From 6a208e30164bb02aceff16c7d6532a8a067fa44e Mon Sep 17 00:00:00 2001 From: drusepth Date: Thu, 30 Sep 2021 17:36:58 -0700 Subject: [PATCH] remove set_universe_scope dependence on current_user_content cache --- app/controllers/application_controller.rb | 31 +++++++++++++++++------ app/controllers/content_controller.rb | 2 +- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4b053e95..175b9ba6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -35,13 +35,23 @@ class ApplicationController < ActionController::Base def set_universe_scope if user_signed_in? && session.key?(:universe_id) - cache_contributable_universe_ids - - if @contributable_universe_ids.include?(session[:universe_id]) - @universe_scope = Universe.find_by(id: session[:universe_id]) - else - @universe_scope = nil + @universe_scope = Universe.find_by(id: session[:universe_id]) + + if @universe_scope && @universe_scope.user_id != current_user.try(:id) + # Verify the current user has access to this universe by looking up their + # universe contributorship + contributorship = Contributor.find_by( + user: current_user, + universe: @universe_scope + ) + + if contributorship.nil? + # If the user doesn't have current contributor access to this universe, + # then revert back to unscoped universe actions + @universe_scope = nil + end end + else @universe_scope = nil end @@ -79,7 +89,10 @@ class ApplicationController < ActionController::Base cache_activated_content_types # We always want to cache Universes, even if they aren't explicitly turned on. - @current_user_content = current_user.content(content_types: @activated_content_types + [Universe.name], universe_id: @universe_scope.try(:id)) + @current_user_content = current_user.content( + content_types: @activated_content_types + [Universe.name], + universe_id: @universe_scope.try(:id) + ) # Likewise, we should also always cache Timelines & Documents if @universe_scope @@ -143,6 +156,8 @@ class ApplicationController < ActionController::Base end def cache_contributable_universe_ids + cache_current_user_content + @contributable_universe_ids ||= if user_signed_in? current_user.contributable_universe_ids + @current_user_content.fetch('Universe', []).map(&:id) else @@ -165,7 +180,7 @@ class ApplicationController < ActionController::Base # so all we need to grab is additional pages in contributable universes @linkables_raw[page_type] = @current_user_content[page_type] - if @contributable_universe_ids.any? + if !@universe_scope && @contributable_universe_ids.any? existing_page_ids = @linkables_raw[page_type].map(&:id) pages_to_add = if page_type == Universe.name diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb index 78f7942c..51b7f2b2 100644 --- a/app/controllers/content_controller.rb +++ b/app/controllers/content_controller.rb @@ -33,7 +33,7 @@ class ContentController < ApplicationController # Linkables cache is already scoped per-universe, includes contributor pages @content = @linkables_raw.fetch(@content_type_class.name, []) - @show_scope_notice = @universe_scope.present? && content_type_class != Universe + @show_scope_notice = @universe_scope.present? && @content_type_class != Universe # Filters @page_tags = PageTag.where(