Skip to content

Calling `permissions.has_permission?` for different permission models results in overly-aggressive caching

Bug Report

Summary

If you call has_permission? on two different models (e.g. bug_report:open and collection:open_bug_reports) in the same request, it will compare the second permission against the first model, as the model is cached and reused for the second call.

Steps to reproduce

Define the policy

      def open_collection_bug_report?
        permissions.has_permission?('bug_report:open', ::BugReports::BugReportPermission, record.bug_report_id) ||
          permissions.has_permission?('collection:open_bug_reports', CollectionPermission, record.collection_id)
      end

and attempt to run it against a user with the collection:open_bug_reports permission against the collection specified. This will return false.

What is the expected behaviour?

Should return true.

Other information

Dean has mentioned that this is caching permissions in the RequestStore.

Checklist

  • Include brief description of the bug
  • Set out reproduction steps - make sure whoever is fixing this knows how to recreate the bug!
  • Set a priority label following the definitions in the priority matrix
  • If you know what Milestone and Iteration the bug is part of, add those too!
  • If the bug is related to an existing feature issue/story, make sure to add it as a linked issue
  • If this bug has a priority of P1 or P2, post a link to it in the Slack Channel bug-priority-reports