refactor: cache the results of is_admin_or_superuser_check

is_admin_or_superuser_check is being called once per policy when
checking enforcement, creating a potential performance issue with
numerous calls to the database. This adds a brief cache to offload some
of the burden, but we will need a better fix long term.

Author: Tycho Hob

openedx_authz/engine/matcher.py

@@ -1,6 +1,7 @@
 """Custom condition checker. Note only used for data_library scope"""
 
 from django.contrib.auth import get_user_model
+from django.core.cache import cache
 
 from openedx_authz.api.data import ContentLibraryData, ScopeData, UserData
 from openedx_authz.rest_api.utils import get_user_by_username_or_email
@@ -26,15 +27,29 @@ def is_admin_or_superuser_check(request_user: str, request_action: str, request_
               ContentLibraryData scopes), False otherwise (including when user
               doesn't exist or scope type is not supported)
     """
+
+    scope = ScopeData(namespaced_key=request_scope)
+    username = UserData(namespaced_key=request_user).external_key
+
+    # TODO: This special case for superuser and staff users is currently only for
+    # content libraries. See: https://github.com/openedx/openedx-authz/issues/87
+    if not isinstance(scope, ContentLibraryData):
+        return False
+
+    # TODO: Make this key format a constant
+    is_allowed = cache.get(f"rbac_is_admin_or_superuser_{username}")
+
+    if is_allowed is not None:
+        return is_allowed
+
     try:
-        username = UserData(namespaced_key=request_user).external_key
         user = get_user_by_username_or_email(username)
     except User.DoesNotExist:
         return False
 
-    scope = ScopeData(namespaced_key=request_scope)
+    is_allowed = user.is_staff or user.is_superuser
 
-    if isinstance(scope, ContentLibraryData):
-        return user.is_staff or user.is_superuser
+    # TODO: Make this cache timeout configurable
+    cache.set(f"rbac_is_admin_or_superuser_{username}", is_allowed, 2)
 
-    return False
+    return is_allowed