? Success

User tests: Successful: Unsuccessful:

avatar Fedik
Fedik
10 Feb 2015

it alternative solution for improve performance #5996

I added 2 methods to JAsset that allow to check authorisation for multiple assets at once,
and use it for check user access to edit the module

in theory such thing can perform also for articles , but lets test it on the modules

test
apply patch and check performance on the page where a loot modules,
and compare result with test without this patch

important

  • perform test as guest and as logged in user, as Super User and as user from other group
  • try change edit access for some module and user, then test whether it work

ps. have question, is it a good idea move this out from JDocumentRendererModules somewhere in JModuleHelper::load() ?

this pull check access by "module position" not by each module, so performance will be depend from how much positions in the template :smile:

if it will work good, then similar thing can be done for articles, for more efficient perform access check

avatar Fedik Fedik - open - 10 Feb 2015
avatar joomla-cms-bot joomla-cms-bot - change - 10 Feb 2015
Labels Added: ?
avatar Hackwar
Hackwar - comment - 10 Feb 2015

Please fix your codestyle issues.

I don't have a good feeling with this proposal. So far I haven't been able to fully work through the proposal completely, but based on the complexity, this is not something that could be part of 3.4.x. This will need time to get reviewed and tested, especially combined with the issue that we don't want to fill our session with megabytes of access check data.

e69fd8d 11 Feb 2015 avatar Fedik c.s.
dc3a6b6 11 Feb 2015 avatar Fedik c.s.
avatar Fedik
Fedik - comment - 11 Feb 2015

we don't want to fill our session with megabytes of access check data.

I really do not understand what do you mean, where do you see caching in session? :smile:

avatar Fedik Fedik - change - 11 Feb 2015
The description was changed
cd4da37 11 Feb 2015 avatar Fedik c.s.
avatar Fedik Fedik - change - 11 Feb 2015
The description was changed
avatar Hackwar
Hackwar - comment - 11 Feb 2015

Sorry, my bad. We only cache the viewlevels and for some stupid reason the groups a user belongs to, but in a place where they are never used in the access checking.

Which
makes
this
even
worse. :-1:

The ACL system was designed to cache its results per user in the respective session in order to prevent a query for each and every single authorise() call. It meant that per session, you only had to do those checks (theoretically) once. I was absolutely sure that we had this in our code at some point, but I couldn't find it, at least back to February 2010. At that point, the session table had a varchar field for the data with a limit of 256kb afaik. That is why we discussed having to have a garbage collector for those authorise checks or in other words: A limit on how much we cache. Now it seems that Louis/Andrew dropped that again when they saw that this meant that access changes would not propagate unless the users sessions are wiped once.

And I'm wondering why the system is slow like a turtle...

sigh Ok, so lets introduce caching. That would have to be done in JUser, since JUser is already stored in the session. I would say that we should not cache more than 500 permissions per session.

In any case, that is WAY out of scope of 3.4.0.

avatar Fedik
Fedik - comment - 11 Feb 2015

ok, I understand your point

but
my pull have different approach,
if we will be able to check multiple assets at once (means do only one db request instead of 100 separate requests for each asset) then we also can win a lot, even without caching

my pull do not change existing JAsset::check() logic, so I see no problem to have it somewhere 3.4.x ... but it more depend from test results and feedbacks of course

avatar Hackwar
Hackwar - comment - 11 Feb 2015

My problem is, that we will be stuck with your method for the rest of the 3.x series. At the same time it is a REALLY fragile part of Joomla. So I want to make sure that we are really doing the right thing here.

avatar Fedik
Fedik - comment - 11 Feb 2015

@Hackwar about caching, as you already noticed it can lead to huge session size, that will make session save/update slower (especially on huge site), that even without such caching not so fast ..

maybe this was a reason why this not implemented/removed :wink:

so from my side I do not see huge performance win compared to "check multiple assets at once"

avatar Hackwar
Hackwar - comment - 11 Feb 2015

I added caching in #6053. On my system its about 10-20% faster on the second load than before. There is quite a large performance gain here, because for example module editing will be requested identically on all pages and that means 0 extra queries per page if the caching is used. As you can see, I also limited the caching to 250 elements, exactly because of the session-size-issue. That means about 10-15kb of extra session data in worst case. We might have to tweak that further in the future.

With your implementation I'm hesitant, because, as I said, the code that we add has to be "bullet-proof", since we are stuck with it until 4.0 at least. If this turns out to have a huge negative effect, we need to be able to revert that change.

Considering your implementation:

  • checkMultiple is a bad name for this. You could use batchCheck or simply extend JAccess::check() and let it accept an array as second parameter instead of just a string and depending on that behave differently.
  • No code should have to call JAccess directly, this should all go through JUser, so you would either need to extend JUser::authorise the way I described above or provide a method that wraps this in JUser accordingly.
  • The frontend editing feature is a frontend-only feature and thus should not be moved into JModuleHelper. (It is also wrong in the renderer and we should find a different solution for this, but that is another issue) Please leave the feature in the modules renderer.
  • Please don't use nested ternary operators.
  • Looking at the query to retrieve the rules, I don't know if that one works correctly. I don't fully understand it, but to me it looks like you will first retrieve all specific module rules, then all com_modules rules, then the core.edit rule or whatever and the module rules will override each other pretty randomly. As far as I understand it, they are not ordered by path-per-ID-to-check and then from leaf to root, but all leafs are returned first, then all parents of those leafs, etc. and they will overwrite each other. Will have to look into that one a bit further however.
avatar Fedik
Fedik - comment - 11 Feb 2015

On my system its about 10-20% faster on the second load than before

main word on your system :wink:

thing that I am afraid:
screen 2015-02-11 20 59 46 1020x600

it is Joomla! 3.3, home page, clear installation,
on the hosting where the database optimized to read, but slow on write/update, and there request to "session update" always slower on the page (in range between 40-90ms and even more)

so each additional caching in the session is a killing feature :smiley:

Looking at the query to retrieve the rules, I don't know if that one works correctly

I would not do pull request without testing :neckbeard:

avatar zero-24 zero-24 - change - 11 Feb 2015
Easy No Yes
avatar zero-24 zero-24 - change - 12 Feb 2015
Category Libraries
avatar Fedik Fedik - close - 21 Sep 2015
avatar Fedik Fedik - change - 21 Sep 2015
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2015-09-21 19:50:04
Closed_By Fedik
avatar Fedik Fedik - close - 21 Sep 2015
avatar Fedik Fedik - head_ref_deleted - 21 Sep 2015

Add a Comment

Login with GitHub to post a comment