CMR-6592: Fixed concept search performance degradation in 1.151.0-r20…

….2.4
nasa · Jul 22, 2020 · a8181cc · a8181cc
1 parent ec2b467
commit a8181cc
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 20 deletions.
diff --git a/search-app/src/cmr/search/services/acl_service.clj b/search-app/src/cmr/search/services/acl_service.clj
@@ -33,26 +33,16 @@
   [context acls concept]
   true)
 
-;; subscriptions currently have no catalog item ACLs, so return `true` for all ACL checks
+;; subscriptions checks provider object ACLs, not catalog item ACLs
 (defmethod acls-match-concept? :subscription
   [context acls concept]
-  true)
+  (let [sm-acls (acl-helper/get-sm-acls-applicable-to-token context)]
+    (some #(= (:provider-id concept) (get-in % [:provider-identity :provider-id])) sm-acls)))
 
 (defmethod acls-match-concept? :default
   [context acls concept]
   false)
 
-(defn- sm-acls-match-concept-provider?
-  "Returns true if any of the SUBSCRIPTION_MANAGEMENT acls matches the concept provider.
-  This ACL applies to subscription concept only. For all other concept types. it returns true"
-  [sm-acls concept]
-  ;; the sm-acls are all the SUBSCRIPTION_MANAGEMENT ACLs that
-  ;; grant the current user read permissions. All we need to check is
-  ;; if any of these read permissions are granted on the provider-id of the concept.
-  (if (= :subscription (:concept-type concept))
-    (some #(= (:provider-id concept) (get-in % [:provider-identity :provider-id])) sm-acls)
-    true))
-
 ;; XXX To be fixed with CMR-4394
 ;;
 ;;     See also:
@@ -112,12 +102,8 @@
       concepts
       (let [acls (acl-helper/get-acls-applicable-to-token context)
             applicable-field (-> concepts first :concept-type concept-type->applicable-field)
-            applicable-acls (filterv (comp applicable-field :catalog-item-identity) acls)
-            sm-acls (acl-helper/get-sm-acls-applicable-to-token context)]
+            applicable-acls (filterv (comp applicable-field :catalog-item-identity) acls)]
         (doall (remove nil? (pmap (fn [concept]
-                                    ;; when there are both catalog item acl match and the sm
-                                    ;; acl match, return the concept.
-                                    (when (and (acls-match-concept? context applicable-acls concept)
-                                               (sm-acls-match-concept-provider? sm-acls concept))
+                                    (when (acls-match-concept? context applicable-acls concept)
                                       concept))
                                   concepts)))))))
diff --git a/search-app/src/cmr/search/system.clj b/search-app/src/cmr/search/system.clj
@@ -112,7 +112,7 @@
              :nrepl (nrepl/create-nrepl-if-configured (search-nrepl-port))
              ;; Caches added to this list must be explicitly cleared in query-service/clear-cache
              :caches {idx/index-cache-name (mem-cache/create-in-memory-cache)
-                      af/acl-cache-key (af/create-acl-cache [:catalog-item :system-object])
+                      af/acl-cache-key (af/create-acl-cache [:catalog-item :system-object :provider-object])
                       ;; Caches a map of tokens to the security identifiers
                       context-augmenter/token-sid-cache-name (context-augmenter/create-token-sid-cache)
                       context-augmenter/token-user-id-cache-name (context-augmenter/create-token-user-id-cache)