Improve performance bar permission checks

Checks the cookie first because it is a cheaper check. This also renames enabled_for_user? to allowed_for_user? since that is more accurate.

Improve performance bar permission checks
Checks the cookie first because it is a cheaper check. This also renames enabled_for_user? to allowed_for_user? since that is more accurate.
d3b84962 · Heinrich Lee Yu · f4337bc9 · d3b84962 · d3b84962 · d3b84962
Commit d3b84962 authored Apr 25, 2021 by Heinrich Lee Yu
4 changed files
--- a/app/controllers/concerns/with_performance_bar.rb
+++ b/app/controllers/concerns/with_performance_bar.rb
@@ -20,12 +20,12 @@ module WithPerformanceBar
  end

  def cookie_or_default_value
-    return false unless Gitlab::PerformanceBar.enabled_for_user?(current_user)
+    cookie_enabled = if cookies[:perf_bar_enabled].present?
+                       cookies[:perf_bar_enabled] == 'true'
+                     else
+                       cookies[:perf_bar_enabled] = 'true' if Rails.env.development?
+                     end

-    if cookies[:perf_bar_enabled].present?
-      cookies[:perf_bar_enabled] == 'true'
-    else
-      cookies[:perf_bar_enabled] = 'true' if Rails.env.development?
-    end
+    cookie_enabled && Gitlab::PerformanceBar.allowed_for_user?(current_user)
  end
 end
--- a/lib/api/helpers/performance_bar_helpers.rb
+++ b/lib/api/helpers/performance_bar_helpers.rb
@@ -4,17 +4,17 @@ module API
  module Helpers
    module PerformanceBarHelpers
      def set_peek_enabled_for_current_request
-        Gitlab::SafeRequestStore.fetch(:peek_enabled) { perf_bar_cookie_enabled? && perf_bar_enabled_for_user? }
+        Gitlab::SafeRequestStore.fetch(:peek_enabled) { perf_bar_cookie_enabled? && perf_bar_allowed_for_user? }
      end

      def perf_bar_cookie_enabled?
        cookies[:perf_bar_enabled] == 'true'
      end

-      def perf_bar_enabled_for_user?
+      def perf_bar_allowed_for_user?
        # We cannot use `current_user` here because that method raises an exception when the user
        # is unauthorized and some API endpoints require that `current_user` is not called.
-        Gitlab::PerformanceBar.enabled_for_user?(find_user_from_sources)
+        Gitlab::PerformanceBar.allowed_for_user?(find_user_from_sources)
      end
    end
  end

--- a/lib/gitlab/performance_bar.rb
+++ b/lib/gitlab/performance_bar.rb
@@ -10,7 +10,7 @@ module Gitlab
      Gitlab::SafeRequestStore[:peek_enabled]
    end

-    def self.enabled_for_user?(user = nil)
+    def self.allowed_for_user?(user = nil)
      return true if Rails.env.development?
      return true if user&.admin?
      return false unless user && allowed_group_id

--- a/spec/lib/gitlab/performance_bar_spec.rb
+++ b/spec/lib/gitlab/performance_bar_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe Gitlab::PerformanceBar do
  it { expect(described_class.l1_cache_backend).to eq(Gitlab::ProcessMemoryCache.cache_backend) }
  it { expect(described_class.l2_cache_backend).to eq(Rails.cache) }

-  describe '.enabled_for_user?' do
+  describe '.allowed_for_user?' do
    let(:user) { create(:user) }

    before do
@@ -14,24 +14,24 @@ RSpec.describe Gitlab::PerformanceBar do
    end

    it 'returns false when given user is nil' do
-      expect(described_class.enabled_for_user?(nil)).to be_falsy
+      expect(described_class.allowed_for_user?(nil)).to be_falsy
    end

    it 'returns true when given user is an admin' do
      user = build_stubbed(:user, :admin)

-      expect(described_class.enabled_for_user?(user)).to be_truthy
+      expect(described_class.allowed_for_user?(user)).to be_truthy
    end

    it 'returns false when allowed_group_id is nil' do
      expect(described_class).to receive(:allowed_group_id).and_return(nil)

-      expect(described_class.enabled_for_user?(user)).to be_falsy
+      expect(described_class.allowed_for_user?(user)).to be_falsy
    end

    context 'when allowed group ID does not exist' do
      it 'returns false' do
-        expect(described_class.enabled_for_user?(user)).to be_falsy
+        expect(described_class.allowed_for_user?(user)).to be_falsy
      end
    end

@@ -44,15 +44,15 @@ RSpec.describe Gitlab::PerformanceBar do

      context 'when user is not a member of the allowed group' do
        it 'returns false' do
-          expect(described_class.enabled_for_user?(user)).to be_falsy
+          expect(described_class.allowed_for_user?(user)).to be_falsy
        end

        context 'caching of allowed user IDs' do
-          subject { described_class.enabled_for_user?(user) }
+          subject { described_class.allowed_for_user?(user) }

          before do
            # Warm the caches
-            described_class.enabled_for_user?(user)
+            described_class.allowed_for_user?(user)
          end

          it_behaves_like 'allowed user IDs are cached'
@@ -65,15 +65,15 @@ RSpec.describe Gitlab::PerformanceBar do
        end

        it 'returns true' do
-          expect(described_class.enabled_for_user?(user)).to be_truthy
+          expect(described_class.allowed_for_user?(user)).to be_truthy
        end

        context 'caching of allowed user IDs' do
-          subject { described_class.enabled_for_user?(user) }
+          subject { described_class.allowed_for_user?(user) }

          before do
            # Warm the caches
-            described_class.enabled_for_user?(user)
+            described_class.allowed_for_user?(user)
          end

          it_behaves_like 'allowed user IDs are cached'
@@ -91,7 +91,7 @@ RSpec.describe Gitlab::PerformanceBar do
      end

      it 'returns the nested group' do
-        expect(described_class.enabled_for_user?(user)).to be_truthy
+        expect(described_class.allowed_for_user?(user)).to be_truthy
      end
    end

@@ -101,7 +101,7 @@ RSpec.describe Gitlab::PerformanceBar do
      end

      it 'returns false' do
-        expect(described_class.enabled_for_user?(user)).to be_falsy
+        expect(described_class.allowed_for_user?(user)).to be_falsy
      end
    end
  end