Optimise Security Policy creation for non-admin users

[jamesrwelch]

Fixes #473

[jamesrwelch]

Sorry, the branch was incorrectly named. But all the tests are passing on it

[pjmonks]

I carried out some performance testing to compare sign in times. These were taken to see how long the GET /session/isApplicationAdministration endpoint completes in various environments - those marked in bold are the improvements to focus on:

Administrator user

• NHSE Mauro Test environment - 6.99s
• Local (without fix) - 9.07s
• Local (with fix) - 8.11s

Regular user

• NHSE Mauro Test environment - 1 min+ (500 status response)
• Local (without fix) - 1 min+ (500 status response)
• Local (with fix) - 9.54s

Even if a regular user security policy check takes around 1 - 2 seconds longer than an administrator, this still looks well within tolerance of the 60 second timeout.

[pjmonks]

I tested the performance on another endpoint too, PUT /folders/{folderId}/readByAuthenticated. It was raised to me that switching this on/off in the UI seemed very slow to actually complete. Thinking this might be related to the security policy for the users, I checked if there was a performance improvement here too.

Running as an administrator

• Local (without fix) - turn "readable by authenticated" on - 1.9 mins to complete
• Local (with fix) - turn "readable by authenticated" on - 4.64s to complete

So your changes have benefitted other areas too 👍

[joe-crawford]

Can't see a problem with this and great that the performance is much better so good to merge.

Noted your comment Pete but will leave for now given it's in a test.