Roundup Tracker - Issues

Message6692

Author rouilj
Recipients joseph_myers, rouilj
Date 2019-10-05.23:55:22
Message-id <20191005235518.B05984C023C@itserver6.cs.umb.edu>
In-reply-to <alpine.DEB.2.21.1910051730310.6859@digraph.polyomino.org.uk>
Hi Joseph:

In message <alpine.DEB.2.21.1910051730310.6859@digraph.polyomino.org.uk>,
Joseph Myers writes:
>I think the natural time to validate this is immediately after loading the 
>schema (or some such time in the Roundup startup process), for all 
>permissions that have been created at that point, so you always get an 
>immediate error for this mistake [...]

I hadn't considered putting in the valiadtion at that point. IIRC
there is something that can be set to run after the schema loads. That
could be used to implement the validation maybe??

Previous work had indicated that the permissions application code can
be a bottleneck (i.e. linear search through all permission items even
if they are not associated with the class you are trying to validate.)
My idea was to validate only the permissions that were actually used
to reduce the load of implementing a complex permission schema.

>rather than needing either (a) to run a special command to detect
>such problems or (b) to wait for someone to use the particular action
>etc. that checks a particular permission, which might not happen for
>some time.

As you say, my suggestions do have the downside, of leaving
unvalidated perms in the config.

Validating all perms in my tracker means that > 2/3 of the validation
would be thrown away on every rest/xmlrpc/web page hit. E.G. If the
user's role is User, there is no need to validate the Agent,
Provisional User, Anonymous, or Admin roles of permissions every
single time.

Hmm, there are two code paths depending on whether the instance is
optimized or not. IIRC it compiles the schema. I wonder if there is a
path to create an optimized instance that will run validation only
during schema compilation. Then future requests will use the compiled
copy bypassing the validation.

Do you have any ideas on how to validate the permissions in the schema
only when it changes? Is there a pre-existing code path that could be
used?

Thanks for your feedback.
History
Date User Action Args
2019-10-05 23:55:22rouiljsetrecipients: + rouilj, joseph_myers
2019-10-05 23:55:22rouiljlinkissue2551062 messages
2019-10-05 23:55:22rouiljcreate