mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
817eeff19f
In many places throughout the portal codebase, we called a function "update_dynamic_group_memberships/1" which recomputed all of the dynamic/managed memberships for a particular account, and reapplied them to each affected group. Since the `has_many :memberships` relationship used `on_replace: :delete`, this caused Ecto to delete _all_ the `Everyone` group memberships, and reinsert them on each sync. Since each membership change triggers a policy re-evaluation for all policies to the affected actor (`Policies.broadcast_access_events_for/3`), this in effect was causing a massive amount of queries to be triggered upon each sync job as each membership deletion and insertion triggered a lookup for all resources available to that particular actor. To fix this, we introduce the following changes: - Remove `dynamic` group type. This will never be used as it will create an immense amount of complexity for any organization trying to manage groups this way - Refactor `update_dynamic_group_memberships/1` to use a smarter query that first gathers all the _needed_ changes and applies them within a transaction using Ecto.Multi. Previously all memberships would be rolled over unconditionally due to the `on_replace: :delete` option on the relationship. Note that the option is still there, but we generally don't set memberships on groups any longer unless editing the affected group directly, where the everyone group doesn't apply. Resolves: #8407 Resolves: #8408 Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>