Materialize project hierarchies in separate table

Signed-off-by: nscuro <nscuro@protonmail.com>

# Conflicts:
#	src/main/resources/migration/changelog-v5.6.0.xml
#	src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java

Author: nscuro

src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java

@@ -95,71 +95,6 @@ public List<Policy> getAllPolicies() {
         return query.executeList();
     }
 
-    /**
-     * Fetch all {@link Policy}s that are applicable to a given {@link Project}.
-     *
-     * @param project The {@link Project} to fetch {@link Policy}s for
-     * @return A {@link List} of {@link Policy}s.
-     * @since 5.0.0
-     */
-    public List<Policy> getApplicablePolicies(final Project project) {
-        var filter = """
-                (this.projects.isEmpty() && this.tags.isEmpty())
-                    || (this.projects.contains(:project)
-                """;
-        var params = new HashMap<String, Object>();
-        params.put("project", project);
-
-        // To compensate for missing support for recursion of Common Table Expressions (CTEs)
-        // in JDO, we have to fetch the UUIDs of all parent projects upfront. Otherwise, we'll
-        // not be able to evaluate whether the policy is inherited from parent projects.
-        var variables = "";
-        final List<UUID> parentUuids = getParents(project);
-        if (!parentUuids.isEmpty()) {
-            filter += """
-                    || (this.includeChildren
-                        && this.projects.contains(parentVar)
-                        && :parentUuids.contains(parentVar.uuid))
-                    """;
-            variables += "org.dependencytrack.model.Project parentVar";
-            params.put("parentUuids", parentUuids);
-        }
-        filter += ")";
-
-        // DataNucleus generates an invalid SQL query when using the idiomatic solution.
-        // The following works, but it's ugly and likely doesn't perform well if the project
-        // has many tags. Worth trying the idiomatic way again once DN has been updated to > 6.0.4.
-        //
-        // filter += "m|| (this.tags.contains(commonTag) && :project.tags.contains(commonTag))";
-        // variables += "org.dependencytrack.model.Tag commonTag";
-        if (project.getTags() != null && !project.getTags().isEmpty()) {
-            filter += " || (";
-            for (int i = 0; i < project.getTags().size(); i++) {
-                filter += "this.tags.contains(:tag" + i + ")";
-                params.put("tag" + i, project.getTags().get(i));
-                if (i < (project.getTags().size() - 1)) {
-                    filter += " || ";
-                }
-            }
-            filter += ")";
-        }
-
-        final List<Policy> policies;
-        final Query<Policy> query = pm.newQuery(Policy.class);
-        try {
-            query.setFilter(filter);
-            query.setNamedParameters(params);
-            if (!variables.isEmpty()) {
-                query.declareVariables(variables);
-            }
-            policies = List.copyOf(query.executeList());
-        } finally {
-            query.closeAll();
-        }
-
-        return policies;
-    }
-
     /**
      * Returns a policy by it's name.
      * @param name the name of the policy (required)

src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java

@@ -1253,37 +1253,6 @@ public PaginatedResult getProjectsWithoutDescendantsOf(final String name, final
         return result;
     }
 
-    /**
-     * Fetch the {@link UUID}s of all parents of a given {@link Project}.
-     *
-     * @param project The {@link Project} to fetch the parent {@link UUID}s for
-     * @return A {@link List} of {@link UUID}s
-     */
-    @Override
-    public List<UUID> getParents(final Project project) {
-        return getParents(project.getUuid(), new ArrayList<>());
-    }
-
-    private List<UUID> getParents(final UUID uuid, final List<UUID> parents) {
-        final UUID parentUuid;
-        final Query<Project> query = pm.newQuery(Project.class);
-        try {
-            query.setFilter("uuid == :uuid && parent != null");
-            query.setParameters(uuid);
-            query.setResult("parent.uuid");
-            parentUuid = query.executeResultUnique(UUID.class);
-        } finally {
-            query.closeAll();
-        }
-
-        if (parentUuid == null) {
-            return parents;
-        }
-
-        parents.add(parentUuid);
-        return getParents(parentUuid, parents);
-    }
-
     /**
      * Check whether a {@link Project} with a given {@code name} and {@code version} exists.
      *
@@ -1318,30 +1287,41 @@ public boolean doesProjectExist(final String name, final String version) {
         }
     }
 
-    private static boolean isChildOf(Project project, UUID uuid) {
-        boolean isChild = false;
-        if (project.getParent() != null) {
-            if (project.getParent().getUuid().equals(uuid)) {
-                return true;
-            } else {
-                isChild = isChildOf(project.getParent(), uuid);
-            }
+    private boolean isChildOf(Project project, UUID uuid) {
+        final Query<?> query = pm.newQuery(Query.SQL, /* language=SQL */ """
+                SELECT EXISTS (
+                  SELECT 1
+                    FROM "PROJECT_HIERARCHY"
+                   WHERE "PARENT_PROJECT_ID" = (SELECT "ID" FROM "PROJECT" WHERE "UUID" = ?)
+                     AND "CHILD_PROJECT_ID" = ?
+                )
+                """);
+        query.setParameters(uuid, project.getId());
+        try {
+            return (boolean) query.executeUnique();
+        } finally {
+            query.closeAll();
         }
-        return isChild;
     }
 
-    private static boolean hasActiveChild(Project project) {
-        boolean hasActiveChild = false;
-        if (project.getChildren() != null) {
-            for (Project child : project.getChildren()) {
-                if (child.isActive() || hasActiveChild) {
-                    return true;
-                } else {
-                    hasActiveChild = hasActiveChild(child);
-                }
-            }
+    private boolean hasActiveChild(Project project) {
+        final Query<?> query = pm.newQuery(Query.SQL, /* language=SQL */ """
+                SELECT EXISTS (
+                  SELECT 1
+                    FROM "PROJECT_HIERARCHY" AS hierarchy
+                   INNER JOIN "PROJECT" AS child_project
+                      ON child_project."ID" = hierarchy."CHILD_PROJECT_ID"
+                   WHERE hierarchy."PARENT_PROJECT_ID" = ?
+                     AND hierarchy."DEPTH" > 0
+                     AND child_project."INACTIVE_SINCE" IS NULL
+                )
+                """);
+        query.setParameters(project.getId());
+        try {
+            return (boolean) query.executeUnique();
+        } finally {
+            query.closeAll();
         }
-        return hasActiveChild;
     }
 
     private List<ProjectVersion> getProjectVersions(Project project) {

src/main/java/org/dependencytrack/persistence/QueryManager.java

@@ -567,10 +567,6 @@ public PaginatedResult getProjectsWithoutDescendantsOf(final String name, final
         return getProjectQueryManager().getProjectsWithoutDescendantsOf(name, excludeInactive, project);
     }
 
-    public List<UUID> getParents(final Project project) {
-        return getProjectQueryManager().getParents(project);
-    }
-
     public boolean hasAccess(final Principal principal, final Project project) {
         return getProjectQueryManager().hasAccess(principal, project);
     }
@@ -738,10 +734,6 @@ public List<Policy> getAllPolicies() {
         return getPolicyQueryManager().getAllPolicies();
     }
 
-    public List<Policy> getApplicablePolicies(final Project project) {
-        return getPolicyQueryManager().getApplicablePolicies(project);
-    }
-
     public Policy getPolicy(final String name) {
         return getPolicyQueryManager().getPolicy(name);
     }

src/main/resources/migration/changelog-v5.6.0.xml

@@ -702,4 +702,125 @@
                 columnNames="PROJECT_ID, TEAM_ID"
                 constraintName="PROJECT_ACCESS_TEAMS_PK"/>
     </changeSet>
+
+    <changeSet id="v5.6.0-15" author="nscuro">
+        <createTable tableName="PROJECT_HIERARCHY">
+            <column name="PARENT_PROJECT_ID" type="BIGINT"/>
+            <column name="CHILD_PROJECT_ID" type="BIGINT"/>
+            <column name="DEPTH" type="SMALLINT">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+
+        <addPrimaryKey
+                tableName="PROJECT_HIERARCHY"
+                columnNames="PARENT_PROJECT_ID, CHILD_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_PK"/>
+        <addForeignKeyConstraint
+                baseTableName="PROJECT_HIERARCHY"
+                baseColumnNames="PARENT_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_PARENT_PROJECT_FK"
+                referencedTableName="PROJECT"
+                referencedColumnNames="ID"
+                deferrable="true"
+                initiallyDeferred="true"/>
+        <addForeignKeyConstraint
+                baseTableName="PROJECT_HIERARCHY"
+                baseColumnNames="CHILD_PROJECT_ID"
+                constraintName="PROJECT_HIERARCHY_CHILD_PROJECT_FK"
+                referencedTableName="PROJECT"
+                referencedColumnNames="ID"
+                deferrable="true"
+                initiallyDeferred="true"/>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_insert()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              VALUES(NEW."ID", NEW."ID", 0);
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              SELECT "PARENT_PROJECT_ID", NEW."ID", "DEPTH" + 1
+                FROM "PROJECT_HIERARCHY"
+               WHERE "CHILD_PROJECT_ID" = NEW."PARENT_PROJECT_ID";
+
+              RETURN NEW;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_update()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              DELETE FROM "PROJECT_HIERARCHY" WHERE "CHILD_PROJECT_ID" = old."ID";
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              VALUES (NEW."ID", NEW."ID", 0);
+
+              INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+              SELECT "PARENT_PROJECT_ID", NEW."ID", "DEPTH" + 1
+                FROM "PROJECT_HIERARCHY"
+               WHERE "CHILD_PROJECT_ID" = NEW."PARENT_PROJECT_ID";
+
+              RETURN NEW;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="false">
+            CREATE FUNCTION project_hierarchy_maintenance_on_project_delete()
+            RETURNS TRIGGER AS $$
+            BEGIN
+              DELETE FROM "PROJECT_HIERARCHY"
+               WHERE "PARENT_PROJECT_ID" IN (SELECT "ID" FROM old_table)
+                  OR "CHILD_PROJECT_ID" IN (SELECT "ID" FROM old_table);
+
+              RETURN NULL;
+            END;
+            $$ LANGUAGE plpgsql;
+        </sql>
+
+        <sql splitStatements="true">
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_insert
+              AFTER INSERT ON "PROJECT"
+              FOR EACH ROW
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_insert();
+
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_update
+              AFTER UPDATE OF "PARENT_PROJECT_ID" ON "PROJECT"
+              FOR EACH ROW
+              WHEN (OLD."PARENT_PROJECT_ID" IS DISTINCT FROM NEW."PARENT_PROJECT_ID")
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_update();
+
+            CREATE TRIGGER trigger_project_hierarchy_maintenance_on_project_delete
+              AFTER DELETE ON "PROJECT"
+              REFERENCING OLD TABLE AS old_table
+              FOR EACH STATEMENT
+              EXECUTE FUNCTION project_hierarchy_maintenance_on_project_delete();
+        </sql>
+
+        <sql splitStatements="true">
+            INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+            SELECT "ID", "ID", 0 FROM "PROJECT";
+
+            WITH RECURSIVE cte_project_hierarchy AS (
+              SELECT "ID" AS child_id
+                   , "PARENT_PROJECT_ID" AS parent_id
+                   , 1 AS depth
+                FROM "PROJECT"
+               UNION ALL
+              SELECT child_id
+                   , "PARENT_PROJECT_ID" AS parent_id
+                   , depth + 1 AS depth
+                FROM cte_project_hierarchy
+               INNER JOIN "PROJECT"
+                  ON "PROJECT"."ID" = cte_project_hierarchy.parent_id
+               WHERE "PROJECT"."PARENT_PROJECT_ID" IS NOT NULL
+            )
+            INSERT INTO "PROJECT_HIERARCHY" ("PARENT_PROJECT_ID", "CHILD_PROJECT_ID", "DEPTH")
+            SELECT parent_id, child_id, depth FROM cte_project_hierarchy;
+        </sql>
+    </changeSet>
 </databaseChangeLog>

src/main/resources/migration/procedures/function_has-project-access.sql

@@ -1,29 +1,18 @@
-create or replace function has_project_access(
-  project_id bigint
-, team_ids bigint[]
-) returns bool
-  language "sql"
-  parallel safe
-  stable
-as
+CREATE OR REPLACE FUNCTION has_project_access(
+  project_id BIGINT
+, team_ids BIGINT[]
+) RETURNS BOOL
+  LANGUAGE "sql"
+  PARALLEL SAFE
+  STABLE
+AS
 $$
-with recursive project_hierarchy(id, parent_id) as(
-  select "ID" as id
-       , "PARENT_PROJECT_ID" as parent_id
-    from "PROJECT"
-   where "ID" = project_id
-   union all
-  select "PROJECT"."ID" as id
-       , "PROJECT"."PARENT_PROJECT_ID" as parent_id
-    from "PROJECT"
-   inner join project_hierarchy
-      on project_hierarchy.parent_id = "PROJECT"."ID"
-)
-select exists(
-  select 1
-    from project_hierarchy
-   inner join "PROJECT_ACCESS_TEAMS"
-      on "PROJECT_ACCESS_TEAMS"."PROJECT_ID" = project_hierarchy.id
-   where "PROJECT_ACCESS_TEAMS"."TEAM_ID" = any(team_ids)
+SELECT EXISTS(
+  SELECT 1
+    FROM "PROJECT_ACCESS_TEAMS"
+   INNER JOIN "PROJECT_HIERARCHY"
+      ON "PROJECT_HIERARCHY"."PARENT_PROJECT_ID" = "PROJECT_ACCESS_TEAMS"."PROJECT_ID"
+   WHERE "PROJECT_ACCESS_TEAMS"."TEAM_ID" = ANY(team_ids)
+     AND "PROJECT_HIERARCHY"."CHILD_PROJECT_ID" = project_id
 )
 $$;