in reply to Re: Optimising a flexibile privilege system
in thread Optimising a flexibile privilege system
At the moment, if privileges change, I'm just emptying the entire privilege cache, which is not very efficient.
So the system works, I just think that it could be better, faster and more scalable, and my question is whether my proposed solution sounds is good : to maintain speed and accuracy at the the expense of table space.
The code for checking the inherited permissions is as follows:
(There is some added complexity involved because in my live system, the actual privileges reported depend on the 'status' of each object, so an album of status 'awaiting approval' would grant different privileges to an album of status 'approved'). This is just handled by a series of predefined masks.#=================================== sub inherited_permission { #=================================== my $self = shift; unless (defined $self->{_inh}) { my $object = $self->object; my $object_parent_id = $object->parent_id; my @object_groups = $object->groups; my $own_object_id = $object->id; my @object_ids = ( $own_object_id, @object_groups, $object_parent_id ); my $subject = $self->subject; my $subject_parent_id = $subject->parent_id; my @subject_groups = $subject->groups; my $own_subject_id = $subject->id; my @subject_ids = ( $own_subject_id, @subject_groups, $subject_parent_id ); my $inherited_permission = $self->permission; foreach my $object_id (@object_ids) { foreach my $subject_id (@subject_ids) { next if !($subject_id && $object_id) || ($subject_id == $own_subject_id && $object_id == $own_object_id); my $permission = $self->new({ object => $self->base_class->new($object_id), subject => $self->base_class->new($subject_id) }); $inherited_permission|=$permission->inherited_permissi +on; } } $self->{_inh} = $inherited_permission & $self->mask; my @saved = delete @{$self}{'_subject','_object'}; $self->save_to_cache; @{$self}{'_subject','_object'}= @saved; } return $self->{_inh}; }
|
|---|