Always use the finders in Value Stream Analytics
What does this MR do?
This MR alters the base query for Value Stream Analytics (aka CycleAnalytics) filter to use the standard Issuable finders (IssuesFinder
and MergeRequestsFinder
).
Reasoning:
VSA provides several endpoints (2 main endpoints). Each endpoint uses the same base query:
- Return a median value (left side, not using finders, just the base query)
- Relevant records (right side, merges the finder query to enforce permission on current user).
Page: https://gitlab.com/gitlab-org/gitlab/-/value_stream_analytics
To apply additional filtering on the queries later (#217973 (closed)), it would make sense to use the standard finders everywhere so we can reuse functionality.
Queries:
I'm not including all queries since the base is pretty much the same. There is a small overhead compared to the previous queries where we didn't enforce permission.
Old:
SELECT EXTRACT(EPOCH
FROM percentile_cont(0.5) WITHIN GROUP(
ORDER BY "merge_requests"."created_at" - "issue_metrics"."first_mentioned_in_commit_at")) AS median
FROM "merge_requests"
INNER JOIN "projects" ON "projects"."id" = "merge_requests"."target_project_id"
INNER JOIN "merge_requests_closing_issues" ON "merge_requests_closing_issues"."merge_request_id" = "merge_requests"."id"
LEFT JOIN project_features ON projects.id = project_features.project_id
INNER JOIN "issue_metrics" ON "merge_requests_closing_issues"."issue_id" = "issue_metrics"."issue_id"
WHERE "projects"."namespace_id" IN
(WITH RECURSIVE "base_and_descendants" AS (
(SELECT "namespaces".*
FROM "namespaces"
WHERE "namespaces"."type" = 'Group'
AND "namespaces"."id" = 9970)
UNION
(SELECT "namespaces".*
FROM "namespaces",
"base_and_descendants"
WHERE "namespaces"."type" = 'Group'
AND "namespaces"."parent_id" = "base_and_descendants"."id")) SELECT "namespaces"."id"
FROM "base_and_descendants" AS "namespaces")
AND "merge_requests"."created_at" <= '2020-05-27 23:59:59.999999'
AND "merge_requests"."created_at" >= '2020-03-28 00:00:00'
AND "merge_requests"."created_at" >= "issue_metrics"."first_mentioned_in_commit_at";
New:
SELECT EXTRACT(EPOCH
FROM percentile_cont(0.5) WITHIN GROUP(
ORDER BY "merge_requests"."created_at" - "issue_metrics"."first_mentioned_in_commit_at")) AS median
FROM "merge_requests"
INNER JOIN "projects" ON "projects"."id" = "merge_requests"."target_project_id"
INNER JOIN "merge_requests_closing_issues" ON "merge_requests_closing_issues"."merge_request_id" = "merge_requests"."id"
LEFT JOIN project_features ON projects.id = project_features.project_id
INNER JOIN "issue_metrics" ON "merge_requests_closing_issues"."issue_id" = "issue_metrics"."issue_id"
WHERE "projects"."namespace_id" IN
(WITH RECURSIVE "base_and_descendants" AS (
(SELECT "namespaces".*
FROM "namespaces"
WHERE "namespaces"."type" = 'Group'
AND "namespaces"."id" = 9970)
UNION
(SELECT "namespaces".*
FROM "namespaces",
"base_and_descendants"
WHERE "namespaces"."type" = 'Group'
AND "namespaces"."parent_id" = "base_and_descendants"."id")) SELECT "namespaces"."id"
FROM "base_and_descendants" AS "namespaces")
AND (EXISTS
(SELECT 1
FROM "project_authorizations"
WHERE "project_authorizations"."user_id" = 4156052
AND (project_authorizations.project_id = projects.id)
AND (project_authorizations.access_level >= 20))
OR projects.visibility_level IN (10,
20))
AND ("project_features"."merge_requests_access_level" IS NULL
OR "project_features"."merge_requests_access_level" IN (20,
30)
OR ("project_features"."merge_requests_access_level" = 10
AND EXISTS
(SELECT 1
FROM "project_authorizations"
WHERE "project_authorizations"."user_id" = 4156052
AND (project_authorizations.project_id = projects.id)
AND (project_authorizations.access_level >= 20))))
AND "merge_requests"."created_at" <= '2020-05-27 23:59:59.999999'
AND "merge_requests"."created_at" >= '2020-03-28 00:00:00'
AND "merge_requests"."created_at" >= "issue_metrics"."first_mentioned_in_commit_at";
Screenshots
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related #217973 (closed) Related #219126 (closed)