[dev] Permissions inheritance
Richard Wallace
rwallace at thewallacepack.net
Mon Nov 1 08:49:43 PST 2004
Chuck Hagenbuch wrote:
> Right now they're not supposed to. There are definitely reasons to make
> it work
> that way by default, and reasons not to. A patch that introduced an
> option to
> turn checking parent permissions on would definitely be considered.
Alright, that's fair. I implemented this in the Group::hasPermission()
method and have it working. The way I did it probably isn't the best
though. There is considerable overhead in extra queries for each
parent. Basically, I'm taking the name of the permission that is given
and iteratively removing everything after the last : to get each parent
name and then the permission. Then I OR that with an accumulating
variable which is ultimately compared to the $perm parameter.
The problem with that approach is that there needs to be a query to the
datatree for each level in the permissions hierarchy to the node.
It's not like I plan on having 50 levels or anything, 3 or 4 at the
most, but each of those would generate two queries (one to the datatree
table and one to the datatree attributes table). So, if there are 10
objects that need to have permissions checked and multiple users logged
in at the same time, the mysql server is going to get slammed with queries.
Is there anyway to optimize this, maybe by loading all the parent
permissions in one shot with a single call to the datatree?
Thanks,
rich
More information about the dev
mailing list