Add comments.

src/box/alter.cc

@@ -1321,6 +1321,17 @@ func_def_create_from_tuple(struct func_def *func, struct tuple *tuple)
 {
 	func->fid = tuple_field_u32(tuple, ID);
 	func->uid = tuple_field_u32(tuple, UID);
+	/*
+	 * Do not initialize the privilege cache right away since
+	 * when loading up a function definition during recovery,
+	 * user cache may not be filled up yet (space _user is
+	 * recovered after space _func), so no user cache entry
+	 * may exist yet for such user.  The cache will be filled
+	 * up on demand upon first access.
+	 *
+	 * Later on consistency of the cache is ensured by DDL
+	 * checks (see user_has_data()).
+	 */
 	func->auth_token = BOX_USER_MAX; /* invalid value */
 	func->setuid = false;
 	const char *name = tuple_field_cstr(tuple, NAME);

src/box/lua/call.cc

@@ -523,7 +523,12 @@ SetuidGuard::SetuidGuard(const char *name, uint32_t name_len,
 	if (func->setuid) {
 		/** Remember and change the current user id. */
 		if (unlikely(func->auth_token >= BOX_USER_MAX)) {
-			/* Optimization: cache auth_token on first access */
+			/*
+			 * Fill the cache upon first access, since
+			 * when func_def is created, no user may
+			 * be around to fill it (recovery of
+			 * system spaces from a snapshot).
+			 */
 			struct user_def *owner = user_by_id(func->uid);
 			assert(owner != NULL); /* checked by user_has_data() */
 			func->auth_token = owner->auth_token;