Improve performance for grids with permission checks

[sreichel]

Description (*)

Some grids (eg orders) check whether user is allowed to click/view ... but its valididated for each row.

With this PR its only checked once.

[kiatng]

How about implementing it at the session level:

magento-lts/app/code/core/Mage/Admin/Model/Session.php

Lines 224 to 250 in 0ac3f19

	public function isAllowed($resource, $privilege = null)
	{
	$user = $this->getUser();
	$acl = $this->getAcl();
	if ($user && $acl) {
	if (!preg_match('/^admin/', $resource)) {
	$resource = 'admin/' . $resource;
	}
	try {
	return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
	} catch (Exception $e) {
	try {
	if (!$acl->has($resource)) {
	return $acl->isAllowed($user->getAclRole(), null, $privilege);
	}
	} catch (Exception $e) {
	}
	}
	}
	return false;
	}
	/**
	* Check if user is logged in
	*

The improvement would not be limited to grid.

In this PR, line 229 if ($user && $acl) { is bypassed, but I suspect this check is unnecessary. If $user is empty, it won't get pass Mage_Adminhtml_Controller_Action::predispatch().

[sreichel]

@kiatng i did some tests with xdebug and cant see any acl resource is checked multiple times. Need some advice.

[sreichel]

Sample Data: Sales Order Grid with 46 orders

Before PR:

Function Name	Calls	Calls%	Incl. Wall Time (microsec)	IWall%	Incl. CPU (microsecs)	ICpu%	Incl. MemUse (bytes)	IMemUse%	Incl. PeakMemUse (bytes)	IPeakMemUse%
Current Function
Mage_Adminhtml_Block_Sales_Order_Grid::getRowUrl	46	17.9%	135,638	11.7%	106,614	9.4%	10,536	0.2%	5,880	0.1%
Exclusive Metrics for Current Function			807	0.6%	0	0.0%	-4,296	-40.8%	64	1.1%
Parent function
Mage_Core_Block_Template::fetchView@2	46	100.0%	135,638	100.0%	106,614	100.0%	10,536	100.0%	5,880	100.0%
Child functions
Mage_Core_Block_Abstract::getUrl	46	25.0%	87,147	64.2%	72,718	68.2%	7,944	75.4%	4,328	73.6%
Mage_Admin_Model_Session::isAllowed	46	25.0%	46,690	34.4%	33,896	31.8%	3,160	30.0%	1,488	25.3%
Mage_Core_Model_Abstract::getId	46	25.0%	872	0.6%	0	0.0%	584	5.5%	0	0.0%
Mage::getSingleton	46	25.0%	122	0.1%	0	0.0%	3,144	29.8%	0	0.0%

After PR:

Function Name	Calls	Calls%	Incl. Wall Time (microsec)	IWall%	Incl. CPU (microsecs)	ICpu%	Incl. MemUse (bytes)	IMemUse%	Incl. PeakMemUse (bytes)	IPeakMemUse%
Current Function
Mage_Adminhtml_Block_Sales_Order_Grid::getRowUrl	46	21.8%	94,850	8.6%	106,904	9.8%	12,240	0.3%	7,584	0.2%
Exclusive Metrics for Current Function			649	0.7%	0	0.0%	792	6.5%	368	4.9%
Parent function
Mage_Core_Block_Template::fetchView@2	46	100.0%	94,850	100.0%	106,904	100.0%	12,240	100.0%	7,584	100.0%
Child functions
Mage_Core_Block_Abstract::getUrl	46	33.3%	91,712	96.7%	102,916	96.3%	7,944	64.9%	7,104	93.7%
Mage_Adminhtml_Block_Widget_Grid::canView	46	33.3%	1,473	1.6%	3,988	3.7%	2,920	23.9%	80	1.1%
Mage_Core_Model_Abstract::getId	46	33.3%	1,016	1.1%	0	0.0%	584	4.8%	32	0.4%

[sreichel]

Okay ... working from smartphone was not ideal ... 😂 Fix it later.