the _rv query with WHERE IN was faster after all, removing the JOIN variant

sql/00-util.sql

@@ -47,3 +47,17 @@ BEGIN
 END; $$;
 
 select * from randomInRange(0, 4);
+
+
+-- ========================================================
+-- Test helpers
+-- --------------------------------------------------------
+
+-- there are some random ractors in test data generation, thus a range has to be accepted
+CREATE OR REPLACE PROCEDURE expectBetween(actualCount integer, expectedFrom integer, expectedTo integer)
+    LANGUAGE plpgsql AS $$
+BEGIN
+    IF NOT actualCount BETWEEN expectedFrom AND expectedTo THEN
+        RAISE EXCEPTION 'count expected to be between % and %, but got %', expectedFrom, expectedTo, actualCount;
+    END IF;
+END; $$;

sql/21-hs-customer.sql

@@ -107,26 +107,13 @@ CREATE TRIGGER deleteRbacRulesForCustomer_Trigger
 
 
 -- create RBAC restricted view
-
--- automatically updatable, but slow with WHERE IN
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS customer_rv;
 CREATE OR REPLACE VIEW customer_rv AS
     SELECT DISTINCT target.*
       FROM customer AS target
-     WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));
+     WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON customer_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS customer_rv;
-CREATE OR REPLACE VIEW customer_rv AS
-    SELECT DISTINCT target.*
-      FROM customer AS target
-      JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()) AS allowedObjId
-           ON target.uuid = allowedObjId;
 GRANT ALL PRIVILEGES ON customer_rv TO restricted;
 
 

sql/22-hs-packages.sql

@@ -99,29 +99,15 @@ CREATE TRIGGER deleteRbacRulesForPackage_Trigger
     FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForPackage();
 
 -- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 ALTER TABLE package ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS package_rv;
 CREATE OR REPLACE VIEW package_rv AS
     SELECT DISTINCT target.*
       FROM package AS target
-     WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()));
+     WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()));
 GRANT ALL PRIVILEGES ON package_rv TO restricted;
 
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE package ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS package_rv;
-CREATE OR REPLACE VIEW package_rv AS
-    SELECT DISTINCT target.*
-      FROM package AS target
-     JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'package', currentSubjectIds()) AS allowedObjId
-          ON target.uuid = allowedObjId;
-GRANT ALL PRIVILEGES ON package_rv TO restricted;
-
-
 
 -- generate Package test data
 

sql/23-hs-unixuser.sql

@@ -8,6 +8,7 @@ SET SESSION SESSION AUTHORIZATION DEFAULT ;
 CREATE TABLE IF NOT EXISTS UnixUser (
     uuid uuid UNIQUE REFERENCES RbacObject(uuid),
     name character varying(32),
+    comment character varying(96),
     packageUuid uuid REFERENCES package(uuid)
 );
 
@@ -102,26 +103,13 @@ CREATE TRIGGER createRbacRulesForUnixUser_Trigger
 
 
 -- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS unixuser_rv;
 CREATE OR REPLACE VIEW unixuser_rv AS
     SELECT DISTINCT target.*
       FROM unixuser AS target
-    WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()));
+    WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON unixuser_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS unixuser_rv;
-CREATE OR REPLACE VIEW unixuser_rv AS
-    SELECT DISTINCT target.*
-     FROM unixuser AS target
-     JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'unixuser', currentSubjectIds()) AS allowedObjId
-          ON target.uuid = allowedObjId;
 GRANT ALL PRIVILEGES ON unixuser_rv TO restricted;
 
 

sql/24-hs-domain.sql

@@ -86,27 +86,15 @@ CREATE TRIGGER createRbacRulesForDomain_Trigger
 
 
 -- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS domain_rv;
 CREATE OR REPLACE VIEW domain_rv AS
     SELECT DISTINCT target.*
       FROM Domain AS target
-      WHERE target.uuid IN (SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()));
+      WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()));
 GRANT ALL PRIVILEGES ON domain_rv TO restricted;
 
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS domain_rv;
-CREATE OR REPLACE VIEW domain_rv AS
-    SELECT DISTINCT target.*
-      FROM Domain AS target
-      JOIN queryAccessibleObjectUuidsOfSubjectIds( 'view', 'domain', currentSubjectIds()) AS allowedObjId
-           ON target.uuid = allowedObjId;
-GRANT ALL PRIVILEGES ON domain_rv TO restricted;
 
 -- generate Domain test data
 

sql/25-hs-emailaddress.sql

@@ -74,25 +74,13 @@ CREATE TRIGGER createRbacRulesForEMailAddress_Trigger
 
 
 -- create RBAC-restricted view
-
--- automatically updatable, but slow with WHERE IN
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS EMailAddress_rv;
 CREATE OR REPLACE VIEW EMailAddress_rv AS
     SELECT DISTINCT target.*
     FROM EMailAddress AS target
-    WHERE target.uuid IN (SELECT DISTINCT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
+    WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
-GRANT ALL PRIVILEGES ON EMailAddress_rv TO restricted;
-
--- not automatically updatable, but fast with JOIN
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
-DROP VIEW IF EXISTS EMailAddress_rv;
-CREATE OR REPLACE VIEW EMailAddress_rv AS
-    SELECT target.*
-      FROM EMailAddress AS target
-     WHERE target.uuid IN (SELECT DISTINCT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( 'view', 'emailaddress', currentSubjectIds()));
 GRANT ALL PRIVILEGES ON EMailAddress_rv TO restricted;
 
 -- generate EMailAddress test data

sql/28--hs-tests.sql

@@ -1,15 +1,6 @@
 ABORT;
 SET SESSION SESSION AUTHORIZATION DEFAULT;
 
--- there are some random ractors in test data generation, thus a range has to be accepted
-CREATE OR REPLACE PROCEDURE expectBetween(actualCount integer, expectedFrom integer, expectedTo integer)
-    LANGUAGE plpgsql AS $$
-BEGIN
-    IF NOT actualCount BETWEEN expectedFrom AND expectedTo THEN
-        RAISE EXCEPTION 'count expected to be between % and %, but got %', expectedFrom, expectedTo, actualCount;
-    END IF;
-END; $$;
-
 DO LANGUAGE plpgsql $$
 DECLARE
     resultCount integer;
@@ -90,8 +81,8 @@ BEGIN
     SET SESSION SESSION AUTHORIZATION restricted;
     SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net';
     SET LOCAL hsadminng.assumedRoles = 'customer#aae.admin;customer#aaf.admin';
-    SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
+    -- SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
-    -- SELECT count(*) INTO resultCount
+    SELECT count(*) INTO resultCount
       FROM emailaddress_rv ema
       JOIN domain_rv dom ON dom.uuid = ema.domainuuid
       JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid