Commit d3b84962 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Improve performance bar permission checks

Checks the cookie first because it is a cheaper check. This also renames
enabled_for_user? to allowed_for_user? since that is more accurate.
parent f4337bc9
......@@ -20,12 +20,12 @@ module WithPerformanceBar
end
def cookie_or_default_value
return false unless Gitlab::PerformanceBar.enabled_for_user?(current_user)
if cookies[:perf_bar_enabled].present?
cookie_enabled = if cookies[:perf_bar_enabled].present?
cookies[:perf_bar_enabled] == 'true'
else
cookies[:perf_bar_enabled] = 'true' if Rails.env.development?
end
cookie_enabled && Gitlab::PerformanceBar.allowed_for_user?(current_user)
end
end
......@@ -4,17 +4,17 @@ module API
module Helpers
module PerformanceBarHelpers
def set_peek_enabled_for_current_request
Gitlab::SafeRequestStore.fetch(:peek_enabled) { perf_bar_cookie_enabled? && perf_bar_enabled_for_user? }
Gitlab::SafeRequestStore.fetch(:peek_enabled) { perf_bar_cookie_enabled? && perf_bar_allowed_for_user? }
end
def perf_bar_cookie_enabled?
cookies[:perf_bar_enabled] == 'true'
end
def perf_bar_enabled_for_user?
def perf_bar_allowed_for_user?
# We cannot use `current_user` here because that method raises an exception when the user
# is unauthorized and some API endpoints require that `current_user` is not called.
Gitlab::PerformanceBar.enabled_for_user?(find_user_from_sources)
Gitlab::PerformanceBar.allowed_for_user?(find_user_from_sources)
end
end
end
......
......@@ -10,7 +10,7 @@ module Gitlab
Gitlab::SafeRequestStore[:peek_enabled]
end
def self.enabled_for_user?(user = nil)
def self.allowed_for_user?(user = nil)
return true if Rails.env.development?
return true if user&.admin?
return false unless user && allowed_group_id
......
......@@ -6,7 +6,7 @@ RSpec.describe Gitlab::PerformanceBar do
it { expect(described_class.l1_cache_backend).to eq(Gitlab::ProcessMemoryCache.cache_backend) }
it { expect(described_class.l2_cache_backend).to eq(Rails.cache) }
describe '.enabled_for_user?' do
describe '.allowed_for_user?' do
let(:user) { create(:user) }
before do
......@@ -14,24 +14,24 @@ RSpec.describe Gitlab::PerformanceBar do
end
it 'returns false when given user is nil' do
expect(described_class.enabled_for_user?(nil)).to be_falsy
expect(described_class.allowed_for_user?(nil)).to be_falsy
end
it 'returns true when given user is an admin' do
user = build_stubbed(:user, :admin)
expect(described_class.enabled_for_user?(user)).to be_truthy
expect(described_class.allowed_for_user?(user)).to be_truthy
end
it 'returns false when allowed_group_id is nil' do
expect(described_class).to receive(:allowed_group_id).and_return(nil)
expect(described_class.enabled_for_user?(user)).to be_falsy
expect(described_class.allowed_for_user?(user)).to be_falsy
end
context 'when allowed group ID does not exist' do
it 'returns false' do
expect(described_class.enabled_for_user?(user)).to be_falsy
expect(described_class.allowed_for_user?(user)).to be_falsy
end
end
......@@ -44,15 +44,15 @@ RSpec.describe Gitlab::PerformanceBar do
context 'when user is not a member of the allowed group' do
it 'returns false' do
expect(described_class.enabled_for_user?(user)).to be_falsy
expect(described_class.allowed_for_user?(user)).to be_falsy
end
context 'caching of allowed user IDs' do
subject { described_class.enabled_for_user?(user) }
subject { described_class.allowed_for_user?(user) }
before do
# Warm the caches
described_class.enabled_for_user?(user)
described_class.allowed_for_user?(user)
end
it_behaves_like 'allowed user IDs are cached'
......@@ -65,15 +65,15 @@ RSpec.describe Gitlab::PerformanceBar do
end
it 'returns true' do
expect(described_class.enabled_for_user?(user)).to be_truthy
expect(described_class.allowed_for_user?(user)).to be_truthy
end
context 'caching of allowed user IDs' do
subject { described_class.enabled_for_user?(user) }
subject { described_class.allowed_for_user?(user) }
before do
# Warm the caches
described_class.enabled_for_user?(user)
described_class.allowed_for_user?(user)
end
it_behaves_like 'allowed user IDs are cached'
......@@ -91,7 +91,7 @@ RSpec.describe Gitlab::PerformanceBar do
end
it 'returns the nested group' do
expect(described_class.enabled_for_user?(user)).to be_truthy
expect(described_class.allowed_for_user?(user)).to be_truthy
end
end
......@@ -101,7 +101,7 @@ RSpec.describe Gitlab::PerformanceBar do
end
it 'returns false' do
expect(described_class.enabled_for_user?(user)).to be_falsy
expect(described_class.allowed_for_user?(user)).to be_falsy
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment