From 7511a1518cad9dbfa85291ef3f4435cd74503a71 Mon Sep 17 00:00:00 2001 From: Nariman Jelveh Date: Thu, 11 Sep 2025 21:41:42 -0700 Subject: [PATCH] Short-circuit the permission check for users accessing their own files --- src/backend/src/services/auth/ACLService.js | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/backend/src/services/auth/ACLService.js b/src/backend/src/services/auth/ACLService.js index a805026a7..7b189326a 100644 --- a/src/backend/src/services/auth/ACLService.js +++ b/src/backend/src/services/auth/ACLService.js @@ -360,6 +360,22 @@ class ACLService extends BaseService { return false; } + // PERF: Short-circuit the permission check for users accessing their own files. + // Since the filesystem structure guarantees ownership within a user's home directory, + // we can safely grant access without a database lookup for the fsentry. + if (actor.type instanceof UserActorType) { + const username = actor.type.user.username; + const path_selector = fsNode.get_selector_of_type(NodePathSelector); + + if (path_selector) { + const path = path_selector.value; + // If the path starts with the user's own home directory, grant access immediately. + if (path === `/${username}` || path.startsWith(`/${username}/`)) { + return true; + } + } + } + // Hard rule: anyone and anything can read /user/public directories if ( this.global_config.enable_public_folders ) { const public_modes = Object.freeze(['read', 'list', 'see']);