Details
-
Bug
-
Resolution: Fixed
-
Medium
-
6.6.4, 6.6.7, 6.6.10
-
22
-
Severity 1 - Critical
-
12
-
Description
Problem Definition
In code, deciding if the Create button should be rendered in the header bar (a.k.a. top bar) is an expensive operation due to permissions validation.
When the user access one of the following dashboards, Confluence uses an expensive operation to decide whether or not the Create button should be rendered in the header bar:
- All updates (<Confluence Base URL>/#all-updates).
- Popular (<Confluence Base URL>/#popular).
- Recently worked on (<Confluence Base URL>/#recently-worked).
- Recently visited (<Confluence Base URL>/#recently-viewed).
- Saved for later (<Confluence Base URL>/#starred).
The above mentioned Create button is highlighted in the image below, from the user perspective:
On the background, Confluence will check if the current user has permission to create a page or a blog post on any Space.
These are assigned by Add page and Add blog Space Permissions.
If more than one Space is retrieved from the above operation, then Confluence will use only one of them as a reference, which is sorted by the Space Name and the Space Key.
No previous usage of the selected space is taken into account, meaning that it won't check for Spaces users visited before or created/edited content.
Suggested Solution
Confluence could render the Create button on any dashboard page, whether the user has create page permission to any Space or not.
The permission validation should be made after the user has clicked on the button.
If the user doesn't have enough permissions to create a page in any Space, then a graceful message should be displayed.
Performance Impact on Scale
Looking at a single operation, the permission validation may appear as a simple task.
However, when we think of an enterprise deployment of Confluence, with thousands of users accessing Confluence on a single day, then deciding when rendering the Create button becomes an expensive operation.
On an enterprise instance, Confluence would look through over 250k rows in the database to retrieve a single one to complete this permission validation.
Workaround
None at this moment
Attachments
Issue Links
- relates to
-
CONFSERVER-58065 Reduce number and cost of permission queries to render create buttons
- Closed
-
PSR-239 Loading...
- Mentioned in
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...