Merge pull request #106 from adrianschroeter/master

fixing hidden project ids cache
openSUSE · Nov 21, 2012 · 484861f · 484861f
2 parents 6bf5c93 + bdc01ec
commit 484861f
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 8 deletions.
diff --git a/src/api/app/models/project_user_role_relationship.rb b/src/api/app/models/project_user_role_relationship.rb
@@ -5,7 +5,7 @@ class ProjectUserRoleRelationship < ActiveRecord::Base
 
   attr_accessible :project, :user, :role
 
-  @@project_user_cache = nil
+  FORBIDDEN_PROJECT_IDS_CACHE_KEY="forbidden_project_ids"
 
   validate :check_duplicates, :on => :create
   def check_duplicates
@@ -20,22 +20,22 @@ def check_duplicates
 
   # this is to speed up secure Project.find
   def self.forbidden_project_ids
-    unless @@project_user_cache
-      @@project_user_cache = Hash.new
+    project_user_cache = Rails.cache.fetch(FORBIDDEN_PROJECT_IDS_CACHE_KEY) do
+      puc = Hash.new
       ProjectUserRoleRelationship.find_by_sql("SELECT ur.db_project_id, ur.bs_user_id from flags f, 
                 project_user_role_relationships ur where f.flag = 'access' and ur.db_project_id = f.db_project_id").each do |r|
-        @@project_user_cache[r.db_project_id.to_i] ||= Hash.new
-        @@project_user_cache[r.db_project_id][r.bs_user_id] = 1
+        puc[r.db_project_id.to_i] ||= Hash.new
+        puc[r.db_project_id][r.bs_user_id] = 1
       end
-      @@project_user_cache
+      puc
     end
     ret = []
     userid = User.nobodyID
     if User.current
       return [0] if User.current.is_admin?
       userid = User.current.id
     end
-    @@project_user_cache.each do |project_id, users|
+    project_user_cache.each do |project_id, users|
       ret << project_id unless users[userid]
     end
     # we always put a 0 in there to avoid having to check for NULL
@@ -44,7 +44,7 @@ def self.forbidden_project_ids
   end
 
   def self.discard_cache
-    @@project_user_cache = nil
+    Rails.cache.delete(FORBIDDEN_PROJECT_IDS_CACHE_KEY)
   end
 
   after_create 'ProjectUserRoleRelationship.discard_cache'

diff --git a/src/api/test/functional/read_permission_test.rb b/src/api/test/functional/read_permission_test.rb
@@ -6,6 +6,11 @@ class ReadPermissionTest < ActionController::IntegrationTest
 
   fixtures :all
 
+  def setup
+    super
+    wait_for_scheduler_start
+  end
+
   def test_basic_read_tests_public
     # anonymous access only, it is anyway mapped to nobody in public controller
     reset_auth 
@@ -891,4 +896,31 @@ def test_copy_project_of_source_protected_package
     assert_response :success
   end
 
+  def test_package_branch_with_noaccess
+    prepare_request_with_user "king", "sunflower"
+    get "/source/BaseDistro/_meta"
+    assert_response :success
+    assert_no_xml_tag( :tag => "disable", :parent => { :tag => "access" } )
+
+    # as admin
+    post "/source/home:Iggy/TestPack", :cmd => "branch", :noaccess => "1"
+    assert_response :success
+    assert_no_xml_tag( :tag => "disable", :parent => { :tag => "access" } )
+    get "/source/home:king:branches:home:Iggy/_meta"
+    assert_response :success
+    assert_xml_tag( :tag => "disable", :parent => { :tag => "access" } )
+    delete "/source/home:king:branches:home:Iggy"
+    assert_response :success
+
+    # as user
+    prepare_request_with_user "tom", "thunder"
+    post "/source/home:Iggy/TestPack", :cmd => "branch", :noaccess => "1"
+    assert_response :success
+    get "/source/home:tom:branches:home:Iggy/_meta"
+    assert_response :success
+    assert_xml_tag( :tag => "disable", :parent => { :tag => "access" } )
+    delete "/source/home:tom:branches:home:Iggy"
+    assert_response :success
+  end
+
 end