opendev/gerrit
Code Issues Proposed changes

Revert "Perform user.getEffectiveGroups() less eagerly"

Browse Source 
This reverts commit f7569d0cb2.
The implementation removes any ability for slow GroupBackends
to perform their own per-request group level caching.

The correct way to do less eager lookups is for the LDAP
implementation of GroupBackend to create an emtpy membership
and then populate it on demand as requests arrive and need
to be looked up in the contains() methods.

Change-Id: I65210b24bffe10c5b158668867c8167c84712d17
This commit is contained in:
Shawn Pearce
2015-02-17 17:13:25 -08:00
parent 5d9fc0ce21
commit 7ab135e863
17 changed files with 27 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
View File

@@ -183,9 +183,10 @@ public class CapabilityControl {
// the 'CI Servers' actually use the BATCH queue while everyone else gets
// to use the INTERACTIVE queue without additional grants.
//
GroupMembership groups = user.getEffectiveGroups();
boolean batch = false;
for (PermissionRule r : capabilities.priority) {
if (user.memberOf(r.getGroup().getUUID())) {
if (match(groups, r)) {
switch (r.getAction()) {
case INTERACTIVE:
if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
@@ -264,8 +265,9 @@ public class CapabilityControl {
return rules;
}
GroupMembership groups = user.getEffectiveGroups();
if (rules.size() == 1) {
if (!user.memberOf(rules.get(0).getGroup().getUUID())) {
if (!match(groups, rules.get(0))) {
rules = Collections.emptyList();
}
effective.put(permissionName, rules);
@@ -274,7 +276,7 @@ public class CapabilityControl {
List<PermissionRule> mine = new ArrayList<>(rules.size());
for (PermissionRule rule : rules) {
if (user.memberOf(rule.getGroup().getUUID())) {
if (match(groups, rule)) {
mine.add(rule);
}
}
@@ -302,6 +304,11 @@ public class CapabilityControl {
return rule.getGroup().getUUID();
}
});
return user.memberOfAny(ids);
return user.getEffectiveGroups().containsAnyOf(ids);
}
private static boolean match(GroupMembership groups,
PermissionRule rule) {
return groups.contains(rule.getGroup().getUUID());
}
}