Skip to content

authz: Do not filter repo ids to cache in Bitbucket Server provider

Administrator requested to merge core/global-perms-caching-3 into master

Created by: tsenart

Up until now, the cached set of repository ids that a user is allowed to see was dependent on the kind of request first done when there was no cache (or it had expired). This commit changes the code so that we store all authorized repository ids in the cache, not only those that were to be verified when RepoPerms was called.

This bug would have resulted in false negatives (i.e. Sourcegraph refusing to show a repo to a user that is authorized to see it), but never in false positives.

Apart from those changes, this PR lays out the foundation to implement a GraphQL endpoint that can be called to update the permissions cache of a given user. The endpoint is not in this PR because there are still unknowns on how to reliably acquire the (dynamic) list of frontend instance addresses to call the endpoint on, concurrently.

Part of #4812

Merge request reports

Loading