[rt-users] [PATCH] no empty or incomplete search results pages - ACL checks for ticket in SQL

Ruslan Zakirov ruz at bestpractical.com
Mon Nov 3 16:22:29 EST 2008


Hello,

Users who are using RT for a while or in environment with interesting
ACL setups may know that access control checks are done after actual
search what may result in empty result sets, incorrect numbers of
tickets in a result set.

After several attempts I have finally something that works and I need
a lot of feedback from people with setups on various DB backends and
different ACL schemas. Patch applies on 3.8.1 (with some offsets) and
3.6.LATEST. Patch is not very intrusive and controlled by a config
option, so you can disable it and jump to old version quickly.

I'm looking for any feedback, positive and negative.

It's very EASY to try. Apply the patch, "Set($UseSQLForACLChecks, 1);"
in the config, stop and start web server.

I think some DBs (old versions of mysql, Pg and may be Oracle)
wouldn't be able to process fast new queries, especially for setups
with complex ACL settings, but for some setups there must be
performance improvement over the current behavior.

Don't forget to mention RT version, DB server and its version, turn on
logs of slow queries if you see performance degradations, explain slow
queries before sending reports. Ah, and it's sure important to mention
how ShowTicket right is granted to different groups and individuals.

-- 
Best regards, Ruslan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RT-3.6-ticket_acls_in_sql.patch
Type: application/octet-stream
Size: 9761 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081104/1156d8f2/attachment.obj>


More information about the rt-users mailing list