With distinct permissions, we don't need to check ~ 100 000 permissions to check if someone can log in

This commit is contained in:
Yohann D'ANELLO 2020-05-29 21:11:51 +02:00
parent c62b5f935a
commit 716232e27f
1 changed files with 8 additions and 2 deletions

View File

@ -36,7 +36,7 @@ class PermissionBackend(ModelBackend):
# Unauthenticated users have no permissions # Unauthenticated users have no permissions
return Permission.objects.none() return Permission.objects.none()
return Permission.objects.annotate( qs = Permission.objects.annotate(
club=F("rolepermissions__role__membership__club"), club=F("rolepermissions__role__membership__club"),
membership=F("rolepermissions__role__membership"), membership=F("rolepermissions__role__membership"),
).filter( ).filter(
@ -50,7 +50,13 @@ class PermissionBackend(ModelBackend):
& Q(rolepermissions__role__membership__user=user) & Q(rolepermissions__role__membership__user=user)
& Q(type=t) & Q(type=t)
& Q(mask__rank__lte=get_current_session().get("permission_mask", 0)) & Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
).distinct() )
try:
qs = qs.distinct('pk', 'club')
except: # SQLite doesn't support distinct fields.
qs = qs.distinct()
return qs
@staticmethod @staticmethod
def permissions(user, model, type): def permissions(user, model, type):