Skip to content

Faster GitLab authz

Warren Gifford requested to merge bl/faster-gl-authz into master

Created by: beyang

Fixes https://github.com/sourcegraph/sourcegraph/issues/2007

The first commit makes the actual change. Subsequent commits update unit tests.

This makes GitLab permissions fetching use the same general strategy as we use for GitHub. GitLab has 3 levels of project (a GitLab project is analogous to a GitHub repo): public, internal, and private. Public projects are accessible to anyone, including unauthenticated requests. Internal projs are accessible to any authenticated user. Private projs are subject to permissions. We cache the following pieces of information:

  • Which projs are public
  • Which projs are internal
  • For each user, a list of private projs that the user has access to (not just "Guest"-level access, but can actually read the repository contents)

This results in much better performance, because we don't have to block on fetching a user's entire list of accessible projects. Instead, we make at most 2 API requests for each project being accessed, the first to determine if the project is public/internal (GetProject), the second to determine if a private project is accessible to the current user (ListTree).

Merge request reports

Loading