- Issue created by @berdir
This is a follow-up to 📌 Review cache bin and cache tags of access policy caching Active .
Currently the user role access policy adds the user role cache tags of the current user. The above issue removes that caching for many use cases, but advanced access policies will still want to use caching and the somewhat dynamic cache tags are harder to optimize/preload ( ✨ Introduce a list of "common cache tags" to reduce lookup query amount Active ).
The updated performance tests show that sometimes the cache tags reappear later on in requests, for example on local tasks, likely due to complex entity access rules that depend on the current user or something like that.
One proposal is to invert the invalidation logic and invalidate the access_policies cache tag when a role is updated. The idea is that this happens rarely and fewer cache tags need to be looked up then. Similar patterns are used for example by date formats, which invalidate the rendered cache tag.
There are concerns that in some cases, that invalidation would be unnecessary and that forcing the coupling between roles and access policies is not the right thing to do.
Additionally, it would be useful to review other usages of user role cache tags, the goal of the access policy system is to decouple access from roles, so any hardcoded usage of user role cache tags could be an indication that it's tightly coupled to roles.
A similar issue exists with the user role cache tag that's used to see if a user is authenticated.
Needs review
11.0 🔥
user system
It affects performance. It is often combined with the Needs profiling tag.