document-potential-rbac-optimizations #91
@ -29,21 +29,23 @@ BEGIN
|
|||||||
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
|
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
|
||||||
SET TRANSACTION READ ONLY;
|
SET TRANSACTION READ ONLY;
|
||||||
|
|
||||||
FOR i IN 0..25 LOOP
|
FOR i IN 0..0 LOOP
|
||||||
letter := chr(i+ascii('a'));
|
letter := chr(i+ascii('a'));
|
||||||
|
|
||||||
perform count(*) from (
|
perform count(*) from (
|
||||||
|
|
||||||
|
-- start of VIEW hs_hosting_asset_rv:
|
||||||
with accessible_hs_hosting_asset_uuids as (
|
with accessible_hs_hosting_asset_uuids as (
|
||||||
|
|
||||||
with recursive
|
with recursive
|
||||||
recursive_grants as
|
recursive_grants as (
|
||||||
(select distinct rbacgrants.descendantuuid,
|
select distinct rbacgrants.descendantuuid,
|
||||||
rbacgrants.ascendantuuid,
|
rbacgrants.ascendantuuid,
|
||||||
1 as level,
|
1 as level,
|
||||||
true
|
true
|
||||||
from rbacgrants
|
from rbacgrants
|
||||||
where rbacgrants.assumed
|
where (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
|
||||||
and (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
|
--and rbacgrants.assumed
|
||||||
union all
|
union all
|
||||||
select distinct g.descendantuuid,
|
select distinct g.descendantuuid,
|
||||||
g.ascendantuuid,
|
g.ascendantuuid,
|
||||||
@ -51,44 +53,38 @@ BEGIN
|
|||||||
assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
||||||
from rbacgrants g
|
from rbacgrants g
|
||||||
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
||||||
where g.assumed),
|
where g.assumed
|
||||||
grant_count as (select count(*) as grant_count
|
),
|
||||||
from recursive_grants),
|
grant_count as (
|
||||||
count_check as (select assertTrue((select grant_count from grant_count) < 600000,
|
select count(*) as grant_count from recursive_grants
|
||||||
'too many grants for current subjects: ' ||
|
),
|
||||||
(select grant_count from grant_count))
|
count_check as (
|
||||||
as valid)
|
select assertTrue((select grant_count from grant_count) < 600000,
|
||||||
|
'too many grants for current subjects: ' || (select grant_count from grant_count)) as valid
|
||||||
|
)
|
||||||
select distinct perm.objectuuid
|
select distinct perm.objectuuid
|
||||||
from recursive_grants
|
from recursive_grants
|
||||||
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
|
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
|
||||||
join rbacobject obj on obj.uuid = perm.objectuuid
|
join rbacobject obj on obj.uuid = perm.objectuuid
|
||||||
join count_check cc on cc.valid
|
join count_check cc on cc.valid
|
||||||
where obj.objecttable::text = 'hs_hosting_asset'::text
|
where obj.objecttable::text = 'hs_hosting_asset'::text
|
||||||
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype -- with/without this type condition
|
||||||
)
|
)
|
||||||
|
-- end of VIEW hs_hosting_asset_rv.
|
||||||
|
|
||||||
|
-- start of business query, usually based on a view according to the above CTE query:
|
||||||
select type,
|
select type,
|
||||||
-- count(*) as counter
|
|
||||||
target.uuid,
|
target.uuid,
|
||||||
-- target.version,
|
|
||||||
-- target.bookingitemuuid,
|
|
||||||
-- target.type,
|
|
||||||
-- target.parentassetuuid,
|
|
||||||
-- target.assignedtoassetuuid,
|
|
||||||
target.identifier,
|
target.identifier,
|
||||||
target.caption
|
target.caption
|
||||||
-- target.config,
|
|
||||||
-- target.alarmcontactuuid
|
|
||||||
from hs_hosting_asset target
|
from hs_hosting_asset target
|
||||||
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
|
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
|
||||||
from accessible_hs_hosting_asset_uuids))
|
from accessible_hs_hosting_asset_uuids))
|
||||||
and target.type = 'EMAIL_ADDRESS'
|
and target.type = 'EMAIL_ADDRESS'
|
||||||
and identifier like letter || '%'
|
and identifier like letter || '%'
|
||||||
-- and target.type in ('EMAIL_ADDRESS', 'CLOUD_SERVER', 'MANAGED_SERVER', 'MANAGED_WEBSPACE')
|
-- end of business query.
|
||||||
-- order by target.identifier;
|
) timed;
|
||||||
-- group by type
|
END LOOP;
|
||||||
-- order by counter desc
|
|
||||||
) timed;
|
|
||||||
END LOOP;
|
|
||||||
|
|
||||||
end_time := clock_timestamp();
|
end_time := clock_timestamp();
|
||||||
total_time := end_time - start_time;
|
total_time := end_time - start_time;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user