From 46e7875ed551d9bfc8a5a43480b941a24b3242e6 Mon Sep 17 00:00:00 2001
From: Holger Just <holger@plan.io>
Date: Mon, 7 Apr 2014 19:08:15 +0200
Subject: [PATCH] Introduce request_store to ensure that the current user
 doesn't leak accross request boundaries

---
 Gemfile            | 1 +
 app/models/user.rb | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Gemfile b/Gemfile
index da1cc63..436b58a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,6 +6,7 @@ gem "jquery-rails", "~> 2.0.2"
 gem "coderay", "~> 1.1.0"
 gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
 gem "builder", "3.0.0"
+gem 'request_store'
 gem "mime-types"
 
 # Optional gem for LDAP authentication
diff --git a/app/models/user.rb b/app/models/user.rb
index 4a33590..fd245c3 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -626,11 +626,11 @@ class User < Principal
   end
 
   def self.current=(user)
-    Thread.current[:current_user] = user
+    RequestStore.store[:current_user] = user
   end
 
   def self.current
-    Thread.current[:current_user] ||= User.anonymous
+    RequestStore.store[:current_user] ||= User.anonymous
   end
 
   # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
-- 
1.9.1