Optimization of data loading on auth reset

src/domain/collaboration/callout-contribution/callout.contribution.service.authorization.ts

@@ -32,27 +32,81 @@ export class CalloutContributionAuthorizationService {
   ) {}
 
   public async applyAuthorizationPolicy(
-    contributionInput: ICalloutContribution,
+    contributionID: string,
     parentAuthorization: IAuthorizationPolicy | undefined,
     communityPolicy: ICommunityPolicy,
     spaceSettings: ISpaceSettings
   ): Promise<IAuthorizationPolicy[]> {
     const contribution =
       await this.contributionService.getCalloutContributionOrFail(
-        contributionInput.id,
+        contributionID,
         {
+          loadEagerRelations: false,
           relations: {
+            authorization: true,
             post: {
-              profile: true,
+              authorization: true,
+              profile: {
+                authorization: true,
+              },
               comments: {
                 authorization: true,
               },
             },
             whiteboard: {
-              profile: true,
+              authorization: true,
+              profile: {
+                authorization: true,
+              },
+            },
+            link: {
+              authorization: true,
+              profile: {
+                authorization: true,
+              },
+            },
+          },
+          select: {
+            id: true,
+            createdBy: true,
+            authorization:
+              this.authorizationPolicyService.authorizationSelectOptions,
+            post: {
+              id: true,
+              createdBy: true,
+              authorization:
+                this.authorizationPolicyService.authorizationSelectOptions,
+              profile: {
+                id: true,
+                authorization:
+                  this.authorizationPolicyService.authorizationSelectOptions,
+              },
+              comments: {
+                id: true,
+                authorization:
+                  this.authorizationPolicyService.authorizationSelectOptions,
+              },
+            },
+            whiteboard: {
+              id: true,
+              createdBy: true,
+              authorization:
+                this.authorizationPolicyService.authorizationSelectOptions,
+              profile: {
+                id: true,
+                authorization:
+                  this.authorizationPolicyService.authorizationSelectOptions,
+              },
             },
             link: {
-              profile: true,
+              id: true,
+              authorization:
+                this.authorizationPolicyService.authorizationSelectOptions,
+              profile: {
+                id: true,
+                authorization:
+                  this.authorizationPolicyService.authorizationSelectOptions,
+              },
             },
           },
         }

src/domain/collaboration/callout-framing/callout.framing.service.authorization.ts

@@ -25,11 +25,33 @@ export class CalloutFramingAuthorizationService {
       await this.calloutFramingService.getCalloutFramingOrFail(
         calloutFramingInput.id,
         {
+          loadEagerRelations: false,
           relations: {
+            authorization: true,
+            profile: true,
             whiteboard: {
-              profile: true,
+              authorization: true,
+              profile: {
+                authorization: true,
+              },
+            },
+          },
+          select: {
+            id: true,
+            authorization:
+              this.authorizationPolicyService.authorizationSelectOptions,
+            profile: { id: true },
+            whiteboard: {
+              id: true,
+              createdBy: true,
+              authorization:
+                this.authorizationPolicyService.authorizationSelectOptions,
+              profile: {
+                id: true,
+                authorization:
+                  this.authorizationPolicyService.authorizationSelectOptions,
+              },
             },
-            profile: true,
           },
         }
       );
@@ -51,7 +73,7 @@ export class CalloutFramingAuthorizationService {
 
     const framingAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        calloutFraming.profile,
+        calloutFraming.profile.id,
         calloutFraming.authorization
       );
     updatedAuthorizations.push(...framingAuthorizations);

src/domain/collaboration/callout/callout.resolver.mutations.ts

@@ -235,7 +235,7 @@ export class CalloutResolverMutations {
     // Ensure settings are available
     const updatedAuthorizations =
       await this.contributionAuthorizationService.applyAuthorizationPolicy(
-        contribution,
+        contribution.id,
         callout.authorization,
         communityPolicy,
         spaceSettings

src/domain/collaboration/callout/callout.service.authorization.ts

@@ -88,7 +88,7 @@ export class CalloutAuthorizationService {
     for (const contribution of callout.contributions) {
       const updatedContributionAuthorizations =
         await this.contributionAuthorizationService.applyAuthorizationPolicy(
-          contribution,
+          contribution.id,
           callout.authorization,
           communityPolicy,
           spaceSettings

src/domain/collaboration/innovation-flow/innovation.flow.service.authorization.ts

@@ -48,7 +48,7 @@ export class InnovationFlowAuthorizationService {
 
     const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        innovationFlow.profile,
+        innovationFlow.profile.id,
         innovationFlow.authorization
       );
     updatedAuthorizations.push(...profileAuthorizations);

src/domain/collaboration/link/link.service.authorization.ts

@@ -40,7 +40,7 @@ export class LinkAuthorizationService {
 
     const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        link.profile,
+        link.profile.id,
         link.authorization
       );
     updatedAuthorizations.push(...profileAuthorizations);

src/domain/collaboration/post/post.service.authorization.ts

@@ -80,7 +80,7 @@ export class PostAuthorizationService {
     // cascade
     const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        post.profile,
+        post.profile.id,
         post.authorization
       );
     updatedAuthorizations.push(...profileAuthorizations);

src/domain/common/authorization-policy/authorization.policy.service.ts

@@ -1,6 +1,6 @@
 import { Inject, Injectable, LoggerService } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
+import { FindOptionsSelect, Repository } from 'typeorm';
 import {
   EntityNotFoundException,
   ForbiddenException,
@@ -36,6 +36,14 @@ export class AuthorizationPolicyService {
     private readonly logger: LoggerService
   ) {}
 
+  public authorizationSelectOptions: FindOptionsSelect<AuthorizationPolicy> = {
+    id: true,
+    anonymousReadAccess: true,
+    credentialRules: true,
+    privilegeRules: true,
+    verifiedCredentialRules: true,
+  };
+
   createCredentialRule(
     grantedPrivileges: AuthorizationPrivilege[],
     criterias: ICredentialDefinition[],

src/domain/common/profile/profile.service.authorization.ts

@@ -1,5 +1,4 @@
 import { Injectable } from '@nestjs/common';
-import { IProfile } from '@domain/common/profile';
 import { AuthorizationPolicyService } from '@domain/common/authorization-policy/authorization.policy.service';
 import { ProfileService } from './profile.service';
 import { IAuthorizationPolicy } from '@domain/common/authorization-policy/authorization.policy.interface';
@@ -18,25 +17,60 @@ export class ProfileAuthorizationService {
   ) {}
 
   async applyAuthorizationPolicy(
-    profileInput: IProfile,
+    profileID: string,
     parentAuthorization: IAuthorizationPolicy | undefined
   ): Promise<IAuthorizationPolicy[]> {
-    const profile = await this.profileService.getProfileOrFail(
-      profileInput.id,
-      {
-        relations: {
-          references: true,
-          tagsets: true,
+    const profile = await this.profileService.getProfileOrFail(profileID, {
+      loadEagerRelations: false,
+      relations: {
+        authorization: true,
+        references: { authorization: true },
+        tagsets: { authorization: true },
+        visuals: { authorization: true },
+        storageBucket: {
           authorization: true,
-          visuals: true,
-          storageBucket: {
-            documents: {
-              tagset: true,
+          documents: {
+            authorization: true,
+            tagset: { authorization: true },
+          },
+        },
+      },
+      select: {
+        id: true,
+        authorization:
+          this.authorizationPolicyService.authorizationSelectOptions,
+        references: {
+          id: true,
+          authorization:
+            this.authorizationPolicyService.authorizationSelectOptions,
+        },
+        tagsets: {
+          id: true,
+          authorization:
+            this.authorizationPolicyService.authorizationSelectOptions,
+        },
+        visuals: {
+          id: true,
+          authorization:
+            this.authorizationPolicyService.authorizationSelectOptions,
+        },
+        storageBucket: {
+          id: true,
+          authorization:
+            this.authorizationPolicyService.authorizationSelectOptions,
+          documents: {
+            id: true,
+            authorization:
+              this.authorizationPolicyService.authorizationSelectOptions,
+            tagset: {
+              id: true,
+              authorization:
+                this.authorizationPolicyService.authorizationSelectOptions,
             },
           },
         },
-      }
-    );
+      },
+    });
     if (
       !profile.references ||
       !profile.tagsets ||
@@ -45,7 +79,7 @@ export class ProfileAuthorizationService {
       !profile.storageBucket
     ) {
       throw new RelationshipNotFoundException(
-        `Unable to load Profile with entities at start of auth reset: ${profileInput.id} `,
+        `Unable to load Profile with entities at start of auth reset: ${profileID} `,
         LogContext.ACCOUNT
       );
     }

src/domain/common/whiteboard/whiteboard.service.authorization.ts

@@ -26,35 +26,37 @@ export class WhiteboardAuthorizationService {
   ) {}
 
   async applyAuthorizationPolicy(
-    whiteboard: IWhiteboard,
+    whiteboardWithProfile: IWhiteboard,
     parentAuthorization: IAuthorizationPolicy | undefined
   ): Promise<IAuthorizationPolicy[]> {
-    if (!whiteboard.profile) {
+    if (!whiteboardWithProfile.profile) {
       throw new RelationshipNotFoundException(
-        `Unable to load entities on whiteboard reset auth:  ${whiteboard.id} `,
+        `Unable to load entities on whiteboard reset auth:  ${whiteboardWithProfile.id} `,
         LogContext.COLLABORATION
       );
     }
     const updatedAuthorizations: IAuthorizationPolicy[] = [];
-    whiteboard.authorization =
+    whiteboardWithProfile.authorization =
       this.authorizationPolicyService.inheritParentAuthorization(
-        whiteboard.authorization,
+        whiteboardWithProfile.authorization,
         parentAuthorization
       );
 
-    whiteboard.authorization = this.appendCredentialRules(whiteboard);
-    whiteboard.authorization = this.appendPrivilegeRules(
-      whiteboard.authorization,
-      whiteboard
+    whiteboardWithProfile.authorization = this.appendCredentialRules(
+      whiteboardWithProfile
     );
-    updatedAuthorizations.push(whiteboard.authorization);
+    whiteboardWithProfile.authorization = this.appendPrivilegeRules(
+      whiteboardWithProfile.authorization,
+      whiteboardWithProfile
+    );
+    updatedAuthorizations.push(whiteboardWithProfile.authorization);
 
-    const profileAuthoriations =
+    const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        whiteboard.profile,
-        whiteboard.authorization
+        whiteboardWithProfile.profile.id,
+        whiteboardWithProfile.authorization
       );
-    updatedAuthorizations.push(...profileAuthoriations);
+    updatedAuthorizations.push(...profileAuthorizations);
 
     return updatedAuthorizations;
   }

src/domain/community/community-guidelines/community.guidelines.service.authorization.ts

@@ -32,7 +32,7 @@ export class CommunityGuidelinesAuthorizationService {
 
     const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        communityGuidelines.profile,
+        communityGuidelines.profile.id,
         communityGuidelines.authorization
       );
     updatedAuthorizations.push(...profileAuthorizations);

src/domain/community/organization/organization.service.authorization.ts

@@ -98,7 +98,7 @@ export class OrganizationAuthorizationService {
     clonedOrganizationAuthorizationAnonymousAccess.anonymousReadAccess = true;
     const profileAuthorizations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        organization.profile,
+        organization.profile.id,
         clonedOrganizationAuthorizationAnonymousAccess
       );
     updatedAuthorizations.push(...profileAuthorizations);

src/domain/community/user-group/user-group.service.authorization.ts

@@ -46,7 +46,7 @@ export class UserGroupAuthorizationService {
 
     const profileAuthoriations =
       await this.profileAuthorizationService.applyAuthorizationPolicy(
-        userGroup.profile,
+        userGroup.profile.id,
         userGroup.authorization
       );
     updatedAuthorizations.push(...profileAuthoriations);

src/domain/community/user/user.resolver.mutations.ts

@@ -131,6 +131,7 @@ export class UserResolverMutations {
     const updatedAuthorizations =
       await this.userAuthorizationService.applyAuthorizationPolicy(user);
     await this.authorizationPolicyService.saveAll(updatedAuthorizations);
+
     return await this.userService.getUserOrFail(user.id);
   }