From 4491b5ecdfad96959f9a9ab32a5f127bbfa7eac5 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Wed, 25 Oct 2017 11:48:15 -0700 Subject: Performance improvements for 40M posts (#7708) * Optimizing get root posts SQL query * Setting session invalidation to be reliable * Adding app reciever to SessionHasPermissionToUser * Adding app reciever to SessionHasPermissionToTeam * Adding app reciever to SessionHasPermissionTo * Clear session cache if permission was denied * Fixing rebase issues * Revert "Optimizing get root posts SQL query" This reverts commit f364757e7015cfb4ec673d0a4fc3d57cd25d8dd7. * Fixing build --- app/authorization.go | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'app/authorization.go') diff --git a/app/authorization.go b/app/authorization.go index 01180e8d8..ed485e597 100644 --- a/app/authorization.go +++ b/app/authorization.go @@ -11,10 +11,16 @@ import ( "github.com/mattermost/mattermost-server/model" ) -func SessionHasPermissionTo(session model.Session, permission *model.Permission) bool { - return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) +func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Permission) bool { + if !CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) { + a.ClearSessionCacheForUser(session.UserId) + return false + } + + return true } +/// DO NOT USE: LEGACY func SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool { if teamId == "" { return false @@ -27,7 +33,22 @@ func SessionHasPermissionToTeam(session model.Session, teamId string, permission } } - return SessionHasPermissionTo(session, permission) + return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) +} + +func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool { + if teamId == "" { + return false + } + + teamMember := session.GetTeamByTeamId(teamId) + if teamMember != nil { + if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) { + return true + } + } + + return a.SessionHasPermissionTo(session, permission) } func (a *App) SessionHasPermissionToChannel(session model.Session, channelId string, permission *model.Permission) bool { @@ -50,12 +71,12 @@ func (a *App) SessionHasPermissionToChannel(session model.Session, channelId str channel, err := a.GetChannel(channelId) if err == nil && channel.TeamId != "" { - return SessionHasPermissionToTeam(session, channel.TeamId, permission) + return a.SessionHasPermissionToTeam(session, channel.TeamId, permission) } else if err != nil && err.StatusCode == http.StatusNotFound { return false } - return SessionHasPermissionTo(session, permission) + return a.SessionHasPermissionTo(session, permission) } func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId string, permission *model.Permission) bool { @@ -70,13 +91,13 @@ func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId if result := <-a.Srv.Store.Channel().GetForPost(postId); result.Err == nil { channel := result.Data.(*model.Channel) - return SessionHasPermissionToTeam(session, channel.TeamId, permission) + return a.SessionHasPermissionToTeam(session, channel.TeamId, permission) } - return SessionHasPermissionTo(session, permission) + return a.SessionHasPermissionTo(session, permission) } -func SessionHasPermissionToUser(session model.Session, userId string) bool { +func (a *App) SessionHasPermissionToUser(session model.Session, userId string) bool { if userId == "" { return false } @@ -85,7 +106,7 @@ func SessionHasPermissionToUser(session model.Session, userId string) bool { return true } - if SessionHasPermissionTo(session, model.PERMISSION_EDIT_OTHER_USERS) { + if a.SessionHasPermissionTo(session, model.PERMISSION_EDIT_OTHER_USERS) { return true } -- cgit v1.2.3-1-g7c22