Task #4197: [ce, ee] get list of users with their permissions to a repository - RhodeCode CE/EE - RhodeCode - issues

Task #4197

Task #4150: Summon chat feature

[ce, ee] get list of users with their permissions to a repository

Added by Daniel D about 3 years ago. Updated about 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Daniel D

Category:

Target version:

v4.11

Start date:

24.08.2016

Due date:

% Done:

Estimated time:

Sorting:

Commit Number:

Description

Related to https://issues.rhodecode.com/issues/4150

Need a way to get all users from a repository along with their permissions for that repo.

At the moment permissions are generated via a complex python object in rhodecode.lib.auth:AuthUser which calculates the tree for a single user, taking into account default user, repo settings (overriding globals or not), and usergroups.

Iterating over the entire list of users is much too slow, some preliminary benchmarks show that it will take 10seconds / 100users.

In order to do this quickly instead, we would have to generate permissions via sql - A simplish (not completely correct results) query shows it will take about 50ms on internal rhodecode db.

    SELECT
        users.username,
        repositories.repo_name,
        MIN(origin_sort || '-' || permission_name) as perm
    FROM (
            SELECT
                '' as ug,
                permissions.permission_name,
                user_id,
                repository_id,
                '1-user' as origin_sort
            FROM
                repo_to_perm
            JOIN
                permissions ON
                permissions.permission_id = repo_to_perm.permission_id
            -- WHERE repository_id = 190
        UNION ALL
            SELECT
                users_groups.users_group_name,
                permissions.permission_name,
                users_groups_members.user_id,
                repository_id,
                '2-usergroup-' || users_groups.users_group_name as origin_sort
            FROM
                users_group_repo_to_perm
            JOIN
                permissions ON
                permissions.permission_id = users_group_repo_to_perm.permission_id
            JOIN
                users_groups_members
            ON
                users_groups_members.users_group_id = users_group_repo_to_perm.users_group_id
            JOIN
                users_groups
            ON
                users_group_repo_to_perm.users_group_id = users_groups.users_group_id
            -- WHERE repository_id = 190
    ) tmp_user_and_usergroup_perms
    JOIN users ON users.user_id = tmp_user_and_usergroup_perms.user_id
    JOIN repositories ON repositories.repo_id = tmp_user_and_usergroup_perms.repository_id
    GROUP BY users.username, repositories.repo_name
    ORDER BY username, perm
;

History

#1 Updated by Daniel D about 3 years ago

Target version set to v4.5
Assignee set to Daniel D

Will need to write a lot of stringent tests first to make sure the query always matches the original perms generated by AuthUser, and also must work out exactly the permission override rules.