From 00a6189cf332bc60e788ba9e21dba5a68c3086c0 Mon Sep 17 00:00:00 2001 From: khorshuheng Date: Tue, 19 Nov 2024 12:58:07 +0800 Subject: [PATCH] fix: stop loading collab policies to improve access control evaluation --- libs/access-control/src/casbin/adapter.rs | 30 ----------------------- 1 file changed, 30 deletions(-) diff --git a/libs/access-control/src/casbin/adapter.rs b/libs/access-control/src/casbin/adapter.rs index 629c80802..72026639f 100644 --- a/libs/access-control/src/casbin/adapter.rs +++ b/libs/access-control/src/casbin/adapter.rs @@ -7,8 +7,6 @@ use casbin::Filter; use casbin::Model; use casbin::Result; -use database::collab::select_collab_member_access_level; -use database::pg_row::AFCollabMemberAccessLevelRow; use database::pg_row::AFWorkspaceMemberPermRow; use database::workspace::select_workspace_member_perm_stream; @@ -35,28 +33,6 @@ impl PgAdapter { } } -async fn load_collab_policies( - mut stream: BoxStream<'_, sqlx::Result>, -) -> Result>> { - let mut policies: Vec> = Vec::new(); - - while let Some(Ok(member_access_lv)) = stream.next().await { - let uid = member_access_lv.uid; - let object_type = ObjectType::Collab(&member_access_lv.oid); - for act in member_access_lv.access_level.policy_acts() { - let policy = [ - uid.to_string(), - object_type.policy_object(), - act.to_string(), - ] - .to_vec(); - policies.push(policy); - } - } - - Ok(policies) -} - /// Loads workspace policies from a given stream of workspace member permissions. /// /// This function iterates over the stream of member permissions, constructing and accumulating @@ -128,12 +104,6 @@ impl Adapter for PgAdapter { // Policy definition `p` of type `p`. See `model.conf` model.add_policies("p", "p", workspace_policies); - let collab_member_access_lv_stream = select_collab_member_access_level(&self.pg_pool); - let collab_policies = load_collab_policies(collab_member_access_lv_stream).await?; - - // Policy definition `p` of type `p`. See `model.conf` - model.add_policies("p", "p", collab_policies); - self .access_control_metrics .record_load_all_policies_in_ms(start.elapsed().as_millis() as u64);