cubicweb #1988786 Better RQL security injection for inlined / OneToOne relations [open]

My application defines the following schema:

class Document(EntityType):
    __permissions__ = {'read':  (ERQLExpression('U user_document_acte X'),),
                       # ...

class has_scan(RelationDefinition):
    subject = 'Document'
    object = 'File'
    cardinality = '??'
    inlined = True

File.__permissions__ = {
    'read':   (ERQLExpression('U user_viewscan_document D, D has_scan X'),),
    # ...

The following query is rather efficient (around 0.02 sec spent in postgresql):

DISTINCT Any X,F WHERE X is Acte, X has_scan F

The same one with an outer join on F takes around 16 seconds:

DISTINCT Any X,F WHERE X is Acte, X has_scan F?

There is around 3000 documents and 3000 files in the database.

See attachment for generated RQL with security + final SQL.

done in<not specified>
load left0.500
closed by<not specified>