[Security] Improve performance of RoleHierarchy::buildRoleMap method
#61057
+7
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stof
reviewed
Jul 7, 2025
RoleHierarchy::buildRoleMap method
RoleHierarchy::buildRoleMap methodRoleHierarchy::buildRoleMap method
RoleHierarchy::buildRoleMap methodRoleHierarchy::buildRoleMap method
There was a problem hiding this comment.
Can you please bench this patch? It should preserve the order while still providing the perf benefit:
--- a/src/Symfony/Component/Security/Core/Role/RoleHierarchy.php
+++ b/src/Symfony/Component/Security/Core/Role/RoleHierarchy.php
@@ -54,8 +54,11 @@ class RoleHierarchy implements RoleHierarchyInterface
$this->map[$main] = $roles;
$visited = [];
$additionalRoles = $roles;
- while ($role = array_shift($additionalRoles)) {
+ while (null !== $role = key($additionalRoles)) {
+ $role = $additionalRoles[$role];
+
if (!isset($this->hierarchy[$role])) {
+ next($additionalRoles);
continue;
}
@@ -68,6 +71,8 @@ class RoleHierarchy implements RoleHierarchyInterface
foreach (array_diff($this->hierarchy[$role], $visited) as $additionalRole) {
$additionalRoles[] = $additionalRole;
}
+
+ next($additionalRoles);
}
Great, I'll check that this week. |
fabpot
approved these changes
Aug 17, 2025
|
Thank you @simonjamain. |
fabpot
added a commit
that referenced
this pull request
Aug 24, 2025
…nicolas-grekas) This PR was merged into the 7.4 branch. Discussion ---------- [Security] Preserve ordering of roles in RoleHierarchy | Q | A | ------------- | --- | Branch? | 7.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Issues | - | License | MIT As suggested in #61057 /cc `@simonjamain` Commits ------- d4338b1 [Security] Preserve ordering of roles in RoleHierarchy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
use of an optimized role ustacking function
What it does and why it's needed
Note : Better in-detail explanation in there : #57322
Uses the way faster
array_pop()function to build the role map instead ofarray shiftIf it modifies existing behavior, include a before/after comparison
At first, it would look like this function swap could change slightly the ordering of the array produced by the
RoleHierarchy::buildRoleMapmethod and it does it in a way. I find that it does not change the behaviour of our app.I would not expect most other apps too break because I don't find many reasons to rely on the ordering of roles in hierarchies. Furthermore,
buildRoleMapis a protected method serving the publicgetReachableRoleNameswhich does not imply a particular ordering (rightfully so IMHO).Testing
As it does not change or introduce any behavious per say, this performance increase rely on old tests passing again.
If I am not mistaken, the current
testGetReachableRoleNames()still passes even tho it asserts a specific ordering. I still changed the assertion so it does not convey any false premises.