Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access permissions 4: Fix user caching #6880

Open
wants to merge 1 commit into
base: v5/feature/access-permissions-3
Choose a base branch
from
Open

Access permissions 4: Fix user caching #6880

wants to merge 1 commit into from

Conversation

lukasbestle
Copy link
Member

@lukasbestle lukasbestle commented Dec 23, 2024
edited
Loading

🚨 Merge first

Description

Summary of changes

No longer cache the user object in each ModelPermissions instance

Reasoning

Made the permission checks return stale results if the user changed during the request; this made the additional permission caching in the $page/file->isAccessible() and $page/file->isListable() methods useless.

Changelog

Fixes

  • Permissions are now correctly determined if the active user changes during the request

Breaking changes

  • Classes extending ModelPermissions need to use the user() method instead of $user and $permissions properties

Docs

None

Ready?

  • In-code documentation (wherever needed)
  • Unit tests for fixed bug/feature
  • Tests and CI checks all pass

For review team

  • Add lab and/or sandbox examples (wherever helpful)
  • Add changes & docs to release notes draft in Notion

@lukasbestle
Don’t keep user object in memory cache
13ea6fc 
Made the permission checks return stale results if the user changed during the request
@lukasbestle lukasbestle requested a review from a team December 23, 2024 09:45
@lukasbestle lukasbestle self-assigned this Dec 23, 2024
@lukasbestle lukasbestle added the type: bug 🐛 Is a bug; fixes a bug label Dec 23, 2024
@lukasbestle lukasbestle added this to the 5.0.0-beta.2 milestone Dec 23, 2024
@lukasbestle lukasbestle mentioned this pull request Dec 23, 2024
Open
5 tasks
@distantnative
Copy link
Member

@lukasbestle Do you have an idea how much of a performance impact this has? Since if we don't cache the ModelPermission objects, each time they now have to be created the blueprint is also read (which has been a performance bottleneck for us).

@lukasbestle
Copy link
Member Author

There are two components to this:

  • At the moment we don't cache the ModelPermissions objects at all. E.g. $page->permissions() creates an instance each time. Which means that the user object is retrieved each time a permission is checked (before: in the constructor of ModelPermissions; after: when actually checking the permission). So in practice this PR alone does not create any difference. Only if we ever reuse an existing ModelPermissions object for additional checks, this becomes a difference. But there I would say security > performance. Viewed from the opposite perspective: With this PR, it becomes practical for the first time to cache the ModelPermissions object without security impact, thus allowing us to read the blueprint only once (per model).
  • We have another layer of caching for access/list permissions, which are those that are commonly checked more than once per request. All the other permissions are only checked for a particular action, of which not many happen per request.

@lukasbestle lukasbestle mentioned this pull request Dec 23, 2024
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lukasbestle lukasbestle

Labels
type: bug 🐛 Is a bug; fixes a bug
Projects
None yet
Milestone
5.0.0-beta.2
Development

Successfully merging this pull request may close these issues.
2 participants
@lukasbestle @distantnative