[ckan-dev] ckan auth

David Read david.read at hackneyworkshop.com
Fri Apr 27 14:35:50 UTC 2012


When producing a web page, CKAN makes frequent checks of the user's
authorizations and I wondered if the processing of this could be
improved.

For simply viewing a dataset, CKAN asks the authz subsystem about the user:
- is he allowed to view the site?
- can he edit this dataset?
- can he create new datasets?
And I think there are a few more. Each of these is a couple of
database lookups with joins, so not trivial, but all of them very
similar.

Why doesn't CKAN simply ask "what is this user allowed to do" once at
the start of handling each request? I think this might be no more
expensive than answering any one of these questions. Then each time we
need to ask questions like "can he create new datasets" we've already
got the answer. Any thoughts on this optimisation?

In fact, I've always wanted to know everything that my user account
allows me to do, yet it's not displayed in CKAN's UI.

Dave




More information about the ckan-dev mailing list