feat(eventstore): increase parallel write capabilities (#5940)

This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2025-08-11 21:17:32 +00:00 · 2023-10-19 12:19:10 +02:00
parent 259faba3f0
commit b5564572bc
791 changed files with 30326 additions and 43202 deletions
--- a/internal/api/authz/permissions.go
+++ b/internal/api/authz/permissions.go
@@ -16,10 +16,8 @@ func CheckPermission(ctx context.Context, resolver MembershipsResolver, roleMapp
 	_, userPermissionSpan := tracing.NewNamedSpan(ctx, "checkUserPermissions")
 	err = checkUserResourcePermissions(requestedPermissions, resourceID)
 	userPermissionSpan.EndWithError(err)
-	if err != nil {
-		return err
-	}
-	return nil
+
+	return err
 }

 // getUserPermissions retrieves the memberships of the authenticated user (on instance and provided organisation level),
@@ -33,23 +31,17 @@ func getUserPermissions(ctx context.Context, resolver MembershipsResolver, requi
 	}

 	ctx = context.WithValue(ctx, dataKey, ctxData)
-	memberships, err := resolver.SearchMyMemberships(ctx, orgID)
+	memberships, err := resolver.SearchMyMemberships(ctx, orgID, false)
 	if err != nil {
 		return nil, nil, err
 	}
 	if len(memberships) == 0 {
-		err = retry(func() error {
-			memberships, err = resolver.SearchMyMemberships(ctx, orgID)
-			if err != nil {
-				return err
-			}
-			if len(memberships) == 0 {
-				return errors.ThrowNotFound(nil, "AUTHZ-cdgFk", "membership not found")
-			}
-			return nil
-		})
+		memberships, err = resolver.SearchMyMemberships(ctx, orgID, true)
+		if len(memberships) == 0 {
+			return nil, nil, errors.ThrowNotFound(nil, "AUTHZ-cdgFk", "membership not found")
+		}
 		if err != nil {
-			return nil, nil, nil
+			return nil, nil, err
 		}
 	}
 	requestedPermissions, allPermissions = mapMembershipsToPermissions(requiredPerm, memberships, roleMappings)