From 2989024cca0db26ca7e91a4e02f4576a32378d9f Mon Sep 17 00:00:00 2001
From: FinnStutzenstein <finn.stutzenstein@hotmail.de>
Date: Wed, 16 May 2018 07:51:40 +0200
Subject: [PATCH] Delete restricted data cache on permission changes (closes
 #3396)

---
 openslides/users/views.py | 10 +++++++++-
 openslides/utils/cache.py |  6 ++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/openslides/users/views.py b/openslides/users/views.py
index c3473d702..36db3dc35 100644
--- a/openslides/users/views.py
+++ b/openslides/users/views.py
@@ -20,6 +20,7 @@ from ..utils.autoupdate import (
     inform_changed_data,
     inform_data_collection_element_list,
 )
+from ..utils.cache import restricted_data_cache
 from ..utils.collection import CollectionElement
 from ..utils.rest_api import (
     ModelViewSet,
@@ -79,12 +80,13 @@ class UserViewSet(ModelViewSet):
         self.check_view_permissions()). Also it is evaluated whether he
         wants to update himself or is manager.
         """
+        user = self.get_object()
         # Check permissions.
         if (has_perm(self.request.user, 'users.can_see_name') and
                 has_perm(request.user, 'users.can_see_extra_data') and
                 has_perm(request.user, 'users.can_manage')):
             # The user has all permissions so he may update every user.
-            if request.data.get('is_active') is False and self.get_object() == request.user:
+            if request.data.get('is_active') is False and user == request.user:
                 # But a user can not deactivate himself.
                 raise ValidationError({'detail': _('You can not deactivate yourself.')})
         else:
@@ -97,6 +99,8 @@ class UserViewSet(ModelViewSet):
                 if key not in ('username', 'about_me'):
                     del request.data[key]
         response = super().update(request, *args, **kwargs)
+        # Maybe some group assignments have changed. Better delete the restricted user cache
+        restricted_data_cache.del_user(user.id)
         return response
 
     def destroy(self, request, *args, **kwargs):
@@ -294,6 +298,10 @@ class GroupViewSet(ModelViewSet):
         # Check status code and send 'permission_change' signal.
         if response.status_code == 200:
 
+            # Delete the user chaches of all affected users
+            for user in group.user_set.all():
+                restricted_data_cache.del_user(user.id)
+
             def diff(full, part):
                 """
                 This helper function calculates the difference of two lists:
diff --git a/openslides/utils/cache.py b/openslides/utils/cache.py
index 9e2e6ebc4..a69447caa 100644
--- a/openslides/utils/cache.py
+++ b/openslides/utils/cache.py
@@ -461,6 +461,12 @@ class DummyRestrictedDataCache:
     def del_element(self, user_id: int, collection_string: str, id: int) -> None:
         pass
 
+    def del_user(self, user_id: int) -> None:
+        pass
+
+    def del_all(self) -> None:
+        pass
+
     def exists_for_user(self, user_id: int) -> bool:
         return False