On Wed, 2004-12-22 at 17:30, Aaron Stone wrote: > In imap4.h, add fields to the clientinfo structure to hold three ACL's: > user's acl for a mailbox, anyone acl for a mailbox, owner's acl for a > mailbox. Perhaps place these into a structure of their own, too. > > In imapcommands.c, add the ci->acl structure to calls to acl_has_right. > > In acl_has_right, we look to see if the acl structure we were passed > describes this mailbox, and is within 300 seconds of now. If not, we > select new rows and set the time using time(2). This handles both the > cache expiry and the new-mailbox-has-been-selected situations. > > Then acl_has_right checks the cached ACLs and return a yes or no answer if > one of the ACLs grants the proper rights according to our rules: owner > irrevocably has all rights, user specific rights can grant or revoke, and > if not specifically set per user, anyone rights can grant or revoke. > > This would also remove the acl_flags trickery and array lookups and > implicit ownership checking done in db_acl_has_right, which is icky stuff.
This would be stuff for 2.1. (memcache would also be 2.1 stuff) > At the moment I'm considering just pulling the entire row at the top of > each function and using it however many times needed (1 - 4, depending > upon the function). At least this gives a more stable query so that it can > be cached up the line (MySQL has its query cache, PostgreSQL probably has > something similar?). But better would be to keep with some state > structure. This should be possible for 2.0.x I think. It's a much less intrusive change with enough potential that it might mean a great deal in terms of performance on heavily loaded systems. But it's big enough of a change to warrant 2.0.3-rc(1-X) releases to prove that it is stable enough. -HK
