Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Permissions should be obtained in fewer REST requests #3161

Open
tdonohue opened this issue Jul 3, 2024 · 2 comments
Open

User Permissions should be obtained in fewer REST requests #3161

tdonohue opened this issue Jul 3, 2024 · 2 comments
Assignees
@atarix83
Labels
affects: 7.x Issue impacts 7.x releases affects: 8.x Issue impacts 8.x releases authorization related to authorization, permissions or groups bug claimed: 4Science 4Science team is working on this issue & will contribute back help wanted Needs a volunteer to claim to move forward performance / caching Related to performance, caching or embedded objects

Comments

@tdonohue
Copy link
Member

tdonohue commented Jul 3, 2024

Describe the bug

In 7.x and 8.x, user permissions are obtained one-by-one in several calls to the /server/api/authz/authorizations/search/object endpoint. These requests are most easily seen after login, as you'll see ~10 of these requests in a row for the Site object:

GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=isCollectionAdmin&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=isCommunityAdmin&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=administratorOf&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canSubmit&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canEditItem&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canSeeQA&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=coarNotifyEnabled&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canManageGroups&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canSendFeedback&embed=feature
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]&feature=canViewUsageStatistics&embed=feature

These requests are all identical except for the feature= parameter, where they request permissions specific to that feature.

In the REST API, we already have a way to request permissions in bulk, by just removing the optional feature parameter:

# This will return all permissions the current authenticated user has on the Site object.
GET /server/api/authz/authorizations/search/object?uri=https://sandbox.dspace.org/server/api/core/sites/[site-uuid]

Ideally, we should avoid one-by-one requests of this sort, and request all the authorizations at once and cache them for the remainder of the user's session. If additional endpoints or options are necessary in the REST API, then we should add them to better support this request for bulk permissions.

To Reproduce

Steps to reproduce the behavior:

  1. Visit demo.dspace.org or sandbox.dspace.org
  2. Open Chrome DevTools
  3. Login as an Admin, and look at the number of requests made to the /server/api/authz/authorizations/search/object endpoint

Expected behavior

Ideally, we should request user permissions in one request (or fewer requests) and cache them for the remainder of the user's session.
@tdonohue tdonohue added bug help wanted Needs a volunteer to claim to move forward authorization related to authorization, permissions or groups performance / caching Related to performance, caching or embedded objects labels Jul 3, 2024
@tdonohue tdonohue mentioned this issue Jul 3, 2024
Open
@tdonohue tdonohue added affects: 8.x Issue impacts 8.x releases affects: 7.x Issue impacts 7.x releases labels Jul 3, 2024
@GraziaQuercia
Copy link

Hi @tdonohue, we'd like to have this issue assigned to 4Science, @atarix83 can be the Assignee. Thanks!

@tdonohue
Copy link
Member Author

Thanks @GraziaQuercia ! I'll assign this to @atarix83 then.

@tdonohue tdonohue added the claimed: 4Science 4Science team is working on this issue & will contribute back label Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atarix83 atarix83

Labels
affects: 7.x Issue impacts 7.x releases affects: 8.x Issue impacts 8.x releases authorization related to authorization, permissions or groups bug claimed: 4Science 4Science team is working on this issue & will contribute back help wanted Needs a volunteer to claim to move forward performance / caching Related to performance, caching or embedded objects
Projects
DSpace 9.0 Release
Status: 🏗 In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tdonohue @atarix83 @GraziaQuercia