From e7903d5391376cad7fe44bbede36a2e06eb00d32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20C=2E=20Fernandes?= Date: Wed, 17 Dec 2025 17:15:31 +0000 Subject: [PATCH] core/groups: optimize prefetch queries to fetch only required fields (#18448) Co-authored-by: Marc 'risson' Schmitt --- authentik/core/api/groups.py | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/authentik/core/api/groups.py b/authentik/core/api/groups.py index ac4d720298..c550792303 100644 --- a/authentik/core/api/groups.py +++ b/authentik/core/api/groups.py @@ -33,6 +33,16 @@ from authentik.endpoints.connectors.agent.auth import AgentAuth from authentik.rbac.api.roles import RoleSerializer from authentik.rbac.decorators import permission_required +PARTIAL_USER_SERIALIZER_MODEL_FIELDS = [ + "pk", + "username", + "name", + "is_active", + "last_login", + "email", + "attributes", +] + class PartialUserSerializer(ModelSerializer): """Partial User Serializer, does not include child relations.""" @@ -42,16 +52,7 @@ class PartialUserSerializer(ModelSerializer): class Meta: model = User - fields = [ - "pk", - "username", - "name", - "is_active", - "last_login", - "email", - "attributes", - "uid", - ] + fields = PARTIAL_USER_SERIALIZER_MODEL_FIELDS + ["uid"] class RelatedGroupSerializer(ModelSerializer): @@ -262,7 +263,14 @@ class GroupViewSet(UsedByMixin, ModelViewSet): base_qs = Group.objects.all().prefetch_related("roles") if self.serializer_class(context={"request": self.request})._should_include_users: - base_qs = base_qs.prefetch_related("users") + # Only fetch fields needed by PartialUserSerializer to reduce DB load and instantiation + # time + base_qs = base_qs.prefetch_related( + Prefetch( + "users", + queryset=User.objects.all().only(*PARTIAL_USER_SERIALIZER_MODEL_FIELDS), + ) + ) else: base_qs = base_qs.prefetch_related( Prefetch("users", queryset=User.objects.all().only("id"))