Skip to content
Browse files

separate user and context ids in permission caching keys

cached_context_grants_right?'s key generation scheme could
potentially cause the wrong permissions to be returned

with the old scheme, both (course_123, user_45) and
(course_12, user_345) would key cache entries with "course_12345".

this could cause already cached permissions to be used when they
shouldn't be in some ridiculously unlikely scenarios, made all
the more unlikely because cached_context_grants_right? is an
in-process cache

Change-Id: I12d4f2a7e982d2a98825df31b35a784366df9c36
Tested-by: Jenkins <>
Reviewed-by: Brian Palmer <>
Product-Review: Joel Hough <>
QA-Review: Joel Hough <>
  • Loading branch information...
1 parent 947bf0d commit 18de0b605ef4bf79f4b7ba8153729ab6920cdfd9 @JoelHough JoelHough committed
Showing with 1 addition and 1 deletion.
  1. +1 −1  config/initializers/active_record.rb
2  config/initializers/active_record.rb
@@ -170,7 +170,7 @@ def cached_context_grants_right?(user, session, *permissions)
@@cached_contexts[context_key] ||= self.context if self.respond_to?(:context)
@@cached_contexts[context_key] ||= self.course
@@cached_permissions ||= {}
- key = [context_key, (user ? : nil)].join
+ key = [context_key, (user ? : nil)].cache_key
@@cached_permissions[key] = nil if Rails.env.test?
@@cached_permissions[key] = nil if session && session[:session_affects_permissions]
@@cached_permissions[key] ||= @@cached_contexts[context_key].grants_rights?(user, session, nil).keys

0 comments on commit 18de0b6

Please sign in to comment.
Something went wrong with that request. Please try again.