Re: The value argument to access_allowed, acl_mask, etc.

[Mark Valence <kurash@sassafras.com>]

Julio-

Yup, there is lots of room for optimization in this area.  We could 
be smarter about (not) looking at all values when checking ACLs, but 
that is more difficult when ACIs are in the mix.

Mark.

>  > This parameter is used in a few places.  First, if is needed when
>  > checking "self" rights in ACLs.
>
> Oh, yes, "self"...
>
> We are paying a lot for this aren't we?  I mean, send_search_entry
> is going to loop over every value at every search and each of these
> calls is going over the whole ACL set just to get to the precise
> same <who> term in the precise same <what> access clause just so
> we can do "self"...  Not that is has been a cause for worry, but
> seems an area for possible optimization.  Unless we find more use
> for this, of course.  Anyway, it seems a little bit overkill for
> searches.
>
> Sorry, just disgressing, I am just trying to understand all this.
>
>  > Second, it is used in ACIs that
>  > control access to attributes with certain values.
>
> I am not spending much time on ACIs for the time being.