core: only prefetch related objects when required (#9476)

* core: only prefetch related objects when required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests to assert query count Signed-off-by: Jens Langhammer <jens@goauthentik.io> * "optimize" another query away Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prefetch parent and roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * whops that needs to be pre-fetched Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-04-29 12:59:59 +02:00
parent 6d912be7f6
commit c5b099856d
6 changed files with 27 additions and 7 deletions
--- a/authentik/core/api/groups.py
+++ b/authentik/core/api/groups.py
@ -154,12 +154,18 @@ class GroupViewSet(UsedByMixin, ModelViewSet):

        pk = IntegerField(required=True)

-    queryset = Group.objects.all().select_related("parent").prefetch_related("users")
+    queryset = Group.objects.none()
    serializer_class = GroupSerializer
    search_fields = ["name", "is_superuser"]
    filterset_class = GroupFilter
    ordering = ["name"]

+    def get_queryset(self):
+        base_qs = Group.objects.all().select_related("parent").prefetch_related("roles")
+        if self.serializer_class(context={"request": self.request})._should_include_users:
+            base_qs = base_qs.prefetch_related("users")
+        return base_qs
+
    @extend_schema(
        parameters=[
            OpenApiParameter("include_users", bool, default=True),
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -407,8 +407,11 @@ class UserViewSet(UsedByMixin, ModelViewSet):
    search_fields = ["username", "name", "is_active", "email", "uuid"]
    filterset_class = UsersFilter

-    def get_queryset(self):  # pragma: no cover
-        return User.objects.all().exclude_anonymous().prefetch_related("ak_groups")
+    def get_queryset(self):
+        base_qs = User.objects.all().exclude_anonymous()
+        if self.serializer_class(context={"request": self.request})._should_include_groups:
+            base_qs = base_qs.prefetch_related("ak_groups")
+        return base_qs

    @extend_schema(
        parameters=[
--- a/authentik/core/tests/test_groups_api.py
+++ b/authentik/core/tests/test_groups_api.py
@ -5,7 +5,7 @@ from guardian.shortcuts import assign_perm
 from rest_framework.test import APITestCase

 from authentik.core.models import Group, User
-from authentik.core.tests.utils import create_test_user
+from authentik.core.tests.utils import create_test_admin_user, create_test_user
 from authentik.lib.generators import generate_id


@ -16,6 +16,13 @@ class TestGroupsAPI(APITestCase):
        self.login_user = create_test_user()
        self.user = User.objects.create(username="test-user")

+    def test_list_with_users(self):
+        """Test listing with users"""
+        admin = create_test_admin_user()
+        self.client.force_login(admin)
+        response = self.client.get(reverse("authentik_api:group-list"), {"include_users": "true"})
+        self.assertEqual(response.status_code, 200)
+
    def test_add_user(self):
        """Test add_user"""
        group = Group.objects.create(name=generate_id())
--- a/authentik/core/tests/test_users_api.py
+++ b/authentik/core/tests/test_users_api.py
@ -41,6 +41,12 @@ class TestUsersAPI(APITestCase):
        )
        self.assertEqual(response.status_code, 200)

+    def test_list_with_groups(self):
+        """Test listing with groups"""
+        self.client.force_login(self.admin)
+        response = self.client.get(reverse("authentik_api:user-list"), {"include_groups": "true"})
+        self.assertEqual(response.status_code, 200)
+
    def test_metrics(self):
        """Test user's metrics"""
        self.client.force_login(self.admin)
--- a/authentik/core/tests/test_users_avatars.py
+++ b/authentik/core/tests/test_users_avatars.py
@ -8,7 +8,6 @@ from rest_framework.test import APITestCase

 from authentik.core.models import User
 from authentik.core.tests.utils import create_test_admin_user
-from authentik.lib.config import CONFIG
 from authentik.tenants.utils import get_current_tenant


@ -25,7 +24,6 @@ class TestUsersAvatars(APITestCase):
        tenant.avatars = mode
        tenant.save()

-    @CONFIG.patch("avatars", "none")
    def test_avatars_none(self):
        """Test avatars none"""
        self.set_avatar_mode("none")
--- a/authentik/events/middleware.py
+++ b/authentik/events/middleware.py
@ -116,12 +116,12 @@ class AuditMiddleware:
            return user
        user = getattr(request, "user", self.anonymous_user)
        if not user.is_authenticated:
+            self._ensure_fallback_user()
            return self.anonymous_user
        return user

    def connect(self, request: HttpRequest):
        """Connect signal for automatic logging"""
-        self._ensure_fallback_user()
        if not hasattr(request, "request_id"):
            return
        post_save.connect(