Merge pull request #458 from mozilla-services/index-postgres-permissions

Index permissions (ref #354)

cliquet/permission/postgresql/__init__.py

@@ -187,14 +187,18 @@ def principals_accessible_objects(self, principals, permission,
         ),
         user_principals AS (
           VALUES %(principals)s
+        ),
+        potential_objects AS (
+          SELECT object_id, required_perms.column1 AS pattern
+            FROM access_control_entries
+            JOIN user_principals
+              ON (principal = user_principals.column1)
+            JOIN required_perms
+              ON (permission = required_perms.column2)
         )
         SELECT object_id
-          FROM access_control_entries
-            JOIN required_perms
-              ON (object_id ~ required_perms.column1 AND
-                  permission = required_perms.column2)
-            JOIN user_principals
-              ON (principal = user_principals.column1);
+          FROM potential_objects
+         WHERE object_id ~ pattern;
         """ % dict(perms=perms_values,
                    principals=principals_values)
 

cliquet/permission/postgresql/schema.sql

@@ -12,3 +12,10 @@ CREATE TABLE IF NOT EXISTS access_control_entries (
 
     PRIMARY KEY (object_id, permission, principal)
 );
+
+DROP INDEX IF EXISTS idx_access_control_entries_object_id;
+CREATE INDEX idx_access_control_entries_object_id ON access_control_entries(object_id);
+DROP INDEX IF EXISTS idx_access_control_entries_permission;
+CREATE INDEX idx_access_control_entries_permission ON access_control_entries(permission);
+DROP INDEX IF EXISTS idx_access_control_entries_principal;
+CREATE INDEX idx_access_control_entries_principal ON access_control_entries(principal);