From eef502388621e18f2ae424bfc499747a3a86e3e7 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 7 Jan 2017 11:41:59 +0000
Subject: [PATCH] Don't destructively insert builtin_role into roles (#23519).

git-svn-id: http://svn.redmine.org/redmine/trunk@16155 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/user.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 24fd47464..150cc27bb 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -678,9 +678,8 @@ class User < Principal
       return true if admin?
 
       # authorize if user has at least one role that has this permission
-      rls = self.roles.to_a
-      rls << builtin_role
-      rls.any? {|role|
+      roles = self.roles.to_a | [builtin_role]
+      roles.any? {|role|
         role.allowed_to?(action) &&
         (block_given? ? yield(role, self) : true)
       }
-- 
2.39.5