- Issue created by @catch
🐛 [regression] Do not bypass route access with 'link to any page' permissions for menu links Fixed added a special menu tree manipulator used on menu edit forms, so that users with 'administer menu' permission are able to see all links.
However, the same manipulator was not applied to MenuParentFormSelector::getParentSelectOptions() which is used for the menu widget on node forms.
This results in every menu item being checked for access when rendering the form - with large menus this can be very expensive and add seconds to node form rendering. See for example the report in 💬 Group permission checking peformance issue after updates Active . This is a performance regression compared to 10.2.x where administer menus would have been checked by the default menu tree access checks prior to doing any others.
I think it would be fine to check menu permissions in MenuParentFormSelector::getParentSelectOptions(), and then add the new all access manipulator if the user has 'administer menus' permission, and keep adding the node/menu access checkers only if they don't.
This might be theoretically reproducible with a performance test if any additional cache operations or database queries has a result of the access checks in core.
Active
11.0 🔥
menu system
It affects performance. It is often combined with the Needs profiling tag.