From 2fa2f6545bfd9805d82561e87f0cb600f72b5eb7 Mon Sep 17 00:00:00 2001
From: Jeff Ohrstrom <johrstrom@osc.edu>
Date: Mon, 6 Nov 2023 14:50:41 -0500
Subject: [PATCH] use the real path as the cache key (#3152)

---
 apps/dashboard/app/models/allowlist_policy.rb | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/dashboard/app/models/allowlist_policy.rb b/apps/dashboard/app/models/allowlist_policy.rb
index 6c9486c772..f004798731 100644
--- a/apps/dashboard/app/models/allowlist_policy.rb
+++ b/apps/dashboard/app/models/allowlist_policy.rb
@@ -17,9 +17,10 @@ def initialize(allowlist)
   # @raises ArgumentError if any allowlist path or permitted? argument
   #         has the form ~user/some/path where user doesn't exist
   def permitted?(path)
-    key = path_to_key(path)
+    real_path = real_expanded_path(path.to_s)
+    key = path_to_key(real_path)
     Rails.cache.fetch(key) do
-      allowlist.blank? || allowlist.any? { |parent| child?(Pathname.new(parent), real_expanded_path(path.to_s)) }
+      allowlist.blank? || allowlist.any? { |parent| child?(Pathname.new(parent), real_path) }
     end
   end
 
@@ -33,7 +34,8 @@ def validate!(path)
   protected
 
   def path_to_key(path)
-    "allowlist_permitted_#{path}"
+    ino = path.exist? ? path.lstat.ino : nil
+    "allowlist_permitted_#{path}_#{ino}"
   end
 
   # call realpath to ensure symlinks are handled