Story #8886

Updated by Brett Smith over 5 years ago

The subject line is carefully written because that's what matters from a product perspective.

Right now the implementation is wide open. Some loose notes:

* Does Rails provide an easy way to do this through its API? A sort of atomic "replace cached result" method?
* Should we move to eventual consistency?
* Should we have a separate background process that listens to the relevant tables and builds a computed table with simple (subject, has_permission_to, object) tuples?
* Should we require a newer version of PostgreSQL that can traverse the permissions graph for us (in C)?
** This may require adjustments to the way we store permissions in the database generally.
* It would be nice, but not critical, if this was behind a feature flag. That way we could test it on clusters that we know have large permissions graphs before deploying it more broadly.