LP#
1254918: Allow skiping of user-object perms
Previous to this commit, permissions in Evergreen check a cominbation
of:
* user-object permissions (does the user have a direct permission
mapping to the object in question)
* user-context permissions (does the user have the permission at the
object's context location, whose field is defined in the IDL)
* user-global permission (lacking a context location, does the user
have the permission globally (at the top of the org tree) and therefore
can apply the action to all objects of this typ)
In practice, there are almost no user-object permissions. When retrieving
just on object from the database, the cost of this check is negligable to
the point that we can completely ignore it. However, when retrieving a
large set of objects, such as the list of all funds in a large, consortial
environment, the cost to check the user-object permission adds up to a
noticable amount of time.
To address this, we add a new construct to the IDL instructing the PCRUD
infrastructure to skip user-object permission checking in those cases where
the design and use of the system makes user-specific object permissions
needless or superfluous. This is embodied in a new XML attribute on the
<pcrud> element: ignore_object_perms. When set to "true", pcrud will skip
all user-object permission checks, resulting in faster time-to-first-result.
Additionally, we add a new "owning_user" attribute on the <action> element
of the <pcrud> section. This new attribute specifies the field containing
the actor.usr.id of the user that "owns" the object. This allows PCRUD to
test ownership of an object directly, and if the requesting user and owning
user are the same, the action is allowed.
Finaly, when "global_required" is "true" for the permission check, and there
is no "owning_user" attribute defined for the class in the IDL, we skip the
above-mentioned user-object permission check. When "global_required" is
"false" or there is an "owning_user" attribute, we check for user permissions.
In all cases, the "ignore_object_perms" attribute is honored, and in its
presence we skip non-owner user-object permissions.
The net result is an immediate increase in speed for retrieval of objects
in the presence of the "global_required" attribute, and a mechanism to
increase the speed of specific cases of context-aware retrival by the use
of "ignore_object_perms".
We use this new mechanism to speed the retrieval of fund objects in the
ACQ interfaces that draw available-fund dropdowns.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>