With distinct permissions, we don't need to check ~ 100 000 permissions to...

With distinct permissions, we don't need to check ~ 100 000 permissions to check if someone can log in

With distinct permissions, we don't need to check ~ 100 000 permissions to...
With distinct permissions, we don't need to check ~ 100 000 permissions to check if someone can log in
716232e2 · ynerant · c62b5f93 · 716232e2
Commit 716232e2 authored 4 years ago by ynerant
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -36,7 +36,7 @@ class PermissionBackend(ModelBackend):
            # Unauthenticated users have no permissions
            return Permission.objects.none()

-        return Permission.objects.annotate(
+        qs = Permission.objects.annotate(
            club=F("rolepermissions__role__membership__club"),
            membership=F("rolepermissions__role__membership"),
        ).filter(
@@ -50,7 +50,13 @@ class PermissionBackend(ModelBackend):
            & Q(rolepermissions__role__membership__user=user)
            & Q(type=t)
            & Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
-        ).distinct()
+        )
+
+        try:
+            qs = qs.distinct('pk', 'club')
+        except:  # SQLite doesn't support distinct fields.
+            qs = qs.distinct()
+        return qs

    @staticmethod
    def permissions(user, model, type):