[Fusionforge-commits] FusionForge branch Branch_5_3 updated. a02c2423f58a65adb811a8d3156b17bd982880a9

Sylvain Beucler beuc-inria at fusionforge.org
Mon May 12 16:47:18 CEST 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_3 has been updated
       via  a02c2423f58a65adb811a8d3156b17bd982880a9 (commit)
      from  25e2722d70514bfb3f0fc2ae6fe41f39fd9104dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a02c2423f58a65adb811a8d3156b17bd982880a9
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Mon May 12 16:47:13 2014 +0200

    Optimize normalizeData - with special attention to RBAC->update and global roles that apply to thousands of projects

diff --git a/src/common/include/RBAC.php b/src/common/include/RBAC.php
index 1307190..8d178e2 100644
--- a/src/common/include/RBAC.php
+++ b/src/common/include/RBAC.php
@@ -285,7 +285,7 @@ abstract class BaseRole extends Error {
 		// TODO: document perms_array
 		$this->perms_array=array();
 		while ($arr = db_fetch_array($res)) {
-			$this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
+			$this->perms_array[$arr['section_name']][$arr['ref_id']] = intval($arr['perm_val']);
 		}
 
 		return true;
@@ -755,9 +755,10 @@ abstract class BaseRole extends Error {
 	 * @param	string	$role_name	The name of the role.
 	 * @param	array	$data		A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
 	 * @param	boolean	$check_perms	Perform permission checking
+	 * @param	boolean	$update_sys	Update system users & groups membership
 	 * @return	boolean	True on success or false on failure.
 	 */
-	function update($role_name,$data,$check_perms=true) {
+	function update($role_name,$data,$check_perms=true,$update_sys=true) {
 		global $SYS;
 		if ($check_perms) {
 			if ($this->getHomeProject() == NULL) {
@@ -779,29 +780,37 @@ abstract class BaseRole extends Error {
 			$this->setName($role_name) ;
 		}
 
-		$res = db_prepare ('DELETE FROM pfo_role_setting WHERE role_id=$1 AND section_name=$2 AND ref_id=$3',
-				   'delete_from_pfo_role_setting');
-
-		$res = db_prepare ('INSERT INTO pfo_role_setting (role_id, section_name, ref_id, perm_val) VALUES ($1, $2, $3, $4)',
-				   'insert_into_pfo_role_setting');
-
-		foreach ($data as $sect => $refs) {
+		db_prepare ('INSERT INTO pfo_role_setting (role_id, section_name, ref_id, perm_val) VALUES ($1, $2, $3, $4)',
+			    'insert_into_pfo_role_setting');
+		db_prepare ('DELETE FROM pfo_role_setting WHERE role_id=$1 AND section_name=$2 AND ref_id=$3',
+			    'delete_from_pfo_role_setting');
+		db_prepare ('UPDATE pfo_role_setting SET perm_val=$4 WHERE role_id=$1 AND section_name=$2 AND ref_id=$3',
+			    'update_pfo_role_setting');
+
+		// Don't remove unknown permissions (e.g. forums permissions while forums are currently disabled)
+		//foreach ($this->perms_array as $sect => &$refs)
+		//	foreach ($refs as $refid => $value)
+		//		if (!isset($data[$sect][$refid]) or $data[$sect][$refid] != $value)
+		//			db_execute('delete_from_pfo_role_setting', array($role_id, $sect, $refid));
+
+		// Insert new/changed permissions
+		foreach ($data as $sect => &$refs) {
 			foreach ($refs as $refid => $value) {
-				$res = db_execute ('delete_from_pfo_role_setting',
-						   array ($role_id,
-							  $sect,
-							  $refid)) ;
-				$res = db_execute ('insert_into_pfo_role_setting',
-						   array ($role_id,
-							  $sect,
-							  $refid,
-							  $value)) ;
-				$this->perms_array[$sect][$refid] = $value;
+				if (!isset($this->perms_array[$sect][$refid])) {
+					// new permission
+					db_execute('insert_into_pfo_role_setting',
+						   array($role_id, $sect, $refid, $value));
+				} else if ($this->perms_array[$sect][$refid] != $value) {
+					// changed permission
+					db_execute('update_pfo_role_setting',
+						   array($role_id, $sect, $refid, $value));
+				}
 			}
 		}
 
-		$res = db_unprepare ('insert_into_pfo_role_setting');
-		$res = db_unprepare ('delete_from_pfo_role_setting');
+		db_unprepare ('insert_into_pfo_role_setting');
+		db_unprepare ('delete_from_pfo_role_setting');
+		db_unprepare ('update_pfo_role_setting');
 
 		$hook_params = array ();
 		$hook_params['role'] =& $this;
@@ -812,10 +821,12 @@ abstract class BaseRole extends Error {
 		db_commit();
 		$this->fetchData($this->getID());
 
-		foreach ($this->getUsers() as $u) {
-			if (!$SYS->sysCheckCreateUser($u->getID())) {
-				$this->setError($SYS->getErrorMessage());
-				return false;
+		if ($update_sys) {
+			foreach ($this->getUsers() as $u) {
+				if (!$SYS->sysCheckCreateUser($u->getID())) {
+					$this->setError($SYS->getErrorMessage());
+					return false;
+				}
 			}
 		}
 
@@ -902,22 +913,19 @@ abstract class BaseRole extends Error {
 
 		// ...tracker-related settings
 		$new_pa['tracker'] = array () ;
-		foreach ($projects as $p) {
-			if (!$p->usesTracker()) {
-				continue;
-			}
-			$atf = new ArtifactTypeFactory ($p) ;
-			if (!$atf->isError()) {
-				$trackerids = $atf->getAllArtifactTypeIds () ;
-				foreach ($trackerids as $tid) {
-					if (array_key_exists ('tracker', $this->perms_array)
-					    && array_key_exists ($tid, $this->perms_array['tracker']) ) {
-						$new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
-					} elseif (array_key_exists ('new_tracker', $this->perms_array)
-						  && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
-						$new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
-					}
-				}
+		// Direct query to avoid querying each project - especially for global roles
+		foreach ($projects as $p)
+			$project_ids[] = $p->getID();
+		$res = db_query_params('SELECT group_artifact_id FROM artifact_group_list JOIN groups USING (group_id)'
+				       . ' WHERE use_tracker=1 AND group_id IN ('.implode(',', $project_ids).')', array());
+		while ($row = db_fetch_array($res)) {
+			$tid = $row['group_artifact_id'];
+			if (array_key_exists ('tracker', $this->perms_array)
+			    && array_key_exists ($tid, $this->perms_array['tracker']) ) {
+				$new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
+			} elseif (array_key_exists ('new_tracker', $this->perms_array)
+				  && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
+				$new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
 			}
 		}
 
@@ -964,7 +972,7 @@ abstract class BaseRole extends Error {
 		}
 
 		// Save
-		$this->update ($this->getName(), $new_pa, false) ;
+		$this->update ($this->getName(), $new_pa, false, false) ;
 		return true;
 	}
 }

-----------------------------------------------------------------------

Summary of changes:
 src/common/include/RBAC.php |   92 +++++++++++++++++++++++--------------------
 1 file changed, 50 insertions(+), 42 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list