Use unique user ids for project authorization jobs for group members

This change considers only distinct user ids
for project authorizations refresh jobs for
group members

app/models/group.rb

@@ -388,7 +388,7 @@ class Group < Namespace
   end
 
   def user_ids_for_project_authorizations
-    members_with_parents.pluck(:user_id)
+    members_with_parents.pluck(Arel.sql('DISTINCT members.user_id'))
   end
 
   def self_and_ancestors_ids

changelogs/unreleased/322098-limit-projectauthorizations-refresh-jobs-to-distinct-users.yml

+---
+title: Consider only distinct user ids for project authorizations refresh jobs for
+  group members
+merge_request: 54697
+author:
+type: performance

spec/models/group_spec.rb

@@ -1045,6 +1045,29 @@ RSpec.describe Group do
           include(group_user.id))
       end
     end
+
+    context 'distinct user ids' do
+      let_it_be(:subgroup) { create(:group, :nested) }
+      let_it_be(:user) { create(:user) }
+      let_it_be(:shared_with_group) { create(:group) }
+      let_it_be(:other_subgroup_user) { create(:user) }
+
+      before do
+        create(:group_group_link, shared_group: subgroup, shared_with_group: shared_with_group)
+        subgroup.add_maintainer(other_subgroup_user)
+
+        # `user` is added as a direct member of the parent group, the subgroup
+        # and another group shared with the subgroup.
+        subgroup.parent.add_maintainer(user)
+        subgroup.add_developer(user)
+        shared_with_group.add_guest(user)
+      end
+
+      it 'returns only distinct user ids of users for which to refresh authorizations' do
+        expect(subgroup.user_ids_for_project_authorizations).to(
+          contain_exactly(user.id, other_subgroup_user.id))
+      end
+    end
   end
 
   describe '#update_two_factor_requirement' do