[NXP-13691] Refactor ACLR filtering - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.9.1
Fix Version/s: 5.8.0-HF07, 5.9.2
Component/s: Core VCS

Tags:

Description

IMPORTANT MIGRATION STEP: see ~~NXP-13925~~.

At the SQL level the filtering of rights is done using:

a join on the hierarchy_read_acl table that materialize the read ACL for each document
a clause with a subselect that gets the list of allowed read acl for a user using a function: nx_get_read_acls_for

To be efficient the nx_get_read_acls_for use a cache.

The problem is that the query planner don't know how much ACLR will be return by the function nx_get_read_acls_for. This leads to wrong execution plan in some case.

This can be refactored by doing the query in 2 times:

Use the nx_prepare_user_aclr to build the ACLR user cache aclr_user_map
Join the cache in the query and a clause AND aclr_user_map.user_id = MD5(principals)

This way the query planner has all the hints to choose the best plan.

Also calling nx_prepare_user_aclr before each query can be optimized later so we call it only once per transaction.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

nuxeo-core-storage-sql-5.8.0-HF06-NXP-13691.jar
576 kB
2014-02-10 19:02

Issue Links

is required by

NXP-13925 Fix duplicate documents due to aclr_user duplicate rows

Resolved

NXBT-692 Funkload DM Tomcat 5.6.0 job failing under Oracle

Resolved

Activity

People

Assignee:

Florent Guillaume

Reporter:

Benoit Delbosc

Participants:

Benoit Delbosc, Florent Guillaume, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2014-02-04 16:38

Updated:

2014-05-16 14:21

Resolved:

2014-02-10 18:23

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified