2 files changed, 23 insertions, 28 deletions

diff --git a/app/models/project_authorization.rb b/app/models/project_authorization.rb
index a00d43773d9..4c7f4f5a429 100644
--- a/app/models/project_authorization.rb
+++ b/app/models/project_authorization.rb
@@ -5,4 +5,17 @@ class ProjectAuthorization < ActiveRecord::Base
   validates :project, presence: true
   validates :access_level, inclusion: { in: Gitlab::Access.all_values }, presence: true
   validates :user, uniqueness: { scope: [:project, :access_level] }, presence: true
+
+  def self.insert_authorizations(rows, per_batch = 1000)
+    rows.each_slice(per_batch) do |slice|
+      tuples = slice.map do |tuple|
+        tuple.map { |value| connection.quote(value) }
+      end
+
+      connection.execute <<-EOF.strip_heredoc
+      INSERT INTO project_authorizations (user_id, project_id, access_level)
+      VALUES #{tuples.map { |tuple| "(#{tuple.join(', ')})" }.join(', ')}
+      EOF
+    end
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 3a17c98eff6..9f5cc149361 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -443,22 +443,16 @@ class User < ActiveRecord::Base
   end
 
   def refresh_authorized_projects
-    transaction do
-      project_authorizations.delete_all
-
-      # project_authorizations_union can return multiple records for the same
-      # project/user with different access_level so we take row with the maximum
-      # access_level
-      project_authorizations.connection.execute <<-SQL
-      INSERT INTO project_authorizations (user_id, project_id, access_level)
-      SELECT user_id, project_id, MAX(access_level) AS access_level
-      FROM (#{project_authorizations_union.to_sql}) sub
-      GROUP BY user_id, project_id
-      SQL
-
-      unless authorized_projects_populated
-        update_column(:authorized_projects_populated, true)
-      end
+    Users::RefreshAuthorizedProjectsService.new(self).execute
+  end
+
+  def remove_project_authorizations(project_ids)
+    project_authorizations.where(id: project_ids).delete_all
+  end
+
+  def set_authorized_projects_column
+    unless authorized_projects_populated
+      update_column(:authorized_projects_populated, true)
     end
   end
 
@@ -905,18 +899,6 @@ class User < ActiveRecord::Base
 
   private
 
-  # Returns a union query of projects that the user is authorized to access
-  def project_authorizations_union
-    relations = [
-      personal_projects.select("#{id} AS user_id, projects.id AS project_id, #{Gitlab::Access::MASTER} AS access_level"),
-      groups_projects.select_for_project_authorization,
-      projects.select_for_project_authorization,
-      groups.joins(:shared_projects).select_for_project_authorization
-    ]
-
-    Gitlab::SQL::Union.new(relations)
-  end
-
   def ci_projects_union
     scope  = { access_level: [Gitlab::Access::MASTER, Gitlab::Access::OWNER] }
     groups = groups_projects.where(members: scope)