Browse Source
introduce request_store to ensure that the current user doesn't leak across request boundaries (#16685)
Contributed by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@13110 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.6.0
Toshi MARUYAMA
10 years ago
2 changed files with 3 additions and 2 deletions
+ 1
- 0
Gemfile
View File
| @@ -6,6 +6,7 @@ gem "jquery-rails", "~> 2.0.2" | |||
| gem "coderay", "~> 1.1.0" | |||
| gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby] | |||
| gem "builder", "3.0.0" | |||
| gem 'request_store' | |||
| gem "mime-types" | |||
| # Optional gem for LDAP authentication | |||
+ 2
- 2
app/models/user.rb
View File
| @@ -626,11 +626,11 @@ class User < Principal | |||
| end | |||
| def self.current=(user) | |||
| Thread.current[:current_user] = user | |||
| RequestStore.store[:current_user] = user | |||
| end | |||
| def self.current | |||
| Thread.current[:current_user] ||= User.anonymous | |||
| RequestStore.store[:current_user] ||= User.anonymous | |||
| end | |||
| # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only | |||
Loading…