weizhouapache commented on issue #5266:
URL: https://github.com/apache/cloudstack/issues/5266#issuecomment-891614388
some part of code to check access on commands can be optimized.
for example, it is not necessary to get Account and Role/RoleType in the
checkAccess on each command.
we can load it only once and use it in all checkAccess on commands.
```java
Account account = accountService.getAccount(user.getAccountId());
if (account == null) {
throw new PermissionDeniedException("The account id=" +
user.getAccountId() + "for user id=" + user.getId() + "is null");
}
final Role accountRole = roleService.findRole(account.getRoleId());
```
https://github.com/apache/cloudstack/blob/main/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java#L73-L78
and
```java
Account account = accountService.getAccount(user.getAccountId());
if (account == null) {
throw new PermissionDeniedException("The account id=" +
user.getAccountId() + "for user id=" + user.getId() + "is null");
}
RoleType roleType = accountService.getRoleType(account);
```
https://github.com/apache/cloudstack/blob/main/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java#L78-L83
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
