[Rt-devel] Why are Groups cachedmembers of themselves?
jesse at bestpractical.com
Fri Oct 20 18:34:01 EDT 2006
On Fri, Oct 20, 2006 at 03:16:52PM -0700, Joby Walker wrote:
> The comments from Group_Overlay::Create say:
> # Now we make the group a member of itself as a cached group member
> # this needs to exist so that group ACL checks don't fall over.
> # you're checking CachedGroupMembers to see if the principal in question
> # is a member of the principal the rights have been granted too
> # in the ordinary case, this would fail badly because it would recurse
> and add all the members of this group as
> # cached members. thankfully, we're creating the group now...so it has
> no members.
> Is this truly necessary for all groups? This is leading to a huge
> inflation in the number of cachedgroupmembers records. Just with a
> simple example of every ticket averaging 1 requestor, 1 owner, and 1 cc,
> this means that there will be 10 cachedgroupmembers records per ticket
> (one for all four roles, and 2 for each real member) -- where only 3
> should be necessary. We're rapidly approaching 100,000 tickets so that
> is 700,000 unnecessary records.
Actually, there's a different optimization I'd recommend. Instead of not
creating the cachedgroupmembers, RT should simply not create the groups
unless you're explicitly adding someone to them.
> So why is this necessary? Is it for ACL checks on User Defined groups?
It's for ~all group ACL and groupmember checks.
> Joby Walker
> C&C SSG, University of Washington
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
More information about the Rt-devel