Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20474

getACL methods are too expensive when current ACL is SYSTEM

      There are many occasions when a long block of code is running as ACL.SYSTEM (generally anything that is not handling a HTTP or CLI request), yet permission checks (done as part of e.g. Jenkins.getAllItems) call many getACL methods on model objects, which in turn ask the AuthorizationStrategy to make a new ACL instance, which can be rather expensive in some cases, and then ask that implementation about SYSTEM, which may actually be a shortcut in the strategy but by that point a lot of work has already been doneā€”all wasted, since SYSTEM must have full permissions regardless of strategy.

      It would be better for core should ensure that Jenkins.getACL and other getACL methods calling Jenkins.getInstance().getAuthorizationStrategy().getACL(this) (AbstractItem, Computer, Job, Node, User, Cloud, View) return a proxy ACL whose hasPermission checks for SYSTEM immediately (returning true in this case), only consulting the AuthorizationStrategy for another Authentication. (The proxy ACL could even be a cached part of the model object, avoiding all object construction in this case.)

          [JENKINS-20474] getACL methods are too expensive when current ACL is SYSTEM

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is blocking JENKINS-19623 [ JENKINS-19623 ]
          Oleg Nenashev made changes -
          Link New: This issue is related to JENKINS-20475 [ JENKINS-20475 ]
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-22769 [ JENKINS-22769 ]
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-17122 [ JENKINS-17122 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 151999 ] New: JNJira + In-Review [ 178146 ]
          Jesse Glick made changes -
          Assignee New: Jesse Glick [ jglick ]
          Jesse Glick made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "PR 3177 (Web Link)" [ 19307 ]
          Jesse Glick made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Jesse Glick made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: