Dashboard: optimize for .com (#12389)

stsewd · web-flow · commit ac69118c617e · 2025-08-11T14:14:25.000-05:00
- Use an internal cache for checking if an org has sso enabled. While we
cache the results in redis, this still requires checking redis, and then
hitting the DB, a local cache avoids that.
- Instead of doing two queries for getting the teams (admin and read
only), just do it in one.
diff --git a/readthedocs/core/permissions.py b/readthedocs/core/permissions.py
@@ -45,29 +45,43 @@ def projects(cls, user, admin=False, member=False):
             # when we aren't using organizations.
             return user.projects.all()
 
-        if admin:
-            # Project Team Admin
-            admin_teams = user.teams.filter(access=ADMIN_ACCESS)
-            for team in admin_teams:
-                if not cls.has_sso_enabled(team.organization, SSOIntegration.PROVIDER_ALLAUTH):
+        # Internal cache to avoid hitting the database/cache multiple times.
+        _organizations_with_allauth_sso = {}
+
+        def _has_sso_with_allauth_enabled(org):
+            if org.pk not in _organizations_with_allauth_sso:
+                _organizations_with_allauth_sso[org.pk] = cls.has_sso_enabled(
+                    org,
+                    SSOIntegration.PROVIDER_ALLAUTH,
+                )
+            return _organizations_with_allauth_sso[org.pk]
+
+        # Projects from teams
+        if admin or member:
+            filter = Q()
+            if admin:
+                filter |= Q(access=ADMIN_ACCESS)
+            if member:
+                filter |= Q(access=READ_ONLY_ACCESS)
+
+            teams = user.teams.filter(filter).select_related(
+                "organization", "organization__ssointegration"
+            )
+            for team in teams:
+                if not _has_sso_with_allauth_enabled(team.organization):
                     projects |= team.projects.all()
 
+        if admin:
             # Org Admin
             for org in user.owner_organizations.all():
-                if not cls.has_sso_enabled(org, SSOIntegration.PROVIDER_ALLAUTH):
+                if not _has_sso_with_allauth_enabled(org):
                     # Do not grant admin access on projects for owners if the
                     # organization has SSO enabled with Authorization on the provider.
                     projects |= org.projects.all()
 
             projects |= cls._get_projects_for_sso_user(user, admin=True)
 
         if member:
-            # Project Team Member
-            member_teams = user.teams.filter(access=READ_ONLY_ACCESS)
-            for team in member_teams:
-                if not cls.has_sso_enabled(team.organization, SSOIntegration.PROVIDER_ALLAUTH):
-                    projects |= team.projects.all()
-
             projects |= cls._get_projects_for_sso_user(user, admin=False)
 
         return projects
