ACP2E-4114: Production ACL Permission Check caused Performance Degradation – populateAcl Method is the bottleneck

Author: abukatar

app/code/Magento/Authorization/Model/Acl/Loader/Rule.php

@@ -224,7 +224,7 @@ private function getRulesArray()
     private function getRulesArrayForRole(int $roleId): array
     {
         $groupRoleId = $this->resolveGroupRoleId($roleId);
-        $cacheKey = self::ACL_RULE_CACHE_KEY . '_' . $groupRoleId;
+        $cacheKey = hash('sha256', self::ACL_RULE_CACHE_KEY . '_' . $groupRoleId);
         $rulesCachedData = $this->aclDataCache->load($cacheKey);
         if ($rulesCachedData) {
             return $this->serializer->unserialize($rulesCachedData);

app/code/Magento/Authorization/Test/Unit/Model/Acl/Loader/RuleTest.php

@@ -167,7 +167,7 @@ public function testPopulateAclForSpecificRoleFromCache(): void
         // Expect the role-specific cache key to be read
         $this->aclDataCacheMock->expects($this->once())
             ->method('load')
-            ->with(Rule::ACL_RULE_CACHE_KEY . '_' . $roleId)
+            ->with(hash('sha256', Rule::ACL_RULE_CACHE_KEY . '_' . $roleId))
             ->willReturn(json_encode($rules));
 
         // ACL expectations: allow for root, then for specific resource

lib/internal/Magento/Framework/Authorization/Policy/Acl.php

@@ -47,6 +47,9 @@ public function __construct(Builder $aclBuilder, ?CurrentRoleContext $roleContex
      */
     public function isAllowed($roleId, $resourceId, $privilege = null)
     {
+        if ($roleId === null || $roleId === '') { //no user is logged in
+            return false;
+        }
         try {
             $this->roleContext->setRoleId((int) $roleId);
             return $this->_aclBuilder->getAcl()->isAllowed($roleId, $resourceId, $privilege);