New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(server): Prepare access interfaces for bulk permission checks #5223
chore(server): Prepare access interfaces for bulk permission checks #5223
Conversation
This change adds the `AccessCore.getAllowedIds` method, to evaluate permissions in bulk, along with some other `getAllowedIds*` private methods. The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests. Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I liked about how this worked before was how clean and intuitive the interfaces were for checking access. It is a bit more complicated now.
What do you think about adding a new method checkAccess
that returns back a map of IDs mapped to whether or not they have access.
Then the change everywhere else is removing the lookup from inside the loop, moving it to check access at the top, and replacing the line in the loop with access[id]
instead.
I think the approaches we are considering are very similar, if I improve the current I considered returning a map, but found a few inconveniences that would make the solution less performant and more complex for some scenarios:
|
Maybe I am just being picky, but it seems like you have added a lot of boilerplate code to work with sets, specifically on the calling side. I just want the code to be clean, concise, and easy to read, and I feel like these changes, right now at least, make it less simple. Maybe a few small changes would help improve things:
What do you think? |
Please, I really appreciate the feedback!
I'm not very familiar with TypeScript, but ideally this would be an I have changed the signature to
Great suggestions! I have implemented all of them, so now there's only |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is pretty small, we can merge it as is, or because it is pretty small we can look at porting some calls to bulk here as well.
const allowedIds = await this.access.checkAccess(authUser, Permission.PERSON_MERGE, mergeIds); | ||
|
||
if (!hasPermission) { | ||
for (const mergeId of mergeIds) { | ||
const hasAccess = allowedIds.has(mergeId); | ||
if (!hasAccess) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
const allowedAssetIds = new Set([ | ||
...(await this.access.checkAccess(authUser, Permission.ALBUM_REMOVE_ASSET, existingAssetIds)), | ||
...(await this.access.checkAccess(authUser, Permission.ASSET_SHARE, existingAssetIds)), | ||
]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works, it might be a bit cleaner if these were two separate sets, like canRemove
or canShare
and then it was used below like const hasAccess = canRemove.has(id) || canShare.has(id)
, but overall this looks good too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you find this more readable, while we still maintain a single set lookup per id?
const canRemove = await this.access.checkAccess(authUser, Permission.ALBUM_REMOVE_ASSET, existingAssetIds);
const canShare = await this.access.checkAccess(authUser, Permission.ASSET_SHARE, existingAssetIds);
const allowedAssetIds = new Set([...canRemove, ...canShare]);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks better to me, yes. Thanks
This change adds the
AccessCore.getAllowedIds
method, to evaluate permissions in bulk, along with some othergetAllowedIds*
private methods.The added methods still calculate permissions by id, and are not optimized to reduce the amount of queries and execution time, which will be implemented in separate pull requests.
Services that were evaluating permissions in a loop have been refactored to make use of the bulk approach.