> Question is, do we care? Would it be alright to only pull in new ACLs once > at the beginning of each IMAP session? If not, there isn't a whole lot of > optimization to be done, there's only two places where acl_has_right is > called several times in succession within a funciton.
I think we should cache such permissions, but not forever. What about adding a 3-min timeout on such caches? That way the admin can be assured that any changes will propagate to currently active connections within 3minutes. I don't think anybody really needs instant changes, but it could of course be a config setting. "cache_timeout=0 //minutes" -HK
