Fix group authorization when searching for epics (!95731) · Merge requests · GitLab.org / GitLab

Felipe Artur requested to merge issue_371067 into master Aug 18, 2022

What does this MR do and why?

On the MR above I forgot to take into account projects that are visible to the user to get authorized groups, in other words, if a group has a project all group members can read ancestor groups.

More details at #371067 (closed)

This changes one of the queries of the union introduced by !93601 (merged), it gets a bit worse performance-wise, but we need to keep the same behavior from before at least until we remove this authorization inconsistency.

Query diff: https://www.diffchecker.com/GDYpyfUt
Old query and plans: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11603/commands/41232
New query and plans: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11603/commands/41234

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 18, 2022 by Felipe Artur

Fix group authorization when searching for epics

What does this MR do and why?

MR acceptance checklist

Merge request reports