Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor IAM id access #8969

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Refactor IAM id access #8969

wants to merge 4 commits into from
+130 −115

Conversation

zhiltsov-max
Copy link
Contributor

@zhiltsov-max zhiltsov-max commented Jan 20, 2025
edited
Loading

The existing object id access pattern for foreign keys produces unnecessary dependencies on the whole foreign object. It can be optimized to using just the object id, which is stored in the same db row in most cases (except m2m fields). This change doesn't immediately lead to optimized DB requests, but it opens optimization opportunities in the future.

  • Optimized object id access for foreign key model fields in IAM checks
  • Added obj field type annotations for Permission types
  • Removed 1 extra DB request in task read serializer

Motivation and context

How has this been tested?

Checklist

  • I submit my changes into the develop branch
  • I have created a changelog fragment
  • I have updated the documentation accordingly
  • I have added tests to cover my changes
  • I have linked related issues (see GitHub docs)

License

  • I submit my code changes under the same MIT License that covers the project.
    Feel free to contact the maintainers if that's a concern.

@zhiltsov-max zhiltsov-max requested review from SpecLad and removed request for Marishka17 January 20, 2025 17:08
@zhiltsov-max zhiltsov-max force-pushed the zm/optimize-iam-data-access branch from 677cb5d to c382cc4 Compare January 20, 2025 17:11
@codecov-commenter
Copy link

codecov-commenter commented Jan 20, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 46.34146% with 22 lines in your changes missing coverage. Please review.

Project coverage is 73.85%. Comparing base (fe5efaf) to head (dd0375e).
Report is 10 commits behind head on develop.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #8969      +/-   ##
===========================================
+ Coverage    73.82%   73.85%   +0.03%     
===========================================
  Files          417      417              
  Lines        44583    44605      +22     
  Branches      4028     4031       +3     
===========================================
+ Hits         32912    32942      +30     
+ Misses       11671    11663       -8
Components Coverage Δ
cvat-ui 78.31% <ø> (+0.06%) ⬆️
cvat-server 70.06% <46.34%> (+<0.01%) ⬆️

SpecLad
SpecLad reviewed Jan 21, 2025
View reviewed changes
cvat/apps/engine/permissions.py Outdated
@@ -456,7 +462,7 @@ def create(cls, request, view, obj, iam_context):
def create_scope_view(cls, request, task: Union[int, Task], iam_context=None):
if isinstance(task, int):
try:
task = Task.objects.get(id=task)
task = Task.objects.select_related("organization").get(id=task)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you explain this? It seems to go against the purpose of this PR, as it adds a new join.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean select_related("project")?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was to remove 1 request from the following get_iam_context() -> get_organization() call, but probably it should be removed from this PR to keep it focused and simple enough. Prefetches will be in another PR.

cvat/apps/engine/permissions.py Outdated Show resolved Hide resolved
cvat/apps/engine/serializers.py Show resolved Hide resolved
cvat/apps/webhooks/permissions.py Show resolved Hide resolved
SpecLad
SpecLad reviewed Jan 21, 2025
View reviewed changes
cvat/apps/engine/permissions.py
'id': self.obj.organization.id
} if self.obj.organization else None
'id': self.obj.organization_id
} if self.obj.organization_id else None
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to add a common function for this pattern, since it seems to be repeating a lot:

def id_dict(id):
    if id is None: return None
    return {'id': id}

Copy link
Contributor Author

@zhiltsov-max zhiltsov-max Jan 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's a good idea, but it's out of the scope for this PR. It looks like these data structures should be described somehow on the server side.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SpecLad SpecLad SpecLad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zhiltsov-max @codecov-commenter @SpecLad