chore(server): Check more permissions in bulk (#5315)

Modify Access repository, to evaluate `authDevice`, `library`, `partner`, `person`, and `timeline` permissions in bulk. Queries have been validated to match what they currently generate for single ids. As an extra performance improvement, we now use a custom QueryBuilder for the Partners queries, to avoid the eager relationships that add unneeded `LEFT JOIN` clauses. We only filter based on the ids present in the `partners` table, so those joins can be avoided. Queries: * `library` owner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "libraries" "LibraryEntity" WHERE "LibraryEntity"."id" = $1 AND "LibraryEntity"."ownerId" = $2 AND "LibraryEntity"."deletedAt" IS NULL ) LIMIT 1 -- After SELECT "LibraryEntity"."id" AS "LibraryEntity_id" FROM "libraries" "LibraryEntity" WHERE "LibraryEntity"."id" IN ($1, $2) AND "LibraryEntity"."ownerId" = $3 AND "LibraryEntity"."deletedAt" IS NULL ``` * `library` partner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "partners" "PartnerEntity" LEFT JOIN "users" "PartnerEntity__sharedBy" ON "PartnerEntity__sharedBy"."id"="PartnerEntity"."sharedById" AND "PartnerEntity__sharedBy"."deletedAt" IS NULL LEFT JOIN "users" "PartnerEntity__sharedWith" ON "PartnerEntity__sharedWith"."id"="PartnerEntity"."sharedWithId" AND "PartnerEntity__sharedWith"."deletedAt" IS NULL WHERE "PartnerEntity"."sharedWithId" = $1 AND "PartnerEntity"."sharedById" = $2 ) LIMIT 1 -- After SELECT "partner"."sharedById" AS "partner_sharedById", "partner"."sharedWithId" AS "partner_sharedWithId" FROM "partners" "partner" WHERE "partner"."sharedById" IN ($1, $2) AND "partner"."sharedWithId" = $3 ``` * `authDevice` owner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "user_token" "UserTokenEntity" WHERE "UserTokenEntity"."userId" = $1 AND "UserTokenEntity"."id" = $2 ) LIMIT 1 -- After SELECT "UserTokenEntity"."id" AS "UserTokenEntity_id" FROM "user_token" "UserTokenEntity" WHERE "UserTokenEntity"."userId" = $1 AND "UserTokenEntity"."id" IN ($2, $3) ``` * `timeline` partner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "partners" "PartnerEntity" LEFT JOIN "users" "PartnerEntity__sharedBy" ON "PartnerEntity__sharedBy"."id"="PartnerEntity"."sharedById" AND "PartnerEntity__sharedBy"."deletedAt" IS NULL LEFT JOIN "users" "PartnerEntity__sharedWith" ON "PartnerEntity__sharedWith"."id"="PartnerEntity"."sharedWithId" AND "PartnerEntity__sharedWith"."deletedAt" IS NULL WHERE "PartnerEntity"."sharedWithId" = $1 AND "PartnerEntity"."sharedById" = $2 ) LIMIT 1 -- After SELECT "partner"."sharedById" AS "partner_sharedById", "partner"."sharedWithId" AS "partner_sharedWithId" FROM "partners" "partner" WHERE "partner"."sharedById" IN ($1, $2) AND "partner"."sharedWithId" = $3 ``` * `person` owner access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "person" "PersonEntity" WHERE "PersonEntity"."id" = $1 AND "PersonEntity"."ownerId" = $2 ) LIMIT 1 -- After SELECT "PersonEntity"."id" AS "PersonEntity_id" FROM "person" "PersonEntity" WHERE "PersonEntity"."id" IN ($1, $2) AND "PersonEntity"."ownerId" = $3 ``` * `partner` update access: ```sql -- Before SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS ( SELECT 1 FROM "partners" "PartnerEntity" LEFT JOIN "users" "PartnerEntity__sharedBy" ON "PartnerEntity__sharedBy"."id"="PartnerEntity"."sharedById" AND "PartnerEntity__sharedBy"."deletedAt" IS NULL LEFT JOIN "users" "PartnerEntity__sharedWith" ON "PartnerEntity__sharedWith"."id"="PartnerEntity"."sharedWithId" AND "PartnerEntity__sharedWith"."deletedAt" IS NULL WHERE "PartnerEntity"."sharedWithId" = $1 AND "PartnerEntity"."sharedById" = $2 ) LIMIT 1 -- After SELECT "partner"."sharedById" AS "partner_sharedById", "partner"."sharedWithId" AS "partner_sharedWithId" FROM "partners" "partner" WHERE "partner"."sharedById" IN ($1, $2) AND "partner"."sharedWithId" = $3 ```
2025-12-26 09:14:58 +03:00 · 2023-11-26 07:50:41 -05:00
parent f97dca7707
commit c04340c63e
9 changed files with 190 additions and 151 deletions
--- a/server/src/infra/repositories/access.repository.ts
+++ b/server/src/infra/repositories/access.repository.ts
@@ -62,33 +62,52 @@ export class AccessRepository implements IAccessRepository {
      });
    },
  };
+
  library = {
-    hasOwnerAccess: (userId: string, libraryId: string): Promise<boolean> => {
-      return this.libraryRepository.exist({
-        where: {
-          id: libraryId,
-          ownerId: userId,
-        },
-      });
+    checkOwnerAccess: async (userId: string, libraryIds: Set<string>): Promise<Set<string>> => {
+      if (libraryIds.size === 0) {
+        return new Set();
+      }
+
+      return this.libraryRepository
+        .find({
+          select: { id: true },
+          where: {
+            id: In([...libraryIds]),
+            ownerId: userId,
+          },
+        })
+        .then((libraries) => new Set(libraries.map((library) => library.id)));
    },
-    hasPartnerAccess: (userId: string, partnerId: string): Promise<boolean> => {
-      return this.partnerRepository.exist({
-        where: {
-          sharedWithId: userId,
-          sharedById: partnerId,
-        },
-      });
+
+    checkPartnerAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => {
+      if (partnerIds.size === 0) {
+        return new Set();
+      }
+
+      return this.partnerRepository
+        .createQueryBuilder('partner')
+        .select('partner.sharedById')
+        .where('partner.sharedById IN (:...partnerIds)', { partnerIds: [...partnerIds] })
+        .andWhere('partner.sharedWithId = :userId', { userId })
+        .getMany()
+        .then((partners) => new Set(partners.map((partner) => partner.sharedById)));
    },
  };

  timeline = {
-    hasPartnerAccess: (userId: string, partnerId: string): Promise<boolean> => {
-      return this.partnerRepository.exist({
-        where: {
-          sharedWithId: userId,
-          sharedById: partnerId,
-        },
-      });
+    checkPartnerAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => {
+      if (partnerIds.size === 0) {
+        return new Set();
+      }
+
+      return this.partnerRepository
+        .createQueryBuilder('partner')
+        .select('partner.sharedById')
+        .where('partner.sharedById IN (:...partnerIds)', { partnerIds: [...partnerIds] })
+        .andWhere('partner.sharedWithId = :userId', { userId })
+        .getMany()
+        .then((partners) => new Set(partners.map((partner) => partner.sharedById)));
    },
  };

@@ -198,13 +217,20 @@ export class AccessRepository implements IAccessRepository {
  };

  authDevice = {
-    hasOwnerAccess: (userId: string, deviceId: string): Promise<boolean> => {
-      return this.tokenRepository.exist({
-        where: {
-          userId,
-          id: deviceId,
-        },
-      });
+    checkOwnerAccess: async (userId: string, deviceIds: Set<string>): Promise<Set<string>> => {
+      if (deviceIds.size === 0) {
+        return new Set();
+      }
+
+      return this.tokenRepository
+        .find({
+          select: { id: true },
+          where: {
+            userId,
+            id: In([...deviceIds]),
+          },
+        })
+        .then((tokens) => new Set(tokens.map((token) => token.id)));
    },
  };

@@ -264,24 +290,36 @@ export class AccessRepository implements IAccessRepository {
  };

  person = {
-    hasOwnerAccess: (userId: string, personId: string): Promise<boolean> => {
-      return this.personRepository.exist({
-        where: {
-          id: personId,
-          ownerId: userId,
-        },
-      });
+    checkOwnerAccess: async (userId: string, personIds: Set<string>): Promise<Set<string>> => {
+      if (personIds.size === 0) {
+        return new Set();
+      }
+
+      return this.personRepository
+        .find({
+          select: { id: true },
+          where: {
+            id: In([...personIds]),
+            ownerId: userId,
+          },
+        })
+        .then((persons) => new Set(persons.map((person) => person.id)));
    },
  };

  partner = {
-    hasUpdateAccess: (userId: string, partnerId: string): Promise<boolean> => {
-      return this.partnerRepository.exist({
-        where: {
-          sharedById: partnerId,
-          sharedWithId: userId,
-        },
-      });
+    checkUpdateAccess: async (userId: string, partnerIds: Set<string>): Promise<Set<string>> => {
+      if (partnerIds.size === 0) {
+        return new Set();
+      }
+
+      return this.partnerRepository
+        .createQueryBuilder('partner')
+        .select('partner.sharedById')
+        .where('partner.sharedById IN (:...partnerIds)', { partnerIds: [...partnerIds] })
+        .andWhere('partner.sharedWithId = :userId', { userId })
+        .getMany()
+        .then((partners) => new Set(partners.map((partner) => partner.sharedById)));
    },
  };
 }