Bug #2877
closed
access checks performed after query
Description
Access checks are being performed after the query has been made. This results in empty returns when there shouldn't be an empty return. The fix proposed is to recourse through and remove the groups they're not allowed to access, but instead taking an array of those IDs removed and re-do the query with them omitted. This causes a 2 queries where only 1 would previously be used in SOME cases, but is much more reliable.
Updated by krileon over 12 years ago
Seams most efficient proposed fix is to apply Limit AFTER query so a full list is prepared. Otherwise a loop-through is going to be needed to keep rechecking for permissions and such, which is extremely inefficient and resulting in 2-3 times more queries. The query is broken down significantly thanks to $filtering changed to WHERE statements so performance hit should be non-existent or insignificant.
Updated by krileon over 12 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Fixed by moving limits outside of the query. This will cause larger queries, but they're broken down significantly by WHERE clauses so should be fine. Am also reviewing further additions that can be made to make the queries that much smaller.