Fix group authorization when searching for epics
What does this MR do and why?
Follow up of !93601 (merged).
On the MR above I forgot to take into account projects that are visible to the user to get authorized groups, in other words, if a group has a project all group members can read ancestor groups.
More details at #371067 (closed)
This changes one of the queries of the union introduced by !93601 (merged), it gets a bit worse performance-wise, but we need to keep the same behavior from before at least until we remove this authorization inconsistency.
- Query diff: https://www.diffchecker.com/GDYpyfUt
- Old query and plans: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11603/commands/41232
- New query and plans: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11603/commands/41234
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
Activity
changed milestone to %15.4
added backend bugfunctional devopsplan epics groupproduct planning regression:15.3 labels
requested review from @felipe_artur
added typebug label
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1
.Suggested Reviewers @rymai
,@rspeicher
,@mayra-cabrera
,@marcel.amirault
,@jivanvl
If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923
.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
Edited by GitLab Reviewer-Recommender Bot1 Warning This merge request does not have any assignee yet. Setting an assignee clarifies who needs to take action on the merge request at any given time. Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Aman Luthra ( @aluthra2
) (UTC+5.5, 8.5 hours ahead of@felipe_artur
)Sincheol (David) Kim ( @dskim_gitlab
) (UTC+9.5, 12.5 hours ahead of@felipe_artur
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Dangeradded 1 commit
- 8783dc5e - Fix group authorization when searching for epics
- Resolved by Mark Chao
- Resolved by Steve Abrams
This is a follow-up of !93601 (merged)
@dstull Can you review database again, please?
@nicolasdular Can you do backend review again, please?
requested review from @dstull and @nicolasdular
added 1 commit
- f914051b - Fix group authorization when searching for epics
added 1 commit
- 7614aea2 - Fix group authorization when searching epics
Allure report
allure-report-publisher
generated test report!review-qa-blocking:
test report for 7614aea2expand test summary
+-----------------------------------------------------------------------------------------+ | suites summary | +------------------------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Create | 28 | 0 | 1 | 11 | 29 | ❗ | | Protect | 2 | 0 | 0 | 2 | 2 | ❗ | | Plan | 47 | 0 | 1 | 27 | 48 | ❗ | | Verify | 12 | 0 | 1 | 10 | 13 | ❗ | | Manage | 46 | 0 | 3 | 24 | 49 | ❗ | | Configure | 0 | 0 | 1 | 0 | 1 | ➖ | | Feature flag handler sanity checks | 9 | 0 | 0 | 0 | 9 | ✅ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Version sanity check | 0 | 0 | 1 | 0 | 1 | ➖ | | Secure | 2 | 0 | 0 | 2 | 2 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Total | 146 | 0 | 9 | 76 | 155 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+
e2e-review-qa-blocking:
test report for 7614aea2expand test summary
+-----------------------------------------------------------------------------------------+ | suites summary | +------------------------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Plan | 47 | 0 | 1 | 31 | 48 | ❗ | | Create | 28 | 0 | 1 | 20 | 29 | ❗ | | Manage | 46 | 0 | 3 | 29 | 49 | ❗ | | Verify | 12 | 0 | 1 | 10 | 13 | ❗ | | Secure | 2 | 0 | 0 | 2 | 2 | ❗ | | Version sanity check | 0 | 0 | 1 | 0 | 1 | ➖ | | Feature flag handler sanity checks | 9 | 0 | 0 | 0 | 9 | ✅ | | Protect | 2 | 0 | 0 | 2 | 2 | ❗ | | Configure | 0 | 0 | 1 | 0 | 1 | ➖ | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Total | 146 | 0 | 9 | 94 | 155 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+
added sectiondev label
added regression label
requested review from @jdrpereira and removed review request for @dstull
requested review from @dgruzd and removed review request for @nicolasdular
@nicolasdular
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.
For more info, please refer to the following links:
assigned to @felipe_artur
removed review request for @dgruzd
added database databasereviewed labels
requested review from @lulalala
requested review from @sabrams
added databaseapproved label and removed databasereviewed label
enabled an automatic merge when the pipeline for f9f29eed succeeds
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Roy Zwambag ( @rzwambag
) (UTC+2, 5 hours ahead of@felipe_artur
)Bob Van Landuyt ( @reprazent
) (UTC+2, 5 hours ahead of@felipe_artur
)database João Pereira ( @jdrpereira
) (UTC+1, 4 hours ahead of@felipe_artur
)Mayra Cabrera ( @mayra-cabrera
) (UTC-5, 2 hours behind@felipe_artur
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Dangermentioned in commit 54678818
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate label
mentioned in merge request kubitus-project/kubitus-installer!1453 (merged)
added releasedpublished label and removed releasedcandidate label