From 716232e27f7c862d8cd6f24f0f9d551b2dcf13b9 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Fri, 29 May 2020 21:11:51 +0200
Subject: [PATCH] With distinct permissions, we don't need to check ~ 100 000
 permissions to check if someone can log in

---
 apps/permission/backends.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/permission/backends.py b/apps/permission/backends.py
index 49e1e871..8fa47f37 100644
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -36,7 +36,7 @@ class PermissionBackend(ModelBackend):
             # Unauthenticated users have no permissions
             return Permission.objects.none()
 
-        return Permission.objects.annotate(
+        qs = Permission.objects.annotate(
             club=F("rolepermissions__role__membership__club"),
             membership=F("rolepermissions__role__membership"),
         ).filter(
@@ -50,7 +50,13 @@ class PermissionBackend(ModelBackend):
             & Q(rolepermissions__role__membership__user=user)
             & Q(type=t)
             & Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
-        ).distinct()
+        )
+
+        try:
+            qs = qs.distinct('pk', 'club')
+        except:  # SQLite doesn't support distinct fields.
+            qs = qs.distinct()
+        return qs
 
     @staticmethod
     def permissions(user, model, type):