Cells: Fix cross joins in security/fetch_policy_approvers_service
Fix the cross joins in these files:
-
ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb:60:
Refer to the epic for more information about this. Feel free to:
- Copy the epic description to this issue to helper the reviewers understand the problem.
Split this issue into different issues in case it was so much effort to- Ask for help and hints on #tenant-scale on how to fix cross joins
Implementation plan
We can probably solve this by using container.authorizable_members_with_parents.pluck(:user_id)
and then fetching the users in a different query.
diff --git a/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb b/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
index 28b6689f40e0..40aa13b6596a 100644
--- a/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/fetch_policy_approvers_service.rb
@@ -50,17 +50,8 @@ def user_approvers(action)
# rubocop: disable CodeReuse/ActiveRecord
def authorizable_users_in_group_hierarchy_by_ids_or_usernames(user_ids, user_names)
- User
- .by_ids_or_usernames(user_ids, user_names)
- .where(
- container
- .authorizable_members_with_parents
- .merge(Member.where(Member.arel_table[:user_id].eq(User.arel_table[:id])), rewhere: true)
- .select(1)
- .arel
- .exists
- )
- .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417460")
+ User.by_ids_or_usernames(user_ids, user_names)
+ .where(id: container.authorizable_members_with_parents.pluck(:user_id))
end
# rubocop: enable CodeReuse/ActiveRecord
Edited by Andy Schoenen