Mercurial > p > roundup > code
comparison roundup/security.py @ 8121:2a4d0413bd20 permission-performance
When computing batch check class-permissions first
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 18 Oct 2024 18:04:46 +0200 |
| parents | d4fa7a9c3a21 |
| children | b358da7c89e5 |
comparison
equal
deleted
inserted
replaced
| 8120:d4fa7a9c3a21 | 8121:2a4d0413bd20 |
|---|---|
| 308 return perm | 308 return perm |
| 309 raise ValueError('No permission "%s" defined for "%s"' % (permission, | 309 raise ValueError('No permission "%s" defined for "%s"' % (permission, |
| 310 classname)) | 310 classname)) |
| 311 | 311 |
| 312 def hasPermission(self, permission, userid, classname=None, | 312 def hasPermission(self, permission, userid, classname=None, |
| 313 property=None, itemid=None): | 313 property=None, itemid=None, only_no_check=False): |
| 314 '''Look through all the Roles, and hence Permissions, and | 314 '''Look through all the Roles, and hence Permissions, and |
| 315 see if "permission" exists given the constraints of | 315 see if "permission" exists given the constraints of |
| 316 classname, property, itemid, and props_only. | 316 classname, property, itemid, and props_only. |
| 317 | 317 |
| 318 If classname is specified (and only classname) the | 318 If classname is specified (and only classname) the |
| 343 raise ValueError('classname must accompany itemid') | 343 raise ValueError('classname must accompany itemid') |
| 344 # for each of the user's Roles, check the permissions | 344 # for each of the user's Roles, check the permissions |
| 345 # Note that checks with a check method are typically a lot more | 345 # Note that checks with a check method are typically a lot more |
| 346 # expensive than the ones without. So we check the ones without | 346 # expensive than the ones without. So we check the ones without |
| 347 # a check method first | 347 # a check method first |
| 348 for has_check in False, True: | 348 checklist = (False, True) |
| 349 if only_no_check: | |
| 350 checklist = (False,) | |
| 351 for has_check in checklist: | |
| 349 for rolename in self.db.user.get_roles(userid): | 352 for rolename in self.db.user.get_roles(userid): |
| 350 if not rolename or (rolename not in self.role): | 353 if not rolename or (rolename not in self.role): |
| 351 continue | 354 continue |
| 352 r = self.role[rolename] | 355 r = self.role[rolename] |
| 353 v = r.hasPermission(self.db, permission, userid, classname, | 356 v = r.hasPermission(self.db, permission, userid, classname, |