perf(registry): skip transparent auth for SHOW checks and menu enumeration#188
Merged
Merged
Conversation
…ation Horde_Registry::hasPermission() called isAuthenticated() unconditionally before checking whether the caller asked for SHOW (menu-appearance) permission. For any horde user who doesn't have some apps/backends (i.e. no IMAP account, no IMP permission) this means trying a futile IMAP login (+ rate limiting/delay) for each page load. Reorder the three-conjunct guard so $perms != SHOW before isAuthenticated() listApps() now passes notransparent: true when running its internal hasPermission() check. This might speed up page loads for non-IMP users on an IMP system up to 25x. Same for gollem.
Cover SHOW skipping isAuthenticated(), READ auth guard behaviour, notransparent parameter handling, and listApps enumeration paths. Guards against regressions that reintroduce per-app transparent authentication during menu SHOW checks (e.g. futile IMAP for IMP).
TDannhauer
approved these changes
Jul 2, 2026
ralflang
added a commit
that referenced
this pull request
Jul 4, 2026
Release version 3.1.0 fix(core): bind owning app gettext domain and cover modern topbar builder fix(core): resolve topbar/prefs app names with dgettext against owning app's domain feat(core): throttle ActiveSync auth and harden user resolution Merge pull request #188 from horde/fix/hasperm-show-skip-transparent-auth test(registry): add hasPermission and listApps auth unit tests perf(registry): skip transparent auth for SHOW checks and menu enumeration fix: Some apps didn't show their preferences due to caching order Use firstDescendant() to avoid an extra wrapper node Resolve id strings before wrapping as HTML Fix RedBox.showHtml() with HTML string content
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Horde_Registry::hasPermission() called isAuthenticated() unconditionally before checking whether the caller asked for SHOW (menu-appearance) permission.
For any horde user who doesn't have some apps/backends (i.e. no IMAP account, no IMP permission) this means trying a futile IMAP login (+ rate limiting/delay) for each page load.
Reorder the three-conjunct guard so $perms != SHOW before isAuthenticated()
listApps() now passes notransparent: true when running its internal hasPermission() check.
This might speed up page loads for non-IMP users on an IMP system up to 25x. Same for gollem.