access checks performed after query
Added by krileon over 11 years ago.
Updated about 11 years ago.
07 October 2011
Access checks are being performed after the query has been made. This results in empty returns when there shouldn't be an empty return. The fix proposed is to recourse through and remove the groups they're not allowed to access, but instead taking an array of those IDs removed and re-do the query with them omitted. This causes a 2 queries where only 1 would previously be used in SOME cases, but is much more reliable.
Seams most efficient proposed fix is to apply Limit AFTER query so a full list is prepared. Otherwise a loop-through is going to be needed to keep rechecking for permissions and such, which is extremely inefficient and resulting in 2-3 times more queries. The query is broken down significantly thanks to $filtering changed to WHERE statements so performance hit should be non-existent or insignificant.
- Status changed from New to Resolved
- % Done changed from 0 to 100
Fixed by moving limits outside of the query. This will cause larger queries, but they're broken down significantly by WHERE clauses so should be fine. Am also reviewing further additions that can be made to make the queries that much smaller.
- Status changed from Resolved to Closed
Also available in: Atom