Uploaded image for project: 'uPortal'
  1. UP-4516

Refactor the AnyUnblockedGrantPermissionPolicy to be readable and maintainable and improve the performance of permissions checking through additional caching

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.0
    • Component/s: None
    • Labels:

      Description

      uPortal has a pretty complex model for permissions. We use...

      • Principal+
      • Owner
      • Activity+
      • Target+

      and 3 out of 4 (the ones with '+') of these can be hierarchical. This situation means that the number of potential checks – when the user wants to do something that's governed by permissions – can be very large.

      Admin users have 'superuser' authority and therefore permission checks for them are relatively quick. But month-by-month the portal is doing more things that require permissions for users who are not admins. Many of the RESTful JSON feeds are good examples; collections of portlets, etc. are (rightly) filtered by the user's permissions.

      The Java code in AnyUnblockedGrantPermissionPolicy is old, disorganized, and hard to penetrate. This situation makes it difficult to troubleshoot or tackle performance. We should clean it up.

      We should also apply more caching within that class if it can be shown to help.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                awills Andrew Wills
                Reporter:
                awills Andrew Wills
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: