summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2016-08-19 22:22:52 -0700
committerStan Hu <stanhu@gmail.com>2016-08-20 06:53:14 -0700
commit41d89533e61f6009b5d800afc00c184e2807eafd (patch)
treec609b79d6ac3c69a992859745fd354d021699288 /app/models/ability.rb
parenta16ac37e91cefec81d53b7ade755b04c67b4912c (diff)
downloadgitlab-ce-41d89533e61f6009b5d800afc00c184e2807eafd.tar.gz
Fix assorted rspec failures due to stale, cached user permissions
RequestStore is disabled in tests, but the Ability class was caching user permissions based on the user and project ID of previous test runs. Revise code to use RequestStore only if it is active.
Diffstat (limited to 'app/models/ability.rb')
-rw-r--r--app/models/ability.rb48
1 files changed, 27 insertions, 21 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 07f703f205d..b82632ccc0b 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -166,38 +166,44 @@ class Ability
end
def project_abilities(user, project)
- rules = []
key = "/user/#{user.id}/project/#{project.id}"
- RequestStore.store[key] ||= begin
- # Push abilities on the users team role
- rules.push(*project_team_rules(project.team, user))
+ if RequestStore.active?
+ RequestStore.store[key] ||= uncached_project_abilities(user, project)
+ else
+ uncached_project_abilities(user, project)
+ end
+ end
- owner = user.admin? ||
- project.owner == user ||
- (project.group && project.group.has_owner?(user))
+ def uncached_project_abilities(user, project)
+ rules = []
+ # Push abilities on the users team role
+ rules.push(*project_team_rules(project.team, user))
- if owner
- rules.push(*project_owner_rules)
- end
+ owner = user.admin? ||
+ project.owner == user ||
+ (project.group && project.group.has_owner?(user))
- if project.public? || (project.internal? && !user.external?)
- rules.push(*public_project_rules)
+ if owner
+ rules.push(*project_owner_rules)
+ end
- # Allow to read builds for internal projects
- rules << :read_build if project.public_builds?
+ if project.public? || (project.internal? && !user.external?)
+ rules.push(*public_project_rules)
- unless owner || project.team.member?(user) || project_group_member?(project, user)
- rules << :request_access if project.request_access_enabled
- end
- end
+ # Allow to read builds for internal projects
+ rules << :read_build if project.public_builds?
- if project.archived?
- rules -= project_archived_rules
+ unless owner || project.team.member?(user) || project_group_member?(project, user)
+ rules << :request_access if project.request_access_enabled
end
+ end
- rules - project_disabled_features_rules(project)
+ if project.archived?
+ rules -= project_archived_rules
end
+
+ rules - project_disabled_features_rules(project)
end
def project_team_rules(team, user)