Skip to content

AAP-53611 Introduce a bulk re-computation context manager for RBAC #840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: devel
Choose a base branch
from
Open

AAP-53611 Introduce a bulk re-computation context manager for RBAC #840

wants to merge 4 commits into from

Conversation

AlanCoding
Copy link
Member

Description

This PR implements a bulk_rbac_caching context manager to optimize performance during bulk RBAC permission
operations. Currently, each call to give_permission or remove_permission triggers expensive cache updates via
update_after_assignment, which calls compute_team_member_roles() and compute_object_role_permissions(). During
migration processes or other bulk operations, this results in excessive resource consumption as these expensive
functions are called repeatedly for each individual permission change.

The new context manager defers these cache updates during bulk operations by collecting update parameters in
thread-local storage and performing a single global update when exiting the context. This maintains all existing
functionality and correctness while providing significant performance improvements for bulk scenarios. The
implementation includes comprehensive tests covering deferred updates, parameter collection, nested contexts,
exception handling, and performance verification. Usage is simple: wrap bulk operations with with
bulk_rbac_caching(): and cache updates will be automatically batched and executed once at the end.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Test update
  • Refactoring (no functional changes)
  • Development environment change
  • Configuration change

@AlanCoding AlanCoding changed the title Introduce a bulk re-computation context manager for RBAC AAP-53611 Introduce a bulk re-computation context manager for RBAC Sep 17, 2025
AlanCoding
AlanCoding commented Sep 17, 2025
View reviewed changes
test_app/views.py Outdated
user = User.objects.create(username=str(uuid4()))
org, _ = Organization.objects.get_or_create(name='Default')
rd.give_permission(user, org)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoops

@AlanCoding
Copy link
Member Author

bugbot run

cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions GitHub Actions
Copy link

DVCS PR Check Results:

PR appears valid (JIRA key(s) found)

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
94.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@AlanCoding AlanCoding marked this pull request as ready for review September 17, 2025 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AlanCoding