Task #4197
Task #4150: Summon chat feature
[ce, ee] get list of users with their permissions to a repository
0%
Description
Related to https://issues.rhodecode.com/issues/4150
Need a way to get all users from a repository along with their permissions for that repo.
At the moment permissions are generated via a complex python object in rhodecode.lib.auth:AuthUser which calculates the tree for a single user, taking into account default user, repo settings (overriding globals or not), and usergroups.
Iterating over the entire list of users is much too slow, some preliminary benchmarks show that it will take 10seconds / 100users.
In order to do this quickly instead, we would have to generate permissions via sql - A simplish (not completely correct results) query shows it will take about 50ms on internal rhodecode db.
SELECT
users.username,
repositories.repo_name,
MIN(origin_sort || '-' || permission_name) as perm
FROM (
SELECT
'' as ug,
permissions.permission_name,
user_id,
repository_id,
'1-user' as origin_sort
FROM
repo_to_perm
JOIN
permissions ON
permissions.permission_id = repo_to_perm.permission_id
-- WHERE repository_id = 190
UNION ALL
SELECT
users_groups.users_group_name,
permissions.permission_name,
users_groups_members.user_id,
repository_id,
'2-usergroup-' || users_groups.users_group_name as origin_sort
FROM
users_group_repo_to_perm
JOIN
permissions ON
permissions.permission_id = users_group_repo_to_perm.permission_id
JOIN
users_groups_members
ON
users_groups_members.users_group_id = users_group_repo_to_perm.users_group_id
JOIN
users_groups
ON
users_group_repo_to_perm.users_group_id = users_groups.users_group_id
-- WHERE repository_id = 190
) tmp_user_and_usergroup_perms
JOIN users ON users.user_id = tmp_user_and_usergroup_perms.user_id
JOIN repositories ON repositories.repo_id = tmp_user_and_usergroup_perms.repository_id
GROUP BY users.username, repositories.repo_name
ORDER BY username, perm
;
Updated by Daniel D over 4 years ago
- Assignee set to Daniel D
- Target version set to v4.5
Will need to write a lot of stringent tests first to make sure the query always matches the original perms generated by AuthUser, and also must work out exactly the permission override rules.
Updated by