Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Update Grid Search to respect doesOwnerHaveAccessToPost() #1099

Closed
wants to merge 1 commit into from

2 participants

@mwilkie
  • Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
  • Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results Closes #648
Mark Wilkie Update Grid Search to respect doesOwnerHaveAccessToPost()
* Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
* Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results
Closes #648
87af6b5
@mwilkie

i didn't put the doesOwnerHaveAccessToPost in the PostIterator as it was just a few lines to the grid controller. Thinking we can refactor this later if we need.

@ginatrapani ginatrapani closed this pull request from a commit
Mark Wilkie Update Grid Search to respect doesOwnerHaveAccessToPost()
* Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
* Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results
Closes #648, closes #1099
b165132
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 3, 2011
  1. Update Grid Search to respect doesOwnerHaveAccessToPost()

    Mark Wilkie authored
    * Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
    * Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results
    Closes #648
This page is out of date. Refresh to see the latest.
View
12 extras/dev/ramdisk/osx_make_ramdisk_db.conf.sample
@@ -32,12 +32,12 @@ MYSQL_DATA_DIR="/usr/local/mysql/data"
TMP_DATA_DIR="/tmp/thinkup_rd_dir"
# glean db config data
-DB_HOST=`$PHP tests/scripts/parse_config.php db_host`
-DB_USER=`$PHP tests/scripts/parse_config.php db_user`
-DB_PASSWORD=`$PHP tests/scripts/parse_config.php db_password`
-DB_NAME=`$PHP tests/scripts/parse_config.php db_name`
-DB_SOCKET=`$PHP tests/scripts/parse_config.php db_socket`
-DB_PORT=`$PHP tests/scripts/parse_config.php db_port`
+DB_HOST=`$PHP extras/dev/ramdisk/parse_config.php db_host`
+DB_USER=`$PHP extras/dev/ramdisk/parse_config.php db_user`
+DB_PASSWORD=`$PHP extras/dev/ramdisk/parse_config.php db_password`
+DB_NAME=`$PHP extras/dev/ramdisk/parse_config.php db_name`
+DB_SOCKET=`$PHP extras/dev/ramdisk/parse_config.php db_socket`
+DB_PORT=`$PHP extras/dev/ramdisk/parse_config.php db_port`
DB_NAME_TEST_RD="${DB_NAME}_tests_rd"
MYSQL_CMD="$MYSQL -h $DB_HOST -u $DB_USER";
View
21 tests/TestOfGridController.php
@@ -158,7 +158,7 @@ public function testOwnerWithAccessTweetsAllMaxNoLimit() {
}
public function testReplyToSearch() {
- $builders = $this->buildData();
+ $builders = $this->buildData(0,0);
$this->simulateLogin('me@example.com');
$_GET['u'] = 'someuser1';
$_GET['n'] = 'twitter';
@@ -226,6 +226,25 @@ public function testReplyToSearchNotLoggedIn() {
$this->assertEqual($ob->posts[0]->post_id_str, '10765432100123456783_str');
}
+
+ public function testReplyToSearchFilterOutProtected() {
+ $builders = $this->buildData();
+ $this->simulateLogin('me@example.com');
+ $_GET['u'] = 'someuser1';
+ $_GET['n'] = 'twitter';
+ $_GET['t'] = '10765432100123456781';
+ $controller = new GridController(true);
+ $this->assertTrue(isset($controller));
+ ob_start();
+ $controller->control();
+ $results = ob_get_contents();
+ ob_end_clean();
+ $json = substr($results, 29, strrpos($results, ';') - 30);
+ $ob = json_decode( $json );
+ $this->assertEqual($ob->status, 'success');
+ $this->assertEqual(count($ob->posts), 1);
+ }
+
public function testNoProfilerOutput() {
// Enable profiler
$config = Config::getInstance();
View
15 tests/TestOfOwnerInstanceMySQLDAO.php
@@ -44,6 +44,8 @@ public function setUp() {
public function tearDown() {
parent::tearDown();
$this->logger->close();
+ //clear doesOwnerHaveAccessToPost query cache
+ OwnerInstanceMySQLDAO::$post_access_query_cache = array();
}
public function testDelete() {
@@ -250,6 +252,10 @@ public function testDoesOwnerHaveAccessToPost() {
$post->is_protected = true;
$this->assertFalse($dao->doesOwnerHaveAccessToPost($owner, $post));
+ // should have empty cache arrays
+ $this->assertEqual(count(OwnerInstanceMySQLDAO::$post_access_query_cache['1-twitter-network_id_cache']), 0);
+ $this->assertEqual(count(OwnerInstanceMySQLDAO::$post_access_query_cache['20-twitter-follower_id_cache']), 0);
+
//protected post but owner is admin
$owner->is_admin = true;
$this->assertTrue($dao->doesOwnerHaveAccessToPost($owner, $post));
@@ -259,10 +265,19 @@ public function testDoesOwnerHaveAccessToPost() {
$this->assertFalse($dao->doesOwnerHaveAccessToPost($owner, $post));
//protected post, owner is not admin, and owner DOES have an authed instance which follows author
+ OwnerInstanceMySQLDAO::$post_access_query_cache = array(); // clear cache
$owner->id = 2;
$follows_builder = FixtureBuilder::build('follows', array('user_id'=>'20', 'follower_id'=>'10',
'network'=>'twitter'));
$this->assertTrue($dao->doesOwnerHaveAccessToPost($owner, $post));
+ // should have populated cache arrays
+ $this->assertEqual(count(OwnerInstanceMySQLDAO::$post_access_query_cache['2-twitter-network_id_cache']), 1);
+ $this->assertEqual(count(OwnerInstanceMySQLDAO::$post_access_query_cache['20-twitter-follower_id_cache']), 1);
+ $this->assertEqual(
+ OwnerInstanceMySQLDAO::$post_access_query_cache['2-twitter-network_id_cache'][0]['network_user_id'], 10);
+ $this->assertEqual(
+ OwnerInstanceMySQLDAO::$post_access_query_cache['20-twitter-follower_id_cache'][0]['follower_id'], 10);
+
}
}
View
2  tests/TestOfPostController.php
@@ -46,6 +46,8 @@ public function setUp(){
public function tearDown(){
parent::tearDown();
+ //clear doesOwnerHaveAccessToPost query cache
+ OwnerInstanceMySQLDAO::$post_access_query_cache = array();
}
public function testConstructor() {
View
9 webapp/_lib/controller/class.GridController.php
@@ -83,6 +83,7 @@ public function authControl($owner = false) {
if ($owner) {
$public_search = true;
}
+ $private_reply_search = false;
$this->setContentType('text/javascript');
if (!$this->is_missing_param) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
@@ -104,6 +105,9 @@ public function authControl($owner = false) {
$post_dao = DAOFactory::getDAO('PostDAO');
$posts_it = $post_dao->getRepliesToPostIterator($_GET['t'],$_GET['n'], 'default','km',
$public_search);
+ if(! $public_search) {
+ $private_reply_search = true;
+ }
} else {
if (isset($_GET['nolimit']) && $_GET['nolimit'] == 'true') {
self::$MAX_ROWS = 0;
@@ -120,6 +124,11 @@ public function authControl($owner = false) {
throw Exception("Grid Search should use a PostIterator to conserve memory");
}
foreach($posts_it as $key => $value) {
+ if($private_reply_search) {
+ if(! $ownerinstance_dao->doesOwnerHaveAccessToPost($owner, $value)) {
+ continue;
+ }
+ }
$cnt++;
$data = array('id' => $cnt, 'text' => $value->post_text,
'post_id_str' => $value->post_id . '_str', 'author' => $value->author_username,
View
36 webapp/_lib/model/class.OwnerInstanceMySQLDAO.php
@@ -31,6 +31,14 @@
*/
class OwnerInstanceMySQLDAO extends PDODAO implements OwnerInstanceDAO {
+ /**
+ *
+ * We store the query results for doesOwnerHaveAccessToPost() to reduce query load while looping through
+ * post results
+ * @var array $post_access_query_cache
+ */
+ static $post_access_query_cache = array();
+
public function doesOwnerHaveAccessToInstance(Owner $owner, Instance $instance) {
// verify $owner has an id
if (! isset($owner->id)) {
@@ -69,7 +77,6 @@ public function doesOwnerHaveAccessToPost(Owner $owner, Post $post) {
$message = 'doesOwnerHaveAccessToPost() requires an "Owner" object with "id" defined';
throw new BadArgumentException($message);
}
-
//if post is public OR the owner is an admin, show it
if (!$post->is_protected || $owner->is_admin) {
return true;
@@ -82,19 +89,32 @@ public function doesOwnerHaveAccessToPost(Owner $owner, Post $post) {
WHERE oi.owner_id = :owner_id AND i.network = :network";
$vars = array(':owner_id' => $owner->id, ':network'=> $post->network);
- if ($this->profiler_enabled) Profiler::setDAOMethod(__METHOD__);
- $stmt = $this->execute($q, $vars);
- $owner_network_user_ids = $this->getDataRowsAsArrays($stmt);
+ // we'll cache query results to speed up checks while looping through post iterators
+ $network_id_cache_key = implode("-", $vars) . '-network_id_cache';
+ if(isset(self::$post_access_query_cache[ $network_id_cache_key ])) {
+ $owner_network_user_ids = self::$post_access_query_cache[ $network_id_cache_key ];
+ } else {
+ if ($this->profiler_enabled) Profiler::setDAOMethod(__METHOD__);
+ $stmt = $this->execute($q, $vars);
+ $owner_network_user_ids = $this->getDataRowsAsArrays($stmt);
+ self::$post_access_query_cache[ $network_id_cache_key ] = $owner_network_user_ids;
+ }
// select all the network user ID's which follow protected author
$q = "SELECT f.follower_id
FROM #prefix#follows f
WHERE f.user_id = :user_id AND f.network = :network";
$vars = array(':user_id' => $post->author_user_id, ':network'=> $post->network);
- if ($this->profiler_enabled) Profiler::setDAOMethod(__METHOD__);
- $stmt = $this->execute($q, $vars);
- $authed_network_user_ids = $this->getDataRowsAsArrays($stmt);
-
+ // we'll cache query results to speed up checks while looping through post iterators
+ $follower_id_cache_key = implode("-", $vars) . '-follower_id_cache';
+ if(isset(self::$post_access_query_cache[ $follower_id_cache_key ])) {
+ $authed_network_user_ids = self::$post_access_query_cache[ $follower_id_cache_key ];
+ } else {
+ if ($this->profiler_enabled) Profiler::setDAOMethod(__METHOD__);
+ $stmt = $this->execute($q, $vars);
+ $authed_network_user_ids = $this->getDataRowsAsArrays($stmt);
+ self::$post_access_query_cache[ $follower_id_cache_key ] = $authed_network_user_ids;
+ }
// If there's overlap, return true else return false
foreach ($owner_network_user_ids as $owner_network_user_id) {
foreach ($authed_network_user_ids as $authed_network_user_id) {
Something went wrong with that request. Please try again.