I do have a working version but is has the problem of speed for the initial request, and then the changing of a high level intersection of privileges which would affect many cached values.

At the moment, if privileges change, I'm just emptying the entire privilege cache, which is not very efficient.

So the system works, I just think that it could be better, faster and more scalable, and my question is whether my proposed solution sounds is good : to maintain speed and accuracy at the the expense of table space.

The code for checking the inherited permissions is as follows:

#===================================
sub inherited_permission {
#===================================
    my $self = shift;
    unless (defined $self->{_inh}) {
        my $object = $self->object;
        my $object_parent_id = $object->parent_id;
        my @object_groups = $object->groups;
        my $own_object_id = $object->id;
        my @object_ids = (
            $own_object_id,
            @object_groups,
            $object_parent_id
        );

        my $subject = $self->subject;
        my $subject_parent_id = $subject->parent_id;
        my @subject_groups = $subject->groups;
        
        my $own_subject_id = $subject->id;
        my @subject_ids = (
            $own_subject_id,
            @subject_groups,
            $subject_parent_id
        );

        my $inherited_permission = $self->permission;
        foreach my $object_id (@object_ids) {
            foreach my $subject_id (@subject_ids) {
                next if !($subject_id && $object_id)
                        || ($subject_id == $own_subject_id 
                            && $object_id == $own_object_id);
                            
                my $permission = $self->new({
                    object   => $self->base_class->new($object_id),
                    subject  => $self->base_class->new($subject_id)
                });
                $inherited_permission|=$permission->inherited_permissi
+on;
            }
        }
        $self->{_inh} = $inherited_permission & $self->mask;
        my @saved = delete @{$self}{'_subject','_object'};
        $self->save_to_cache;
        @{$self}{'_subject','_object'}= @saved;
    }
    return $self->{_inh};
}

[download]

(There is some added complexity involved because in my live system, the actual privileges reported depend on the 'status' of each object, so an album of status 'awaiting approval' would grant different privileges to an album of status 'approved'). This is just handled by a series of predefined masks.

In reply to Re^2: Optimising a flexibile privilege system by clinton
in thread Optimising a flexibile privilege system by clinton

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.