Perf issues with massive ldap directories: divide listing time by 2

Author: cdujeu

core/src/core/classes/class.AuthService.php

@@ -27,6 +27,7 @@
  */
 class AuthService
 {
+    public static $cacheRoles = false;
     public static $roles;
     public static $useSession = true;
     private static $currentUser;
@@ -623,7 +624,8 @@ public static function updateDefaultRights(&$userObject)
     {
         if (!$userObject->hasParent()) {
             $changes = false;
-            foreach (ConfService::getRepositoriesList() as $repositoryId => $repoObject) {
+            $repoList = ConfService::getRepositoriesList();
+            foreach ($repoList as $repositoryId => $repoObject) {
                 if(!self::allowedForCurrentGroup($repoObject, $userObject)) continue;
                 if($repoObject->isTemplate) continue;
                 if ($repoObject->getDefaultRight() != "") {
@@ -634,7 +636,8 @@ public static function updateDefaultRights(&$userObject)
             if ($changes) {
                 $userObject->recomputeMergedRole();
             }
-            foreach (self::getRolesList(array(), true) as $roleId => $roleObject) {
+            $rolesList = self::getRolesList(array(), true);
+            foreach ($rolesList as $roleId => $roleObject) {
                 if(!self::allowedForCurrentGroup($roleObject, $userObject)) continue;
                 if ($userObject->getProfile() == "shared" && $roleObject->autoAppliesTo("shared")) {
                     $userObject->addRole($roleObject);
@@ -651,7 +654,8 @@ public static function updateDefaultRights(&$userObject)
      */
     public static function updateAutoApplyRole(&$userObject)
     {
-        foreach (self::getRolesList(array(), true) as $roleId => $roleObject) {
+        $roles = self::getRolesList(array(), true);
+        foreach ($roles as $roleObject) {
             if(!self::allowedForCurrentGroup($roleObject, $userObject)) continue;
             if ($roleObject->autoAppliesTo($userObject->getProfile()) || $roleObject->autoAppliesTo("all")) {
                 $userObject->addRole($roleObject);
@@ -990,6 +994,8 @@ public static function listUsers($baseGroup = "/", $regexp = null, $offset = -1,
             call_user_func($countCallback, $index, count($users), "Update users");
         }
 
+        self::$cacheRoles = true;
+        self::$roles = null;
         foreach (array_keys($users) as $userId) {
             if(($userId == "guest" && !ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) || $userId == "ajxp.admin.users" || $userId == "") continue;
             if($regexp != null && !$authDriver->supportsUsersPagination() && !preg_match("/$regexp/i", $userId)) continue;
@@ -1008,6 +1014,8 @@ public static function listUsers($baseGroup = "/", $regexp = null, $offset = -1,
                 }
             }
         }
+        self::$cacheRoles = false;
+
         if ($paginated && $cleanLosts) {
             // Remove 'lost' items (children without parents).
             foreach ($allUsers as $id => $object) {
@@ -1224,20 +1232,25 @@ public static function limitedRoleFromParent($parentUser)
      */
     public static function getRolesList($roleIds = array(), $excludeReserved = false)
     {
-        //if(isSet(self::$roles)) return self::$roles;
+        if(self::$cacheRoles && !count($roleIds) && $excludeReserved == true && self::$roles != null) {
+            return self::$roles;
+        }
         $confDriver = ConfService::getConfStorageImpl();
-        self::$roles = $confDriver->listRoles($roleIds, $excludeReserved);
+        $roles = $confDriver->listRoles($roleIds, $excludeReserved);
         $repoList = null;
-        foreach (self::$roles as $roleId => $roleObject) {
+        foreach ($roles as $roleId => $roleObject) {
             if (is_a($roleObject, "AjxpRole")) {
                 if($repoList == null) $repoList = ConfService::getRepositoriesList("all");
                 $newRole = new AJXP_Role($roleId);
                 $newRole->migrateDeprectated($repoList, $roleObject);
-                self::$roles[$roleId] = $newRole;
+                $roles[$roleId] = $newRole;
                 self::updateRole($newRole);
             }
         }
-        return self::$roles;
+        if(self::$cacheRoles && !count($roleIds) && $excludeReserved == true) {
+            self::$roles = $roles;
+        }
+        return $roles;
     }
 
     /**

core/src/plugins/auth.multi/class.multiAuthDriver.php

@@ -221,10 +221,18 @@ public function supportsUsersPagination()
     public function listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive = true)
     {
         if (!empty($this->baseName) && $regexp == null) {
-            return $this->drivers[$this->baseName]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive);
+            $users = $this->drivers[$this->baseName]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive);
+            $this->addToCache(array_keys($users), $this->baseName);
+            return $users;
         } else {
             $keys = array_keys($this->drivers);
-            return $this->drivers[$keys[0]]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive) +  $this->drivers[$keys[1]]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive);
+            $k0 = $keys[0];
+            $k1 = $keys[1];
+            $users0 = $this->drivers[$k0]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive);
+            $users1 = $this->drivers[$k1]->listUsersPaginated($baseGroup, $regexp, $offset, $limit, $recursive);
+            $this->addToCache(array_keys($users0), $k0);
+            $this->addToCache(array_keys($users1), $k1);
+            return $users0 + $users1;
         }
     }
 

core/src/plugins/conf.sql/class.AJXP_SqlUser.php

@@ -121,8 +121,9 @@ public function storageExists()
                 // already loaded!
                 return true;
             }
-            $this->load();
-            if (! isSet($this->rights["ajxp.admin"])) {
+            $result_rights = dibi::query('SELECT [rights] FROM [ajxp_user_rights] WHERE [login] = %s AND [repo_uuid] = %s', $this->getId(), 'ajxp.admin');
+            $testRight = $result_rights->fetchSingle();
+            if ($testRight === false) {
                 return false;
             }