-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IBX-5663: Added paginated role assignments load method to API #373
Conversation
…icies methods to API
Is there a possibility to use proxies for policies instead of introducing a new method and later thinking why there are nulls for some cases? |
@ViniTou I'll take a look into it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a business logic and security issues here. Currently there's no way to distinguish between a Role
without policies from a Role
without loaded policies. From API contract perspective information returned like that is not correct and could lead to treating the object as policy-less one, leading to security holes in places where we forgot or 3rd party is not aware that the information loaded is not full.
Is there a possibility to use proxies for policies instead of introducing a new method and later thinking why there are null for some cases?
Seems like the most reasonable way.
@alongosz @ViniTou as policies property in Role is an array and assuming we don't want to change that how would you want to approach building a proxy? ProxyGenerator requires an actual object to be proxied, so would you like to proxy every policy separately? It would require fetching ids of those policies either way so performance gain would be minimal. |
@barw4 Other way, would be to introduce new class for that Role without policies, but probably above will apply as well. Is adding just pagination for role assigments not enough? |
@ViniTou it should suffice for now, at least according to the public ticket. I've removed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this is a good direction 💪
It needs a little bit of improvement:
eZ/Publish/Core/Persistence/Legacy/User/Role/Gateway/DoctrineDatabase.php
Outdated
Show resolved
Hide resolved
eZ/Publish/Core/Persistence/Legacy/User/Role/Gateway/DoctrineDatabase.php
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note for reviewers: persistence cache for countRoleAssignments
method was not implemented on purpose after a discovery phase and going back and forth on the solution.
It's because backoffice uses Trash and Content API to trash and then delete User Group, instead of User API. This makes role to user group assignment cache for count impossible to invalidate in a clean way.
We need to take another iteration to solve this separately, most likely after 4.6.0 LTS release.
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reproduced the 30 seconds execution timeout with ca. 6k assigned users. Problem was occurring with new cache. Consecutive reloads took 7-8 seconds.
With the fix such role loads like any standard role, in 1-2 seconds in a dev env.
QA Approved on Ibexa Experience 3.3.34-dev with diffs.
Nice work @barw4 💪 |
v3.3
2 new methods were added to
RoleService
in order to improve performance in the Back Office:loadRoleAssignments
- allows setting$offset
and$limit
arguments in order to allow pagination. The old methodgetRoleAssignments
even if cached could result in a huge performance drop in the Back Office as the amount of assignments can be really large.countRoleAssignments
- counting role assignments, usable for the above method.Related PR: ezsystems/ezplatform-admin-ui#2102
Checklist:
$ composer fix-cs
).@ezsystems/engineering-team
).