From 32216727e33b4982518d53ed6e495288f27aa28e Mon Sep 17 00:00:00 2001
From: SuZhou-Joe <suzhou@amazon.com>
Date: Thu, 17 Aug 2023 11:49:04 +0800
Subject: [PATCH] feat: performance optimize

Signed-off-by: SuZhou-Joe <suzhou@amazon.com>
---
 .../permission_control/client.ts              | 33 ++++++++++++++-----
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/core/server/saved_objects/permission_control/client.ts b/src/core/server/saved_objects/permission_control/client.ts
index b3dda958e0f0..121ba17e7ad7 100644
--- a/src/core/server/saved_objects/permission_control/client.ts
+++ b/src/core/server/saved_objects/permission_control/client.ts
@@ -9,6 +9,7 @@ import { SavedObjectsServiceStart } from '../saved_objects_service';
 import { SavedObjectsBulkGetObject } from '../service';
 import { ACL, Principals, TransformedPermission, PrincipalType } from './acl';
 import { WORKSPACE_TYPE } from '../constants';
+import { SavedObject } from '../types';
 
 export type SavedObjectsPermissionControlContract = Pick<
   SavedObjectsPermissionControl,
@@ -73,6 +74,27 @@ export class SavedObjectsPermissionControl {
     return await this.batchValidate(request, [savedObject], permissionModes);
   }
 
+  /**
+   * In batch validate case, the logic is a.withPermission && b.withPermission
+   * @param request
+   * @param savedObjectsGet
+   * @param permissionModes
+   * @returns
+   */
+  public batchValidateInmemory(
+    request: OpenSearchDashboardsRequest,
+    savedObjectsGet: SavedObject[],
+    permissionModes: SavedObjectsPermissionModes
+  ) {
+    const principals = this.getPrincipalsFromRequest(request);
+    const hasAllPermission = savedObjectsGet.every((item) => {
+      // item.permissions
+      const aclInstance = new ACL(item.permissions);
+      return aclInstance.hasPermission(permissionModes, principals);
+    });
+    return hasAllPermission;
+  }
+
   /**
    * In batch validate case, the logic is a.withPermission && b.withPermission
    * @param request
@@ -86,16 +108,11 @@ export class SavedObjectsPermissionControl {
     permissionModes: SavedObjectsPermissionModes
   ) {
     const savedObjectsGet = await this.bulkGetSavedObjects(request, savedObjects);
-    if (savedObjectsGet) {
-      const principals = this.getPrincipalsFromRequest(request);
-      const hasAllPermission = savedObjectsGet.every((item) => {
-        // item.permissions
-        const aclInstance = new ACL(item.permissions);
-        return aclInstance.hasPermission(permissionModes, principals);
-      });
+    if (savedObjectsGet && savedObjectsGet.length) {
+      const result = this.batchValidateInmemory(request, savedObjectsGet, permissionModes);
       return {
         success: true,
-        result: hasAllPermission,
+        result,
       };
     }