[Rt-devel] Why are Groups cachedmembers of themselves?

Jesse Vincent jesse at bestpractical.com
Fri Oct 20 18:34:01 EDT 2006




On Fri, Oct 20, 2006 at 03:16:52PM -0700, Joby Walker wrote:
> The comments from Group_Overlay::Create say:
> 
> # Now we make the group a member of itself as a cached group member
> # this needs to exist so that group ACL checks don't fall over.
> # you're checking CachedGroupMembers to see if the principal in question
> # is a member of the principal the rights have been granted too
> # in the ordinary case, this would fail badly because it would recurse 
> and add all the members of this group as
> # cached members. thankfully, we're creating the group now...so it has 
> no members.
> 
> Is this truly necessary for all groups?  This is leading to a huge 
> inflation in the number of cachedgroupmembers records.  Just with a 
> simple example of every ticket averaging 1 requestor, 1 owner, and 1 cc, 
> this means that there will be 10 cachedgroupmembers records per ticket 
> (one for all four roles, and 2 for each real member) -- where only 3 
> should be necessary.  We're rapidly approaching 100,000 tickets so that 
> is 700,000 unnecessary records.

Actually, there's a different optimization I'd recommend. Instead of not
creating the cachedgroupmembers, RT should simply not create the groups
unless you're explicitly adding someone to them.

> So why is this necessary?  Is it for ACL checks on User Defined groups?

It's for ~all group ACL and groupmember checks.

> -- 
> 
> Joby Walker
> C&C SSG, University of Washington
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
> 

-- 


More information about the Rt-devel mailing list