Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-18459

OSP role-based authorization is far too inefficient

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.6.0, 2.7.0
    • Fix Version/s: 2.7.0
    • Component/s: OSP: Other
    • Labels:
      None

      Description

      When authorizing items such as forms or presentations, the algorithm used can be very inefficient. The WorksiteAwareAuthorizationFacade checks every site to which the viewer belongs by retrieving them from the AuthzGroupService individually. The entire set is retrieved from the database on each check, incurring a large penalty for users who belong to many sites.

      There is a kernel issue recorded as KNL-488 to offer a new method to check the user's roles more efficiently. There is a dependent patch required to OSP to take advantage of this method.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  noahbotimer Noah Botimer
                  Reporter:
                  noahbotimer Noah Botimer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code