Skip to content

Commit

Permalink
fix: stop loading collab policies to improve access control evaluation
Browse files Browse the repository at this point in the history
  • Loading branch information
khorshuheng committed Nov 19, 2024
1 parent 0818cf7 commit 00a6189
Showing 1 changed file with 0 additions and 30 deletions.
30 changes: 0 additions & 30 deletions libs/access-control/src/casbin/adapter.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ use casbin::Filter;
use casbin::Model;
use casbin::Result;

use database::collab::select_collab_member_access_level;
use database::pg_row::AFCollabMemberAccessLevelRow;
use database::pg_row::AFWorkspaceMemberPermRow;
use database::workspace::select_workspace_member_perm_stream;

Expand All @@ -35,28 +33,6 @@ impl PgAdapter {
}
}

async fn load_collab_policies(
mut stream: BoxStream<'_, sqlx::Result<AFCollabMemberAccessLevelRow>>,
) -> Result<Vec<Vec<String>>> {
let mut policies: Vec<Vec<String>> = Vec::new();

while let Some(Ok(member_access_lv)) = stream.next().await {
let uid = member_access_lv.uid;
let object_type = ObjectType::Collab(&member_access_lv.oid);
for act in member_access_lv.access_level.policy_acts() {
let policy = [
uid.to_string(),
object_type.policy_object(),
act.to_string(),
]
.to_vec();
policies.push(policy);
}
}

Ok(policies)
}

/// Loads workspace policies from a given stream of workspace member permissions.
///
/// This function iterates over the stream of member permissions, constructing and accumulating
Expand Down Expand Up @@ -128,12 +104,6 @@ impl Adapter for PgAdapter {
// Policy definition `p` of type `p`. See `model.conf`
model.add_policies("p", "p", workspace_policies);

let collab_member_access_lv_stream = select_collab_member_access_level(&self.pg_pool);
let collab_policies = load_collab_policies(collab_member_access_lv_stream).await?;

// Policy definition `p` of type `p`. See `model.conf`
model.add_policies("p", "p", collab_policies);

self
.access_control_metrics
.record_load_all_policies_in_ms(start.elapsed().as_millis() as u64);
Expand Down

0 comments on commit 00a6189

Please sign in to comment.