Materialize project hierarchies in separate table

nscuro · nscuro · commit b7e4bca2a446 · 2025-03-09T22:16:05.000+01:00
Signed-off-by: nscuro &lt;nscuro@protonmail.com&gt;
diff --git a/src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java b/src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java
@@ -95,71 +95,6 @@ public List<Policy> getAllPolicies() {
         return query.executeList();
     }
 
-    /**
-     * Fetch all {@link Policy}s that are applicable to a given {@link Project}.
-     *
-     * @param project The {@link Project} to fetch {@link Policy}s for
-     * @return A {@link List} of {@link Policy}s.
-     * @since 5.0.0
-     */
-    public List<Policy> getApplicablePolicies(final Project project) {
-        var filter = """
-                (this.projects.isEmpty() && this.tags.isEmpty())
-                    || (this.projects.contains(:project)
-                """;
-        var params = new HashMap<String, Object>();
-        params.put("project", project);
-
-        // To compensate for missing support for recursion of Common Table Expressions (CTEs)
-        // in JDO, we have to fetch the UUIDs of all parent projects upfront. Otherwise, we'll
-        // not be able to evaluate whether the policy is inherited from parent projects.
-        var variables = "";
-        final List<UUID> parentUuids = getParents(project);
-        if (!parentUuids.isEmpty()) {
-            filter += """
-                    || (this.includeChildren
-                        && this.projects.contains(parentVar)
-                        && :parentUuids.contains(parentVar.uuid))
-                    """;
-            variables += "org.dependencytrack.model.Project parentVar";
-            params.put("parentUuids", parentUuids);
-        }
-        filter += ")";
-
-        // DataNucleus generates an invalid SQL query when using the idiomatic solution.
-        // The following works, but it's ugly and likely doesn't perform well if the project
-        // has many tags. Worth trying the idiomatic way again once DN has been updated to > 6.0.4.
-        //
-        // filter += "m|| (this.tags.contains(commonTag) && :project.tags.contains(commonTag))";
-        // variables += "org.dependencytrack.model.Tag commonTag";
-        if (project.getTags() != null && !project.getTags().isEmpty()) {
-            filter += " || (";
-            for (int i = 0; i < project.getTags().size(); i++) {
-                filter += "this.tags.contains(:tag" + i + ")";
-                params.put("tag" + i, project.getTags().get(i));
-                if (i < (project.getTags().size() - 1)) {
-                    filter += " || ";
-                }
-            }
-            filter += ")";
-        }
-
-        final List<Policy> policies;
-        final Query<Policy> query = pm.newQuery(Policy.class);
-        try {
-            query.setFilter(filter);
-            query.setNamedParameters(params);
-            if (!variables.isEmpty()) {
-                query.declareVariables(variables);
-            }
-            policies = List.copyOf(query.executeList());
-        } finally {
-            query.closeAll();
-        }
-
-        return policies;
-    }
-
     /**
      * Returns a policy by it's name.
      * @param name the name of the policy (required)
diff --git a/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java b/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java
@@ -1242,37 +1242,6 @@ public PaginatedResult getProjectsWithoutDescendantsOf(final String name, final
         return result;
     }
 
-    /**
-     * Fetch the {@link UUID}s of all parents of a given {@link Project}.
-     *
-     * @param project The {@link Project} to fetch the parent {@link UUID}s for
-     * @return A {@link List} of {@link UUID}s
-     */
-    @Override
-    public List<UUID> getParents(final Project project) {
-        return getParents(project.getUuid(), new ArrayList<>());
-    }
-
-    private List<UUID> getParents(final UUID uuid, final List<UUID> parents) {
-        final UUID parentUuid;
-        final Query<Project> query = pm.newQuery(Project.class);
-        try {
-            query.setFilter("uuid == :uuid && parent != null");
-            query.setParameters(uuid);
-            query.setResult("parent.uuid");
-            parentUuid = query.executeResultUnique(UUID.class);
-        } finally {
-            query.closeAll();
-        }
-
-        if (parentUuid == null) {
-            return parents;
-        }
-
-        parents.add(parentUuid);
-        return getParents(parentUuid, parents);
-    }
-
     /**
      * Check whether a {@link Project} with a given {@code name} and {@code version} exists.
      *
@@ -1307,30 +1276,43 @@ public boolean doesProjectExist(final String name, final String version) {
         }
     }
 
-    private static boolean isChildOf(Project project, UUID uuid) {
-        boolean isChild = false;
-        if (project.getParent() != null) {
-            if (project.getParent().getUuid().equals(uuid)) {
-                return true;
-            } else {
-                isChild = isChildOf(project.getParent(), uuid);
-            }
+    private boolean isChildOf(Project project, UUID uuid) {
+        final Query<?> query = pm.newQuery(Query.SQL, /* language=SQL */ """
+                SELECT EXISTS(
+                  SELECT 1
+                    FROM "PROJECT_HIERARCHY"
+                   WHERE "PARENT_PROJECT_ID" = (SELECT "ID" FROM "PROJECT" WHERE "UUID" = ?)
+                     AND "CHILD_PROJECT_ID" = ?
+                )
+                """);
+        query.setParameters(uuid, project.getId());
+        try {
+            return (boolean) query.executeUnique();
+        } finally {
+            query.closeAll();
         }
-        return isChild;
     }
 
-    private static boolean hasActiveChild(Project project) {
-        boolean hasActiveChild = false;
-        if (project.getChildren() != null) {
-            for (Project child : project.getChildren()) {
-                if (child.isActive() || hasActiveChild) {
-                    return true;
-                } else {
-                    hasActiveChild = hasActiveChild(child);
-                }
-            }
+    private boolean hasActiveChild(Project project) {
+        final Query<?> query = pm.newQuery(Query.SQL, /* language=SQL */ """
+                SELECT EXISTS(
+                  SELECT 1
+                    FROM "PROJECT" AS "PARENT_PROJECT"
+                   INNER JOIN "PROJECT_HIERARCHY"
+                      ON "PROJECT_HIERARCHY"."PARENT_PROJECT_ID" = "PARENT_PROJECT"."ID"
+                   INNER JOIN "PROJECT" AS "CHILD_PROJECT"
+                      ON "CHILD_PROJECT"."ID" = "PROJECT_HIERARCHY"."CHILD_PROJECT_ID"
+                   WHERE "PARENT_PROJECT"."ID" = ?
+                     AND "CHILD_PROJECT"."INACTIVE_SINCE" IS NULL
+                     AND "PROJECT_HIERARCHY"."DEPTH" > 0
+                )
+                """);
+        query.setParameters(project.getId());
+        try {
+            return (boolean) query.executeUnique();
+        } finally {
+            query.closeAll();
         }
-        return hasActiveChild;
     }
 
     private List<ProjectVersion> getProjectVersions(Project project) {
diff --git a/src/main/java/org/dependencytrack/persistence/QueryManager.java b/src/main/java/org/dependencytrack/persistence/QueryManager.java
@@ -566,10 +566,6 @@ public PaginatedResult getProjectsWithoutDescendantsOf(final String name, final
         return getProjectQueryManager().getProjectsWithoutDescendantsOf(name, excludeInactive, project);
     }
 
-    public List<UUID> getParents(final Project project) {
-        return getProjectQueryManager().getParents(project);
-    }
-
     public boolean hasAccess(final Principal principal, final Project project) {
         return getProjectQueryManager().hasAccess(principal, project);
     }
@@ -781,10 +777,6 @@ public List<Policy> getAllPolicies() {
         return getPolicyQueryManager().getAllPolicies();
     }
 
-    public List<Policy> getApplicablePolicies(final Project project) {
-        return getPolicyQueryManager().getApplicablePolicies(project);
-    }
-
     public Policy getPolicy(final String name) {
         return getPolicyQueryManager().getPolicy(name);
     }
diff --git a/src/main/resources/migration/changelog-v5.6.0.xml b/src/main/resources/migration/changelog-v5.6.0.xml
@@ -636,4 +636,125 @@
                                  onDelete="CASCADE" onUpdate="NO ACTION" referencedColumnNames="ID"
                                  referencedTableName="WORKFLOW_STATE" validate="true"/>
     </changeSet>
+
+    <changeSet id="v5.6.0-13" author="nscuro">
+        <createTable tableName="PROJECT_HIERARCHY">
+            <column name="PARENT_PROJECT_ID" type="BIGINT"/>
+            <column name="CHILD_PROJECT_ID" type="BIGINT"/>
+            <column name="DEPTH" type="SMALLINT">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+
+        <addPrimaryKey
+                tableName="PROJECT_HIERARCHY"
+                columnNames="PARENT_PROJECT_ID, CHILD_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_PK"/>
+        <addForeignKeyConstraint
+                baseTableName="PROJECT_HIERARCHY"
+                baseColumnNames="PARENT_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_PARENT_PROJECT_FK"
+                referencedTableName="PROJECT"
+                referencedColumnNames="ID"
+                deferrable="true"
+                initiallyDeferred="true"/>
+        <addForeignKeyConstraint
+                baseTableName="PROJECT_HIERARCHY"
+                baseColumnNames="CHILD_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_CHILD_PROJECT_FK"
+                referencedTableName="PROJECT"
+                referencedColumnNames="ID"
+                deferrable="true"
+                initiallyDeferred="true"/>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_insert()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              VALUES(NEW."ID", NEW."ID", 0);
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              SELECT "PARENT_PROJECT_ID", NEW."ID", "DEPTH" + 1
+                FROM "PROJECT_HIERARCHY"
+               WHERE "CHILD_PROJECT_ID" = NEW."PARENT_PROJECT_ID";
+
+              RETURN NEW;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_update()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              DELETE FROM "PROJECT_HIERARCHY" WHERE "CHILD_PROJECT_ID" = old."ID";
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              VALUES (NEW."ID", NEW."ID", 0);
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              SELECT "PARENT_PROJECT_ID", NEW."ID", "DEPTH" + 1
+                FROM "PROJECT_HIERARCHY"
+               WHERE "CHILD_PROJECT_ID" = NEW."PARENT_PROJECT_ID";
+
+              RETURN NEW;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_delete()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              DELETE FROM "PROJECT_HIERARCHY"
+               WHERE "PARENT_PROJECT_ID" IN (SELECT "ID" FROM old_table)
+                  OR "CHILD_PROJECT_ID" IN (SELECT "ID" FROM old_table);
+
+              RETURN NULL;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="true">
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_insert
+              AFTER INSERT ON "PROJECT"
+              FOR EACH ROW
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_insert();
+
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_update
+              AFTER UPDATE OF "PARENT_PROJECT_ID" ON "PROJECT"
+              FOR EACH ROW
+              WHEN (OLD."PARENT_PROJECT_ID" IS DISTINCT FROM NEW."PARENT_PROJECT_ID")
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_update();
+
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_delete
+              AFTER DELETE ON "PROJECT"
+              REFERENCING OLD TABLE AS old_table
+              FOR EACH STATEMENT
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_delete();
+        </sql>
+
+        <sql splitStatements="true">
+            INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+            SELECT "ID", "ID", 0 FROM "PROJECT";
+
+            WITH RECURSIVE cte_project_hierarchy AS (
+              SELECT "ID" AS child_id
+                   , "PARENT_PROJECT_ID" AS parent_id
+                   , 1 AS depth
+                FROM "PROJECT"
+               UNION ALL
+              SELECT child_id
+                   , "PARENT_PROJECT_ID" AS parent_id
+                   , depth + 1 AS depth
+                FROM cte_project_hierarchy
+               INNER JOIN "PROJECT"
+                  ON "PROJECT"."ID" = cte_project_hierarchy.parent_id
+               WHERE "PROJECT"."PARENT_PROJECT_ID" IS NOT NULL
+            )
+            INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+            SELECT parent_id, child_id, depth FROM cte_project_hierarchy;
+        </sql>
+    </changeSet>
 </databaseChangeLog>
diff --git a/src/main/resources/migration/procedures/function_has-project-access.sql b/src/main/resources/migration/procedures/function_has-project-access.sql
@@ -7,23 +7,12 @@ create or replace function has_project_access(
   stable
 as
 $$
-with recursive project_hierarchy(id, parent_id) as(
-  select "ID" as id
-       , "PARENT_PROJECT_ID" as parent_id
-    from "PROJECT"
-   where "ID" = project_id
-   union all
-  select "PROJECT"."ID" as id
-       , "PROJECT"."PARENT_PROJECT_ID" as parent_id
-    from "PROJECT"
-   inner join project_hierarchy
-      on project_hierarchy.parent_id = "PROJECT"."ID"
-)
 select exists(
   select 1
-    from project_hierarchy
-   inner join "PROJECT_ACCESS_TEAMS"
-      on "PROJECT_ACCESS_TEAMS"."PROJECT_ID" = project_hierarchy.id
+    from "PROJECT_ACCESS_TEAMS"
+   inner join "PROJECT_HIERARCHY"
+      on "PROJECT_HIERARCHY"."PARENT_PROJECT_ID" = "PROJECT_ACCESS_TEAMS"."PROJECT_ID"
    where "PROJECT_ACCESS_TEAMS"."TEAM_ID" = any(team_ids)
+     and "PROJECT_HIERARCHY"."CHILD_PROJECT_ID" = project_id
 )
 $$;
diff --git a/src/test/java/org/dependencytrack/persistence/PolicyQueryManagerTest.java b/src/test/java/org/dependencytrack/persistence/PolicyQueryManagerTest.java
diff --git a/src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java

Original file line number	Diff line number	Diff line change
`@@ -566,10 +566,6 @@ public PaginatedResult getProjectsWithoutDescendantsOf(final String name, final`
`566`	`566`	`return getProjectQueryManager().getProjectsWithoutDescendantsOf(name, excludeInactive, project);`
`567`	`567`	`}`
`568`	`568`
`569`		`- public List<UUID> getParents(final Project project) {`
`570`		`- return getProjectQueryManager().getParents(project);`
`571`		`- }`
`572`		`-`
`573`	`569`	`public boolean hasAccess(final Principal principal, final Project project) {`
`574`	`570`	`return getProjectQueryManager().hasAccess(principal, project);`
`575`	`571`	`}`
`@@ -781,10 +777,6 @@ public List<Policy> getAllPolicies() {`
`781`	`777`	`return getPolicyQueryManager().getAllPolicies();`
`782`	`778`	`}`
`783`	`779`
`784`		`- public List<Policy> getApplicablePolicies(final Project project) {`
`785`		`- return getPolicyQueryManager().getApplicablePolicies(project);`
`786`		`- }`
`787`		`-`
`788`	`780`	`public Policy getPolicy(final String name) {`
`789`	`781`	`return getPolicyQueryManager().getPolicy(name);`
`790`	`782`	`}`