cakephp isAuthorized being called on every action call

0
votes

I have a controller in a CakePHP application in which I have a bunch of actions. I'm using the ACL Component to manage which user is allowed to execute which actions in my controller. I have an isAuthorized() action in my controller to check if a certain logged user is allowed to execute a requested action that looks like this:

function isAuthorized()
{
    switch($this->action)
    {
        case 'myAction':
            $user_id = $this->Auth->user('id'); // the id of the connected user        

            if($user_id)
            {
                return $this->Acl->check(
                    array('model' => 'MyModel', 'foreign_key' => $user_id),
                    'controllers/MyController/myAction'
                );
            }

            break;
    }
}

As you can see above, all I'm doing is check if the connected user is allowed to execute myAction by using the method check of the Acl component. The problem I have with this approach is that this check is done every single time myAction is called. Is there a way to tell Cake to perform this check only one time (on the first call of the action for example)?. By checking every single time if a user is allowed to execute a controller action that slows down the application a lot.

Any help or suggestions is appreciated

Thank you

1
phpcakephpcakephp-1.3
"By checking every single time if a user is allowed to execute a controller action that slows down the application a lot." Really? How much time does it take to do the access check compared with the whole request?Danack
Because some controller actions are called a lot of times, that's why the application becomes slower because everytime I call the action, cake has to perform the check. That's why I would like to perform this check only ONCEuser765368
Yes, but how much? And how are you measuring the time?Danack
I don't have to measure the time. If everytime I click on a button I have to wait for 5 seconds to get an answer, that's a slow applicationuser765368
Yes, and the ACL check will be something like 1/1000 of a second, unless it's really badly implemented. You shouldn't start optimizing until you know where your code is actually spending time.Danack

1 Answers

2
votes

Technically speaking, HTTP is stateless and each request does not have any affinity to any other request from the same user. State-fullness is created by using sessions.

You could store the ACL check result in a session variable. But you would need some way to reset it if the users access were to change while logged in.