Fix N+1 queries when loading vulnerablity feedback

Use Vulnerabilities::OccurrencesPreloader for API requests

Fix N+1 queries when loading vulnerablity feedback
Use Vulnerabilities::OccurrencesPreloader for API requests
e1dad9f6 · Heinrich Lee Yu · a02dcee4 · e1dad9f6 · e1dad9f6 · e1dad9f6
Commit e1dad9f6 authored Jul 11, 2019 by Heinrich Lee Yu
4 changed files
--- a/ee/changelogs/unreleased/fix-vulnerability-feeback-n-plus-1.yml
+++ b/ee/changelogs/unreleased/fix-vulnerability-feeback-n-plus-1.yml
+---
+title: Fix N+1 queries in vulnerabilities API
+merge_request: 14638
+author:
+type: performance
--- a/ee/lib/api/vulnerabilities.rb
+++ b/ee/lib/api/vulnerabilities.rb
@@ -50,11 +50,15 @@ module API
      get ':id/vulnerabilities' do
        authorize! :read_project_security_dashboard, user_project

-        vulnerability_occurrences = Kaminari.paginate_array(
-          vulnerability_occurrences_by(declared_params.merge(project: user_project))
+        vulnerability_occurrences = paginate(
+          Kaminari.paginate_array(
+            vulnerability_occurrences_by(declared_params.merge(project: user_project))
+          )
        )

-        present paginate(vulnerability_occurrences),
+        Gitlab::Vulnerabilities::OccurrencesPreloader.preload_feedback!(vulnerability_occurrences)
+
+        present vulnerability_occurrences,
          with: ::Vulnerabilities::OccurrenceEntity,
          request: GrapeRequestProxy.new(request, current_user)
      end

--- a/ee/lib/gitlab/vulnerabilities/occurrences_preloader.rb
+++ b/ee/lib/gitlab/vulnerabilities/occurrences_preloader.rb
@@ -9,8 +9,15 @@ module Gitlab
    class OccurrencesPreloader
      def self.preload!(occurrences)
        occurrences.all_preloaded.tap do |occurrences|
-          occurrences.each(&:issue_feedback)
-          occurrences.each(&:dismissal_feedback)
+          preload_feedback!(occurrences)
+        end
+      end
+
+      def self.preload_feedback!(occurrences)
+        occurrences.each do |occurrence|
+          occurrence.dismissal_feedback
+          occurrence.issue_feedback
+          occurrence.merge_request_feedback
        end
      end
    end

--- a/ee/spec/requests/api/vulnerabilities_spec.rb
+++ b/ee/spec/requests/api/vulnerabilities_spec.rb
@@ -52,6 +52,14 @@ describe API::Vulnerabilities do
        expect(json_response.map { |v| v['report_type'] }.uniq).to match_array %w[dependency_scanning sast]
      end

+      it 'does not have N+1 queries' do
+        control_count = ActiveRecord::QueryRecorder.new do
+          get api("/projects/#{project.id}/vulnerabilities", user), params: { report_type: 'dependency_scanning' }
+        end.count
+
+        expect { get api("/projects/#{project.id}/vulnerabilities", user) }.not_to exceed_query_limit(control_count)
+      end
+
      describe 'filtering' do
        it 'returns vulnerabilities with sast report_type' do
          occurrence_count = (sast_report.occurrences.count - 1).to_s