Skip to content

Rework project authorizations and nested groups for better performance

This MR reworks the queries used for calculating project authorizations, in particular those used for getting nested groups.

TODO

  • Re-use code in Users::RefreshAuthorizedProjectsService between MySQL and PostgreSQL (as much as possible)
  • Add Group.supports_nested_groups? which returns true for PostgreSQL, false otherwise
  • In the UI use Group.supports_nested_groups? to hide nested groups related UI elements
  • Do something similar in controllers or models (depending on what the best place would be)
  • Add a migration which converts nested groups to regular groups for MySQL, making sure the right people still have access
  • Remove hierarchy related methods that use the old routes setup and are no longer necessary
  • Add documentation stating nested groups can not be supported properly on MySQL

Performance Impact

All tests were performed using the GitLab.com database, on a read-only replica.

Method Before After Notes
Namespace#descendants 580 ms ~1 ms Tests performed using the "gitlab-org" group
Namespace#ancestors ~1 ms ~1 ms Tests performed using the "sub-group-test" group. Old query was a regular index scan

Does this MR meet the acceptance criteria?

Edited by Yorick Peterse

Merge request reports

Loading