Task #4197
Task #4150: Summon chat feature
[ce, ee] get list of users with their permissions to a repository
0%
Description
Related to https://issues.rhodecode.com/issues/4150
Need a way to get all users from a repository along with their permissions for that repo.
At the moment permissions are generated via a complex python object in rhodecode.lib.auth:AuthUser which calculates the tree for a single user, taking into account default user, repo settings (overriding globals or not), and usergroups.
Iterating over the entire list of users is much too slow, some preliminary benchmarks show that it will take 10seconds / 100users.
In order to do this quickly instead, we would have to generate permissions via sql - A simplish (not completely correct results) query shows it will take about 50ms on internal rhodecode db.
SELECT users.username, repositories.repo_name, MIN(origin_sort || '-' || permission_name) as perm FROM ( SELECT '' as ug, permissions.permission_name, user_id, repository_id, '1-user' as origin_sort FROM repo_to_perm JOIN permissions ON permissions.permission_id = repo_to_perm.permission_id -- WHERE repository_id = 190 UNION ALL SELECT users_groups.users_group_name, permissions.permission_name, users_groups_members.user_id, repository_id, '2-usergroup-' || users_groups.users_group_name as origin_sort FROM users_group_repo_to_perm JOIN permissions ON permissions.permission_id = users_group_repo_to_perm.permission_id JOIN users_groups_members ON users_groups_members.users_group_id = users_group_repo_to_perm.users_group_id JOIN users_groups ON users_group_repo_to_perm.users_group_id = users_groups.users_group_id -- WHERE repository_id = 190 ) tmp_user_and_usergroup_perms JOIN users ON users.user_id = tmp_user_and_usergroup_perms.user_id JOIN repositories ON repositories.repo_id = tmp_user_and_usergroup_perms.repository_id GROUP BY users.username, repositories.repo_name ORDER BY username, perm ;
Updated by Daniel D over 4 years ago
- Assignee set to Daniel D
- Target version set to v4.5
Will need to write a lot of stringent tests first to make sure the query always matches the original perms generated by AuthUser, and also must work out exactly the permission override rules.