Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary db query as admin user for update_route_destinations #2986

Merged
merged 1 commit into from
Sep 28, 2022
Merged

Remove unnecessary db query as admin user for update_route_destinations #2986

merged 1 commit into from
Sep 28, 2022

Conversation

kathap
Copy link
Contributor

@kathap kathap commented Sep 27, 2022
edited by philippthun
Loading

  • Improve cases for admin user in lib/cloud_controller/permissions.rb: 'readable_app_guids' and app/controllers/v3/routes_controller.rb: 'validate_app_guids!' to avoid unnecessary SELECT statements without condition (SELECT guid FROM spaces, SELECT guid FROM apps).
  • Adapting the route_destinations_spec to the changes.

In one of our dashboards we saw a lot of SELECT guid FROM spaces queries without any filter. We found out that this query was originally triggered by readable_app_guids which used to call readable_space_guids in permissions.rb for the case when the user is an admin. To remove the unnecessary db query for admins, we replaced the readable_space_guids
part in readable_app_guids with: VCAP::CloudController::AppModel.user_visible(@user, can_read_globally?).select(:guid).map(&:guid) which is already done similar in other functions. With this change we make use of the user_visibility_filter of the sequel_plugin vcap_user_visibility, which is possible because this filter is implemented in the app_model.

The above change showed in the dashboards another db query without filter, SELECT guid FROM apps, triggered in routes_controller.rb where readable_app_guids is called in validate_app_guids! for the case when the user is admin. In validate_app_guids we splitted the original unprocessable! case up into two scenarios:

  • check if the given app guids include non existing guids
  • if the user is not an admin user, check for unauthorized app guids

With this change the unnecessary db query for admin users can be avoided.

  • I have reviewed the contributing guide

  • I have viewed, signed, and submitted the Contributor License Agreement

  • I have made this pull request to the main branch

  • I have run all the unit tests using bundle exec rake

  • I have run CF Acceptance Tests

@kathap @philippthun
Remove unnecessary db query as admin user for update_route_destinations
8968448 
- Improve cases for admin user in
  (lib/cloud_controller/permissions.rb: `readable_app_guids')
  and (app/controllers/v3/routes_controller.rb: `validate_app_guids!')
  to avoid unnecessary SELECT statements without condition ("SELECT guid FROM spaces",
  "SELECT guid FROM apps")
- Adapting the route_destinations_spec to the changes.

Signed-off-by: Philipp Thun <[email protected]>
@philippthun philippthun merged commit 5abe84b into cloudfoundry:main Sep 28, 2022
kathap added a commit to sap-contributions/cloud_controller_ng that referenced this pull request Oct 5, 2022
@kathap
Raise an exception if user can read globally
2ebbe83 
With cloudfoundry#2986, cloudfoundry#2995, cloudfoundry#2997 no case is left where
readable_space_guids_query or readable_org_guids_query is called in an
admin use case. Therefore the select for all guids as admin user is not
needed any more. Instead raise an exception if this query is called for
admin users.
@kathap kathap mentioned this pull request Oct 5, 2022
Merged
5 tasks
kathap added a commit to sap-contributions/cloud_controller_ng that referenced this pull request Oct 6, 2022
@kathap
Adjust tests for permissions.rb
b2d7f55 
With cloudfoundry#2986, cloudfoundry#2995, cloudfoundry#2997, SELECT all guids for can_read_globally users is not called
anymore, the tests for readable_space_guids and readbale_org_guids
needed to be adjusted
philippthun pushed a commit that referenced this pull request Oct 6, 2022
@kathap
Raise an exception if user can read globally (#3009)
4bf5f92 
With #2986, #2995, #2997 no case is left where
readable_space_guids_query or readable_org_guids_query is called in an
admin use case. Therefore the select for all guids as admin user is not
needed any more. Instead raise an exception if this query is called for
admin users.
will-gant pushed a commit to sap-contributions/cloud_controller_ng that referenced this pull request Oct 20, 2022
@kathap @will-gant
Raise an exception if user can read globally (cloudfoundry#3009)
416ed81 
With cloudfoundry#2986, cloudfoundry#2995, cloudfoundry#2997 no case is left where
readable_space_guids_query or readable_org_guids_query is called in an
admin use case. Therefore the select for all guids as admin user is not
needed any more. Instead raise an exception if this query is called for
admin users.
will-gant pushed a commit to sap-contributions/cloud_controller_ng that referenced this pull request Dec 16, 2022
@kathap @will-gant
Raise an exception if user can read globally (cloudfoundry#3009)
ac1e8c6 
With cloudfoundry#2986, cloudfoundry#2995, cloudfoundry#2997 no case is left where
readable_space_guids_query or readable_org_guids_query is called in an
admin use case. Therefore the select for all guids as admin user is not
needed any more. Instead raise an exception if this query is called for
admin users.
@kathap kathap mentioned this pull request Nov 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philippthun philippthun philippthun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kathap @philippthun @cf-gitbot