document-potential-rbac-optimizations #91
@ -29,21 +29,23 @@ BEGIN
|
||||
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN');
|
||||
SET TRANSACTION READ ONLY;
|
||||
|
||||
FOR i IN 0..25 LOOP
|
||||
FOR i IN 0..0 LOOP
|
||||
letter := chr(i+ascii('a'));
|
||||
|
||||
perform count(*) from (
|
||||
|
||||
-- start of VIEW hs_hosting_asset_rv:
|
||||
with accessible_hs_hosting_asset_uuids as (
|
||||
|
||||
with recursive
|
||||
recursive_grants as
|
||||
(select distinct rbacgrants.descendantuuid,
|
||||
recursive_grants as (
|
||||
select distinct rbacgrants.descendantuuid,
|
||||
rbacgrants.ascendantuuid,
|
||||
1 as level,
|
||||
true
|
||||
from rbacgrants
|
||||
where rbacgrants.assumed
|
||||
and (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
|
||||
where (rbacgrants.ascendantuuid = any (currentsubjectsuuids()))
|
||||
--and rbacgrants.assumed
|
||||
union all
|
||||
select distinct g.descendantuuid,
|
||||
g.ascendantuuid,
|
||||
@ -51,42 +53,36 @@ BEGIN
|
||||
assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
||||
from rbacgrants g
|
||||
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
||||
where g.assumed),
|
||||
grant_count as (select count(*) as grant_count
|
||||
from recursive_grants),
|
||||
count_check as (select assertTrue((select grant_count from grant_count) < 600000,
|
||||
'too many grants for current subjects: ' ||
|
||||
(select grant_count from grant_count))
|
||||
as valid)
|
||||
where g.assumed
|
||||
),
|
||||
grant_count as (
|
||||
select count(*) as grant_count from recursive_grants
|
||||
),
|
||||
count_check as (
|
||||
select assertTrue((select grant_count from grant_count) < 600000,
|
||||
'too many grants for current subjects: ' || (select grant_count from grant_count)) as valid
|
||||
)
|
||||
select distinct perm.objectuuid
|
||||
from recursive_grants
|
||||
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
|
||||
join rbacobject obj on obj.uuid = perm.objectuuid
|
||||
join count_check cc on cc.valid
|
||||
where obj.objecttable::text = 'hs_hosting_asset'::text
|
||||
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
||||
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype -- with/without this type condition
|
||||
)
|
||||
-- end of VIEW hs_hosting_asset_rv.
|
||||
|
||||
-- start of business query, usually based on a view according to the above CTE query:
|
||||
select type,
|
||||
-- count(*) as counter
|
||||
target.uuid,
|
||||
-- target.version,
|
||||
-- target.bookingitemuuid,
|
||||
-- target.type,
|
||||
-- target.parentassetuuid,
|
||||
-- target.assignedtoassetuuid,
|
||||
target.identifier,
|
||||
target.caption
|
||||
-- target.config,
|
||||
-- target.alarmcontactuuid
|
||||
from hs_hosting_asset target
|
||||
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
|
||||
from accessible_hs_hosting_asset_uuids))
|
||||
and target.type = 'EMAIL_ADDRESS'
|
||||
and identifier like letter || '%'
|
||||
-- and target.type in ('EMAIL_ADDRESS', 'CLOUD_SERVER', 'MANAGED_SERVER', 'MANAGED_WEBSPACE')
|
||||
-- order by target.identifier;
|
||||
-- group by type
|
||||
-- order by counter desc
|
||||
-- end of business query.
|
||||
) timed;
|
||||
END LOOP;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user