[ckan-dev] ckan auth

• Previous message: [ckan-dev] Tests failing on master on Jenkins
• Next message: [ckan-dev] related urls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When producing a web page, CKAN makes frequent checks of the user's
authorizations and I wondered if the processing of this could be
improved.

For simply viewing a dataset, CKAN asks the authz subsystem about the user:
- is he allowed to view the site?
- can he edit this dataset?
- can he create new datasets?
And I think there are a few more. Each of these is a couple of
database lookups with joins, so not trivial, but all of them very
similar.

Why doesn't CKAN simply ask "what is this user allowed to do" once at
the start of handling each request? I think this might be no more
expensive than answering any one of these questions. Then each time we
need to ask questions like "can he create new datasets" we've already
got the answer. Any thoughts on this optimisation?

In fact, I've always wanted to know everything that my user account
allows me to do, yet it's not displayed in CKAN's UI.

Dave

• Previous message: [ckan-dev] Tests failing on master on Jenkins
• Next message: [ckan-dev] related urls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]