FUND-2496 DRC Fix Owner Filter & LatestVertrouwelijkheidAanduiding Optimization#181
Open
Grabauskas wants to merge 5 commits into
Open
FUND-2496 DRC Fix Owner Filter & LatestVertrouwelijkheidAanduiding Optimization#181Grabauskas wants to merge 5 commits into
Grabauskas wants to merge 5 commits into
Conversation
Prevents the planner from probing all 70M versie rows for tenant-scoped gebruiksrechten / object-information-object queries. Mirrors the pattern already used by Handlers/v1/5/GetAllEnkelvoudigInformatieObjectenQueryHandler.cs:181.
Grabauskas
added
Bug
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves tenant-scoped authorization filtering in DRC “get all” handlers by adding an owner predicate to the inner EnkelvoudigInformatieObjectVersies EXISTS subquery (preventing cross-tenant false-positives and avoiding expensive probes over a very large versie table). In addition, it introduces and maintains a new LatestVertrouwelijkheidAanduiding field on EnkelvoudigInformatieObject plus an accompanying index/migrations, with unit tests covering both the authorization regression and the “latest VHA” persistence behavior.
Changes:
- Add
Owner == _rsinpredicate to the versieAny(...)subquery in v1 handlers (and regression tests to prevent cross-tenant matches). - Add
LatestVertrouwelijkheidAanduidingtoEnkelvoudigInformatieObject, ignore it in request-to-domain mappings, and set it in create/update handlers. - Add migrations (column adoption + pagination/index include) and extend unit tests to cover the new “latest VHA” behavior.
Reviewed changes
Copilot reviewed 20 out of 22 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/GetAllObjectInformatieObjectenQuery.cs | Adds owner predicate to versie EXISTS subquery for tenant-scoped auth filtering. |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/GetAllGebruiksRechtenQuery.cs | Adds owner predicate to versie EXISTS subquery (currently contains a compile-breaking typo). |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/5/GetAllVerzendingenQueryHandler.cs | Adds owner predicate to pagination EXISTS subquery for tenant-scoped auth filtering. |
| src/OneGround.ZGW.Documenten.DataModel/EnkelvoudigInformatieObject.cs | Introduces persisted LatestVertrouwelijkheidAanduiding on the EIO entity. |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/CreateEnkelvoudigInformatieObjectCommandHandler.cs | Sets LatestVertrouwelijkheidAanduiding when creating latest versie (v1). |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/1/CreateEnkelvoudigInformatieObjectCommandHandler.cs | Sets LatestVertrouwelijkheidAanduiding when creating latest versie (v1.1). |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/5/CreateEnkelvoudigInformatieObjectCommandHandler.cs | Sets LatestVertrouwelijkheidAanduiding when creating latest versie (v1.5). |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/1/UpdateEnkelvoudigInformatieObjectCommandHandler.cs | Sets LatestVertrouwelijkheidAanduiding when updating latest versie (v1.1). |
| src/OneGround.ZGW.Documenten.Web/Handlers/v1/5/UpdateEnkelvoudigInformatieObjectCommandHandler.cs | Sets LatestVertrouwelijkheidAanduiding when updating latest versie (v1.5). |
| src/OneGround.ZGW.Documenten.Web/MappingProfiles/v1/RequestToDomainProfile.cs | Prevents clients from mapping LatestVertrouwelijkheidAanduiding into the domain model. |
| src/OneGround.ZGW.Documenten.Web/MappingProfiles/v1/1/RequestToDomainProfile.cs | Same (v1.1). |
| src/OneGround.ZGW.Documenten.Web/MappingProfiles/v1/5/RequestToDomainProfile.cs | Same (v1.5). |
| src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511140530_adopt_latest_vertrouwelijkheidaanduiding.cs | Adds/adopts the latest_vertrouwelijkheidaanduiding column and relaxes constraints/default. |
| src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511140530_adopt_latest_vertrouwelijkheidaanduiding.Designer.cs | EF migration snapshot updates for the new column. |
| src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511150043_b_create_pagination_index_vha.cs | Adds a covering index including latest_vertrouwelijkheidaanduiding (CONCURRENTLY). |
| src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511150043_b_create_pagination_index_vha.Designer.cs | EF migration snapshot updates for the new index. |
| src/OneGround.ZGW.Documenten.DataModel/Migrations/DrcDbContextModelSnapshot.cs | Updates the overall model snapshot with the new column/index metadata. |
| src/Tests/OneGround.ZGW.Documenten.WebApi.UnitTests/HandlerTests/GetAllObjectInformatieObjectenQueryHandlerTests.cs | Regression tests ensuring auth subquery cannot match versies from another owner. |
| src/Tests/OneGround.ZGW.Documenten.WebApi.UnitTests/HandlerTests/GetAllGebruiksRechtenQueryHandlerTests.cs | Same regression coverage for gebruiksrechten handler. |
| src/Tests/OneGround.ZGW.Documenten.WebApi.UnitTests/HandlerTests/GetAllVerzendingenQueryHandlerTests.cs | Same regression coverage for verzendingen pagination query; adds cache no-op helper for InMemory. |
| src/Tests/OneGround.ZGW.Documenten.WebApi.UnitTests/EnkelvoudigeInformatieHandlerTests/CreateEnkelvoudigInformatieObjectVersionsTests.cs | Adds tests asserting LatestVertrouwelijkheidAanduiding is set on create (v1.1/v1/v1.5). |
| src/Tests/OneGround.ZGW.Documenten.WebApi.UnitTests/EnkelvoudigeInformatieHandlerTests/UpdateEnkelvoudigInformatieObjectVersionsTests.cs | Adds tests asserting LatestVertrouwelijkheidAanduiding is set on update (v1.1/v1.5). |
Files not reviewed (2)
- src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511140530_adopt_latest_vertrouwelijkheidaanduiding.Designer.cs: Language not supported
- src/OneGround.ZGW.Documenten.DataModel/Migrations/20260511150043_b_create_pagination_index_vha.Designer.cs: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Grabauskas
changed the title
Grabauskas
changed the title
heuvea
reviewed
May 12, 2026
heuvea
reviewed
May 12, 2026
heuvea
reviewed
May 12, 2026
heuvea
reviewed
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prevents the planner from probing all 70M versie rows for tenant-scoped gebruiksrechten / object-information-object queries. Mirrors the pattern already used by Handlers/v1/5/GetAllEnkelvoudigInformatieObjectenQueryHandler.cs:181.
Pull Request
Description
Type of Change
Related Issues
Testing
Checklist