Miscellaneous ⇒ Chit-Chat ⇒ ACL API ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexChit-Chat

ACL API Reply to topic

Go to page Previous 1, 2, 3

Hi,

first i notice a bug in the submited file. As nobody downloaded it please note that you must modify at the begining of the init method within the al_acl class the line containing the modheader with the CSS file.
replace "ACE" wtih "default"

After some more testings, especially with a hudge amount of ACL records in database and some stress testing in this condition the performance becomes very bad.

There are to point to work on to improve things in the evaluating of ACL . Fisrt the loop through all ACLs to find those of interest and second the way of evaluating.
In other word the hole evaluating process is very unsatisfying.

Netherless, the way the current version is working in small environements is very good regarding heritance and granularity of the ACLs

I'm looking for someone interested in talking with me about this so that i can get some hints how to start improving it.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


grrr.....

finaly it came out that the module i'm testing the ACL with had an error. The result was about 70.000 loops in the ACL evaluations that took about 5 seconds.

Finaly the performance is ok.

Sorry i posted after trying to find out what went wrong for serveral hours and i did not noticed looking at the wrong place.

That said i still would be glad to find some people that i can talk with in such situations since i have not people around me developping.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


to get some value out of all the time spent today i modified caching and reduced that way the number of iteration in the main loops of the evaluating method.

i also make a check of the ACL root and avoid the loop when the root is not matching. that made another great improvement.

The 70.000 loops mentionned in the previous post were for about 4000 ACLs evaluations within a global ACL count of 80 ACLS defined in database.


After the improvements made i have now 16.500 loops for 750 ACL evaluations, so perfomance is now a lot better than it was.

but i still see some other improvements possible.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


Some more improvements

Now the same work causes 8.400 loops.

I'm sure some of you can give me some good advice on this code snipset

$t = explode($sep,$t); end($t); array_pop($t); $t = implode($sep, $t)

I have a string of values separated by the variable $sep and like to cut of the last element.
What is from your point of view the fastest way.
A long time ago i banned learning regex from my head and never got back to learn it. Sure the solution is there. Please help me

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


In my test page i display 30 rows of a table containing 20 fields. Global table, row and field access as well as the right to manage the ACL for each of them are causing 1500 evaluation requests.

The average time difference to load this same page with and without the acl evaluations is less than 0.1 second and consume 0,2MB more memory.

I'll try to cleanup this as soon as possible and build a friendly API. The GUI will mainly remain as it is in the previouly posted file. I will just optimize the cade.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


Did you know that in for example in some other systems the access is disallowed unless the user or any group the user belongs to grants an allow?

But if the user or any other group has a DENY then it is disallowed so the check might be like

if exists
(
select *
from ACL_USER u
inner join ACL_USERS_IN_GROUPS g on g.userid=u.userid
left outer join ACL_USER_PERMISSIONS up on up.userid=u.userid
left outer join ACL_GROUP_PERMISSIONS ug on ug.groupid=g.groupid
where up.ACTION = 'DENY' or ug.ACTION='DENY'
)

type of thing and that will disable the user no matter how many ALLOWS they have. So a single DENY will overrule any allow. What are your thoughts?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux (Kernel: 2.4.21-27.0.2.ELsmp)/1.3.33 (Unix)/4.0.24-standard/4.3.11/9.0.5.0


probably i missunderstood something, The current form of this ACL API allready handle things like that.

A the root nothing is define so no right.
One single deny overrules all other allows

The exception that was made lately is that allow rules belonging to administrators will overrule denies of users, but a deny for admin will always stay stronger than an allow rule.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0


movix wrote
Some more improvements

Now the same work causes 8.400 loops.

I'm sure some of you can give me some good advice on this code snipset

$t = explode($sep,$t); end($t); array_pop($t); $t = implode($sep, $t)

I have a string of values separated by the variable $sep and like to cut of the last element.
What is from your point of view the fastest way.
A long time ago i banned learning regex from my head and never got back to learn it. Sure the solution is there. Please help me


I don't know what $sep is, but something like below will work on a comma separated string
<?php
$t = substr($t, 0, strrpos($t, ','));

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


$sep is a path separator that is hold variable in the code.

so i'll try this

$t = substr($t, 0, strrpos($t, $sep));

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache/MySQL 5.1.49/PHP 5.3.6/ DF 9.3.2.0

All times are UTC
Go to page Previous 1, 2, 3


Jump to: