kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

introduce request_store to ensure that the current user doesn't leak across request boundaries (#16685) 

Contributed by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@13110 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Toshi MARUYAMA 2014-05-01 00:44:01 +00:00
parent 9fdd0862f7
commit a599442d05
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -6,6 +6,7 @@ gem "jquery-rails", "~> 2.0.2"
gem "coderay", "~> 1.1.0" gem "coderay", "~> 1.1.0"
gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby] gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
gem "builder", "3.0.0" gem "builder", "3.0.0"
gem 'request_store'
gem "mime-types" gem "mime-types"
# Optional gem for LDAP authentication # Optional gem for LDAP authentication

4
app/models/user.rb
View File

@ -626,11 +626,11 @@ class User < Principal
end end
def self.current=(user) def self.current=(user)
Thread.current[:current_user] = user RequestStore.store[:current_user] = user
end end
def self.current def self.current
Thread.current[:current_user] ||= User.anonymous RequestStore.store[:current_user] ||= User.anonymous
end end
# Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only