Project

General

Profile

Actions

Story #18693

closed

Deduplicate permission links

Added by Peter Amstutz almost 3 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Start date:
01/03/2023
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
2.0

Description

It's confusing and potentially error prone to have multiple identical permission links, e.g. three link records all granting "can_read" going from the same user to the same project. For example, there's 50 users with read access to a project, but one user is listed 3 times. Someone goes it to remove that user's access, but only deletes one or two of the links, not all three.

Proposed change:

conflicting: permission link between the same head/tail where both permissions are either (can_read, can_write, can_login) or (can_login)

should take a row lock on the permission link when doing these operations.

  • "create" command
    • if there is a conflicting permission link and the existing link has lower permission, update the existing permission link and return that
    • if there is a conflicting permission link and the existing link has same or higher permission, do nothing and return the existing link
  • "update" command
    • if a link is updated so it conflicts with another permission link, delete the other conflicting link (this shouldn't happen because there shouldn't be more than one link)
  • "delete" command
    • delete doesn't change because there shouldn't be multiple conflicting links, but if there are, they should all get deleted
  • perform a data migration to remove any duplicated links

Subtasks 1 (0 open1 closed)

Task #19810: Review 18693-dedup-permissionsResolvedBrett Smith01/03/2023

Actions

Related issues 2 (1 open1 closed)

Related to Arvados - Bug #19057: [controller] should not allow adding the same user+login to a VM more than one timeResolvedTom Clegg01/18/2023

Actions
Related to Arvados - Story #19954: Update API documentation re permission link deduplicationNewTom Clegg

Actions
Actions

Also available in: Atom PDF