Finding relevant jelly for branch-api
6 views
Skip to first unread message
Raihaan Shouhell
Jan 20, 2020, 5:13:25 AM1/20/20
to Jenkins Developers
Hi all,
Recently I've been looking into some page loading issues that plague some of my jenkins instances while doing some optimizations I came across this line
https://github.com/jenkinsci/branch-api-plugin/blob/ad83debf8f48d6ad2661ec2549116b3df8cb0f5b/src/main/java/jenkins/branch/OrganizationFolderViewHolder.java#L219
getItems() essentially checks every item for item.read permissions and returns a list of permitted items. I'd like to see if the relevant jelly files that call this has access to items and the use of getItems() (and hasPermission) can be reduced.
https://github.com/jenkinsci/branch-api-plugin/blob/ad83debf8f48d6ad2661ec2549116b3df8cb0f5b/src/main/java/jenkins/branch/OrganizationFolderViewHolder.java#L219
getItems() essentially checks every item for item.read permissions and returns a list of permitted items. I'd like to see if the relevant jelly files that call this has access to items and the use of getItems() (and hasPermission) can be reduced.
Is there any good way of tracing how pages get rendered?
Personally I'm not sure if this is even worth looking into (Some of my organizations have 900+ items) would anyone have any suggestions?
Cheers,
Raihaan
Jesse Glick
Jan 21, 2020, 7:43:30 PM1/21/20
to Jenkins Dev
On Mon, Jan 20, 2020 at 5:13 AM Raihaan Shouhell
<raihaan...@gmail.com> wrote:
> I'd like to see if the relevant jelly files that call this has access to items and the use of getItems() (and hasPermission) can be reduced.
Doubtful since this is just overriding
<raihaan...@gmail.com> wrote:
> I'd like to see if the relevant jelly files that call this has access to items and the use of getItems() (and hasPermission) can be reduced.
https://javadoc.jenkins.io/hudson/model/View.html#getDisplayName--
If permission checks are a bottleneck here it might be a problem in
the `AuthorizationStrategy`. Alternately, it would probably be fine to
wrap the `getItems` call inside `ACL.as(ACL.SYSTEM)` since someone
with permission to view the organization folder very likely also has
permission to view all the child repositories (it would be an obscure
authorization strategy that decided otherwise), and at worst the
leaked information would be a count of hidden subfolders.
Raihaan Shouhell
Jan 22, 2020, 9:48:27 AM1/22/20
to Jenkins Developers
Thanks for the reply Jesse, my idea was because branch-api wants to show the number of items in its view if core should provide that feature and that way when core calls getItems() in jelly
you can get the size and therefore skip the need for permissions checks. But I'm not sure if its worth the effort.
Jesse Glick
Jan 22, 2020, 10:29:45 AM1/22/20
to Jenkins Dev
On Wed, Jan 22, 2020 at 9:48 AM Raihaan Shouhell
<raihaan...@gmail.com> wrote:
> when core calls getItems() in jelly
> you can get the size and therefore skip the need for permissions checks
`getItems` would still need to run permission checks, regardless of
<raihaan...@gmail.com> wrote:
> when core calls getItems() in jelly
> you can get the size and therefore skip the need for permissions checks
where it is implemented.
Raihaan Shouhell
Jan 23, 2020, 1:33:10 AM1/23/20
to Jenkins Developers
Oh i was thinking because ViewImpl in branch-api calls getItems in getDisplayName since view has to call get items it can just check the size from there eliminating the need to call getItems twice or three times.
Only problem is that view has to be reworked to incorporate this. Might not be worth the trouble.
Reply all
Reply to author
Forward
0 new messages