From 6a236b27b2ec7f60f8a33f557f3c8539d38ec822 Mon Sep 17 00:00:00 2001 From: Tobie Morgan Hitchcock Date: Thu, 3 Oct 2019 18:48:13 +0100 Subject: [PATCH] Improve permission checking efficiency --- db/check.go | 18 +++++++++--------- db/perms.go | 8 ++++++++ db/yield.go | 13 ++++--------- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/db/check.go b/db/check.go index 7eaf6df0..b5122499 100644 --- a/db/check.go +++ b/db/check.go @@ -139,15 +139,6 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) { return true, nil } - // If this document is being created - // for the first time, then allow this - // check, and recheck after the fields - // have been merged into the document. - - if met == _CREATE && !d.current.Exists("id") { - return true, nil - } - // If we are authenticated using DB, NS, // or KV permissions level, then we can // ignore all permissions checks, but we @@ -157,6 +148,15 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) { return true, nil } + // If this document is being created + // for the first time, then allow this + // check, and recheck after the fields + // have been merged into the document. + + if met == _CREATE && !d.current.Exists("id") { + return true, nil + } + // Otherwise, get the table definition // so we can check if the permissions // allow us to view this document. diff --git a/db/perms.go b/db/perms.go index f674719b..36f318ea 100644 --- a/db/perms.go +++ b/db/perms.go @@ -33,6 +33,14 @@ func (d *document) perms(ctx context.Context, doc *data.Doc) (err error) { return nil } + // If we are authenticated using DB, NS, + // or KV permissions level, then we can + // ignore all permissions checks. + + if perm(ctx) < cnf.AuthSC { + return nil + } + // Get the field definitions so we can // check if the permissions allow us // to view each field. diff --git a/db/yield.go b/db/yield.go index 1bc3151a..de8d2760 100644 --- a/db/yield.go +++ b/db/yield.go @@ -17,7 +17,6 @@ package db import ( "context" - "github.com/abcum/surreal/cnf" "github.com/abcum/surreal/sql" "github.com/abcum/surreal/util/data" "github.com/abcum/surreal/util/diff" @@ -35,10 +34,8 @@ func (d *document) cold(ctx context.Context) (doc *data.Doc, err error) { // NS, or KV level, then we need to check // document permissions for this query. - if perm(ctx) == cnf.AuthSC { - if err = d.perms(ctx, doc); err != nil { - return nil, err - } + if err = d.perms(ctx, doc); err != nil { + return nil, err } return @@ -57,10 +54,8 @@ func (d *document) cnow(ctx context.Context) (doc *data.Doc, err error) { // NS, or KV level, then we need to check // document permissions for this query. - if perm(ctx) == cnf.AuthSC { - if err = d.perms(ctx, doc); err != nil { - return nil, err - } + if err = d.perms(ctx, doc); err != nil { + return nil, err } return