Roles / Permissions Slow

[flashmediasolutions]

Hi all,

I know this topic has been covered a number of times. I have a fix in place, but I need help completing the adjustment.

In my AuthServiceProvider.php boot I have added the following:

Gate::before(function ($user, $ability) {
    // Attempt to get the cached roles and permissions
    $rolesAndPermissions = Cache::get("user_roles_permissions_{$user->id}");

    // If cache is not set, call the required methods to populate it
    if (!$rolesAndPermissions) {
        // Fetch roles and permissions
        $rolesAndPermissions = [
            'roles' => $user->getRoleNames(),
            'permissions' => $user->getAllPermissions()->pluck('name')
        ];

        // Store in cache for future use
        Cache::put("user_roles_permissions_{$user->id}", $rolesAndPermissions, 60 * 60);
    }

    // Allow access if the user has the required permission
    if ($rolesAndPermissions['permissions']->contains($ability)) {
        return true;
    }

    return null;
});

This code does an amazing job of reducing the load times dramatically.

The issue, is the first load.

$rolesAndPermissions = [
    'roles' => $user->getRoleNames(),
    'permissions' => $user->getAllPermissions()->pluck('name')
];

In order for this to work the User model must have

use HasRoles;

But keeping that available after the first cache negates any speed increase. I need to be able to utilize those functions once and then avoid and let the other mechanism perform the role / permission check.

Can anyone add insight or an alternative way to the current implementation. To demonstrate the severity of this issue, here are screenshots of timing. The only difference is commenting out use HasRoles after cached. It's dramatic.

With caching and commenting out User - HasRoles

Without caching

Any help or insight is greatly appreciated!

[drbyte]

Can you provide some context about the quantity and complexity of roles and permissions in your app?
How many of each exist overall?
How many of each, on average, are most users assigned to?
Is one slower than the other? (ie: retrieving a user's roles vs their associated permissions)
Are you using enums for anything in this context?
What caching layer are you using for your app server?
Using provided Role/Permission models? Or have you extended them into your own models in-app? If extended, can you share their code?
Using UUID or just bigint autoincrement?
Anything customized in the provided migrations, particularly in regard to indexes on foreign-key tables?
Teams enabled or not?
Using a custom roles() method in your User model, which overrides the trait?
How many cyclical queries or re-querying is being done? Laravel Debug-Bar or Telescope can help expose underlying reasons.
(I've seen many times where the actual reason for slowdown was app code being run multiple times because it was being requested in multiple places but results not shared across requests, so cache was working but app was re-querying needlessly.)

The hardest thing about diagnosing a slowdown scenario is in recreating that scenario for analysis and testing. It would be super helpful if you can provide a simple app which exhibits the same problem. Then it's easier to explore what's actually in cache and in the queries and where queries might be inefficient.

[flashmediasolutions]

I am going to spend the day getting all those answers for you and attempting to spin up a simplified app to replicate.
Thanks for the offer of assistance.

[flashmediasolutions]

Thank you for the additional information. It led me down a path that realized that the delay wasn't a database query. That query was being cached. The issue was the looping though every role + permission on every load.

So ultimately I fixed this problem by setting in the permissions config file:

'register_permission_check_method' => false,

and adding this in my AuthServiceProvider to do the check.

Gate::before(function ($user, $ability) {
    // Attempt to get the cached roles and permissions
    $rolesAndPermissions = Cache::get("user_roles_permissions_{$user->id}");

    // If cache is not set, call the required methods to populate it
    if (!$rolesAndPermissions) {
        // Fetch roles and permissions
        $rolesAndPermissions = [
            'roles' => $user->getRoleNames(),
            'permissions' => $user->getAllPermissions()->pluck('name')
        ];

        // Store in cache for future use
        Cache::put("user_roles_permissions_{$user->id}", $rolesAndPermissions, 60 * 60);
    }

    // Allow access if the user has the required permission
    if ($rolesAndPermissions['permissions']->contains($ability)) {
        return true;
    }

    return null;
});