> ARRAY [members.source_id]") - member_groups_with_ancestors = GroupMember.select("namespaces.id, MAX(members.access_level) as access_level") - .joins("CROSS JOIN LATERAL (#{lateral_query.to_sql}) as namespaces") - .group("namespaces.id") - .merge(user.group_members) - .merge(GroupMember.active_state) - - union = Namespace - .select("namespaces.id, access_level") - .from_union([shared_groups, member_groups_with_ancestors]) - - Gitlab::SQL::CTE.new(:linear_namespaces_cte, union) - end - # Builds a LEFT JOIN to join optional memberships onto the CTE. def join_members_on_namespaces members = Member.arel_table diff --git a/lib/tasks/gitlab/seed/group_seed.rake b/lib/tasks/gitlab/seed/group_seed.rake index cc9180d56a3..c9b901b92c5 100644 --- a/lib/tasks/gitlab/seed/group_seed.rake +++ b/lib/tasks/gitlab/seed/group_seed.rake @@ -147,7 +147,7 @@ class GroupSeeder epic_params = { title: FFaker::Lorem.sentence(6), description: FFaker::Lorem.paragraphs(3).join("\n\n"), - author: group.users.sample, + author: group.group_members.non_invite.sample.user, group: group } |