perf: Resolve issue when for priority-deny-override mode, all policies were scanned, even if effect was found on higher priority levels

[apiscevs]

I've noticed that performance is very poor for policy files containing 10k+ policies, even when trying to enforce highest priority level policies.

It turned out, that we cannot rely on nowEffect is not Effect.Effect.Indeterminate check, as in some policy file versions it will never recover from Indeterminate status.

Easiest way how to reproduce a performance issue I'm talking about is: 1. to replace policies of priority_explicit_deny_override_policy.csv

p, 1, my_sub,my_obj,my_act_read,allow
p, 1, my_sub,my_obj,my_act_write,allow
p, 2, my_sub2,my_obj2,my_act_read2,allow
p, 2, my_sub2,my_obj2,my_act_write2,allow

g, alice, my_sub

2. Add following test

        public void TestPriorityExplicitDenyOverrideModel()
        {
            var e = new Enforcer(_testModelFixture.GetNewPriorityExplicitDenyOverrideModel());
            e.BuildRoleLinks();
            TestEnforce(e, "alice", "my_obj", "my_act_read", true);
        }

3. Run the test in debug mode and notice, that CoreEnforcer went thru all 4 policies, but should break after scanning first two For 10k policies cases, it most likely will go thru each of them.

My proposing change is to add a hit policies counter to chainEffector, and checking against hit policies count while jumping to lower priority level.

[apiscevs]

Hi @sagilio , after this adjustment, performance is just fine after this fix, I don't think any other performance optimization is required.

Thanks, Alex

[github-actions[bot]]

:tada: This PR is included in version 1.10.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: