[Cubicweb] ERQLExpression for update and delete permissions

Sylvain Thénault sylvain.thenault at logilab.fr
Wed Sep 29 11:50:44 CEST 2010

On 28 septembre 23:21, Carlos Balderas wrote:
> Syt, I am sending you the cube with some test you can run, but I think I
> found where most of the time is consuming.
> It seems to be at the moment of calling "publish" method in class
> ViewController (cubicweb/web/views/basecontrollers.py)
> to be more precise at the moment to execute line 122
> return self._cw.vreg['views'].main_template(self._cw, template,
>                                                 rset=rset, view=view)
> I went tracking until I got to this point, and more than 8 seconds are spent
> here. (for my tests)

well, this is the main ui entry point, all the html is  generated beyond
this point.
> I am sorry for not going beyond this point, I got a little lost here since I
> just starting to understand a little this part of cubicweb.
> I think the ERQLExpression might be causing several validations here in some
> way that make time consuming, not that I can be sure, but if I use a normal
> users group like 'users', 'managers', etc to asign: read, update, add,
> delete permissions, cw displays all results very fast.

a quick test using your cube showed me that the problem lies in permission
checking done for action of the 'actions' box: each entity in the result
set is checked to see if the user has the 'update' and 'delete' permission 
on it (for respectivly the 'modify' and 'delete' actions). I'm afraid we
can't do that much about it. The proper solution would probably be to
have an api to test if a permission is granted on a whole rset, instead of
processing entities one by one. Would you add a ticket for this?

Now notice this only occurs becore your *main* rset has 2000 entities, with
one rql expr for update/delete, and user is no group permission. One quick
fix would be to modify selector of the modify and delete actions so they
simply return 0 if the rset is greater than, say, 100 entities.

Sylvain Thénault                               LOGILAB, Paris (France)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org

More information about the Cubicweb mailing list