[Users] users acl

[Daniel-Constantin Mierla]

Hello,

the access control list in openser is based on group membership checking 
which does a database query each time when user's ACL is verified. We 
are considering to optimize this operations since they are very often 
used and propose the following solutions:

1. Load all groups to whom an user belongs once per request processing 
(one database query) and then store some bitmap flags to be used further 
when doing group checking. At start up time, some fixups will be made to 
replace the names with positions in bitmap
- advantages: the old group table structure is used and changes in 
script should be minimal
- disadvantages: after loading all group names, string comparisons are 
required to set the bitmap

2. Introduce a new column in the subscriber table that stores the ACL 
bitmap and load it once per request processing
- advantages: very fast load and checking -- old version of group 
membership checking is kept
- disadvantages: more complex provisioning system

What do you think? Any other idea?

Daniel