Opened 7 years ago

Closed 7 years ago

#1848 closed enhancement (fixed)

Cleanup ACL system

Reported by: flack Owned by: flack
Priority: blocker Milestone: 8.09.10 Ragnaroek
Component: MidCOM core Version: 8.09 Ragnaroek
Keywords: Cc:

Description

MidCOM's privilege-handling code is quite complex and hard to read. It should be cleaned up/refactored to increase maintainability and performance

Change History (23)

comment:1 Changed 7 years ago by flack

(In [26277]) small readability improvements, refs #1848

comment:2 Changed 7 years ago by flack

(In [26278]) Only load owner privileges if we actually need them, refs #1848

comment:3 Changed 7 years ago by flack

(In [26279]) insert owner privileges before sorting the array, refs #1848

comment:4 Changed 7 years ago by flack

(In [26280]) revert last two commits since they introduced a slight behavior change, also remove some dead code, refs #1848

comment:5 Changed 7 years ago by flack

(In [26281]) validate objects before putting them into memcache, refs #1848

comment:6 Changed 7 years ago by flack

(In [26282]) when privilege data is passed in constructor, we don't instantiate the mgd privilege object (this is done on-demand for write actions if necessary).

This allows us to keep the ACL memcache a lot smaller and faster

Attention: You have to invalidate your cache after updating to this revision!

refs #1848

comment:7 Changed 7 years ago by flack

(In [26283]) restore old optimization and use better function name, refs #1848

comment:8 Changed 7 years ago by flack

(In [26285]) Determine the user identifier further up in the stack and pass it around instead of the full object, refs #1848

comment:9 Changed 7 years ago by flack

(In [26286]) we don't need to cache merged privilegesets by both int and boolean values, boolean is enough

refs #1848

comment:10 Changed 7 years ago by flack

(In [26287]) unify user_id lookup and refactor to a separate method so that it can be re-used in batch checks

refs #1848

comment:11 Changed 7 years ago by flack

(In [26288]) Suppress loag message when traing to get users with anonymous ID, refs #1848

comment:12 Changed 7 years ago by flack

(In [26289]) move lowlevel ACL code into its own class for better maintainability, refs #1848

comment:13 Changed 7 years ago by flack

(In [26290]) move more functionality to the new ACL class, refs #1848

comment:14 Changed 7 years ago by flack

(In [26291]) small simplification, refs #1848

comment:15 Changed 7 years ago by flack

(In [26329]) remove tmp object creation and rely on guid instead, refs #1848

comment:16 Changed 7 years ago by flack

(In [26330]) rewrite method for clarity and speed, refs #1848

comment:17 Changed 7 years ago by flack

(In [26331]) make sanity checks less redundant, refs #1848

comment:18 Changed 7 years ago by flack

(In [26368]) cache self and content privileges separately to avoid repeated filtering, refs #1848

comment:19 Changed 7 years ago by flack

(In [26386]) First version of an alternative can_do algorithm, refs #1848

comment:20 Changed 7 years ago by flack

(In [26390]) cache scope, refs #1848

comment:21 Changed 7 years ago by bergie

  • Priority changed from major to blocker

comment:22 Changed 7 years ago by flack

(In [26439]) merge ACL changes back into ragna branch, refs #1848

comment:23 Changed 7 years ago by flack

  • Resolution set to fixed
  • Status changed from new to closed

It's been a couple of weeks and so far, no regressions have popped up, plus it's gotten a lot faster & cleaner => closing as fixed

Note: See TracTickets for help on using tickets.