dvstans
commented
4 years ago Forgot that permissions are per user and group, so this is not really possible. Will think about it and try to find something that reduces read-time processing.
Closed dvstans closed 4 years ago
dvstans
commented
4 years ago Forgot that permissions are per user and group, so this is not really possible. Will think about it and try to find something that reduces read-time processing.
dvstans
commented
4 years ago Can't be done
The current system of local and inherited permissions is very powerful, but leads to high complexity and run time cost for all data access operations. (Must traverse permission graph to compute permissions). Instead, permissions should be calculated and cached locally only when permissions change (ACLs set/changed, ownership changed, link/unlink to collections). However, to implement this, care must be taken to reduce to probability of write-write collisions within the DB. So, new tables of permission vertices and edges should be created forming an independent permission graph that can be updated without colliding with normal write operations to other DB records. This will reduce permission checks to a single hop traversal to an associated permission record instead of a potentially complex recursive traversal (that must be repeated many times).