2760: Refresh permission cache after changing group uuid or owner_uuid.

[arvados.git] / services / api / app / models / group.rb

diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb
index f05571651ddc328079ab770de6e6a6c83e971a1c..d3802441317f21f5be00ccc194d16c2c7338037f 100644 (file)
--- a/services/api/app/models/group.rb
+++ b/services/api/app/models/group.rb
@@ -5,6 +5,8 @@ class Group < ArvadosModel
   include KindAndEtag
   include CommonApiTemplate
   include CanBeAnOwner
+  after_create :invalidate_permissions_cache
+  after_update :maybe_invalidate_permissions_cache
 
   api_accessible :user, extend: :common do |t|
     t.add :name
@@ -12,4 +14,18 @@ class Group < ArvadosModel
     t.add :description
     t.add :writable_by
   end
+
+  def maybe_invalidate_permissions_cache
+    if uuid_changed? or owner_uuid_changed?
+      # This can change users' permissions on other groups as well as
+      # this one.
+      invalidate_permissions_cache
+    end
+  end
+
+  def invalidate_permissions_cache
+    # Ensure a new group can be accessed by the appropriate users
+    # immediately after being created.
+    User.invalidate_permissions_cache
+  end
 end