authz: use FilePermissionsFunc for batch path operations (!41434) · Merge requests · Administrator / sourcegraph

Administrator requested to merge plz.review/review/11272 into main Sep 07, 2022

Created by: keegancsmith

This introduces the use of FilePermissionsFunc in all places in authz were we check multiple paths for a repository. In particular FilterActorPaths and the helper canReadPaths. This doesn't help performance just yet since we haven't optimized FilePermissionsFunc, but in the next commit there should be a nice benchstat to ogle over.

Note: we now call actorSubRepoEnabled in FilterActorPaths. Previously this logic was done by the fact it was just a wrapper around ActorPermissions. But now we directly use the checker, so we need to introduce those actor checks here (they are already done by canReadPaths).

Additionally we add in metrics for these batch call sites, since FilePermissionsFunc will not record metrics. These metrics should be more useful and not be as large an overhead.

Test Plan: go test

Part of https://github.com/sourcegraph/sourcegraph/issues/41347

Stacked on https://github.com/sourcegraph/sourcegraph/pull/41433

plz-review-url: https://plz.review/review/11272

authz: use FilePermissionsFunc for batch path operations

Merge request reports