Remove unused code and unnecessary indirections#6284
Merged
Conversation
Also replaces permission checks that queried the DB despite having an authenticated principal with populated effective permissions available. The AuthorizationFilter populates these for every request, so querying the DB again is redundant. Signed-off-by: nscuro <nscuro@protonmail.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | -8 |
| Duplication | 3 |
🟢 Coverage 88.77% diff coverage · +0.21% coverage variation
Metric Results Coverage variation ✅ +0.21% coverage variation (-1.00%) Diff coverage ✅ 88.77% diff coverage (70.00%) Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (8217941) 41799 36102 86.37% Head commit (c8d55d2) 41654 (-145) 36066 (-36) 86.58% (+0.21%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#6284) 187 166 88.77% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
nscuro
force-pushed
the
rm-unused-code
branch
2 times, most recently
from
22308de to
57dfc2a
Compare
Allows resources that do not *require* a permission to be accessed to still check the principal's effective permissions without having to query the DB. For example `/v1/team/visible` is accessible by all authenticated principals, but its response content still depends on which permissions those principals hold. Replaces the separate `AuthenticationFeature` and `AuthorizationFeature` with a single `AuthFeature`. Since the condition for both is now identical, there is no need for separate features anymore. This change surfaced a few resources where `AlpineRequest` was deliberately not passed to `new QueryManager` (which is necessary for ACL-aware query filtering), in order to perform "lookup project and assert access" patterns. To fix this, we introduce a mechanism to explicitly bypass portfolio ACL when needed, using `ProjectAccess.unrestricted(() -> ...)`. Signed-off-by: nscuro <nscuro@protonmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Removes unused code and unnecessary indirections.
Also replaces permission checks that queried the DB despite having an authenticated principal with populated effective permissions available. The
AuthorizationFilterpopulates these for every request, so querying the DB again is redundant.Originally unplanned but became an obvious byproduct of the above:
Allows resources that do not require a permission to be accessed to still check the principal's effective permissions without having to query the DB. For example
/v1/team/visibleis accessible by all authenticated principals, but its response content still depends on which permissions those principals hold.Replaces the separate
AuthenticationFeatureandAuthorizationFeaturewith a singleAuthFeature. Since the condition for both is now identical, there is no need for separate features anymore.This change surfaced a few resources where
AlpineRequestwas deliberately not passed tonew QueryManager(which is necessary for ACL-aware query filtering), in order to perform "lookup project and assert access" patterns. To fix this, we introduce a mechanism to explicitly bypass portfolio ACL when needed, usingProjectAccess.unrestricted(() -> ...). Note that the previous implementation was safe, it was just inconsistent with how the rest of the code base works.Addressed Issue
N/A
Additional Details
N/A
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR implements an enhancement, and I have provided tests to verify that it works as intendedThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordinglyThis PR is a substantial change (per the ADR criteria), and I have added an ADR underdocs/adr/