From 6ffde74928651db451a8ca23ba440f16f8512681 Mon Sep 17 00:00:00 2001
From: Mikael Hammarin <mikael@try2.se>
Date: Mon, 28 Oct 2019 15:48:46 +0100
Subject: [PATCH] Patch to optimize for large installations (>5000 users >20000
groups) where subadmins have access to many of groups (>250) -
UsersController:editUser() calls isUserAccessible() even if the user is admin
This fix reduces API calls to editUser (ex change locale/display name) from >2 minutes (!) to ~3 seconds per call in average.
Signed-off-by: Mikael Hammarin <mikael@try2.se>
---
apps/provisioning_api/lib/Controller/UsersController.php | 4 ++--
lib/private/SubAdmin.php | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index bd327ffe441..07a1514dd1f 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -504,8 +504,8 @@ class UsersController extends AUserData {
} else {
// Check if admin / subadmin
$subAdminManager = $this->groupManager->getSubAdmin();
- if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)
- || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
+ if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
+ || $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
// They have permissions over the user
$permittedFields[] = 'display';
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
diff --git a/lib/private/SubAdmin.php b/lib/private/SubAdmin.php
index d292e998ab9..9a758ac4423 100644
--- a/lib/private/SubAdmin.php
+++ b/lib/private/SubAdmin.php
@@ -255,6 +255,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
if ($this->groupManager->isAdmin($user->getUID())) {
return false;
}
+
$accessibleGroups = $this->getSubAdminsGroups($subadmin);
foreach ($accessibleGroups as $accessibleGroup) {
if ($accessibleGroup->inGroup($user)) {
--
GitLab