From eef502388621e18f2ae424bfc499747a3a86e3e7 2017-01-07 11:41:59
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2017-01-07 11:41:59
Subject: [PATCH] Don't destructively insert builtin_role into roles (#23519).

git-svn-id: http://svn.redmine.org/redmine/trunk@16155 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/models/user.rb b/app/models/user.rb
index 24fd474..150cc27 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -678,9 +678,8 @@ class User < Principal
       return true if admin?
 
       # authorize if user has at least one role that has this permission
-      rls = self.roles.to_a
-      rls << builtin_role
-      rls.any? {|role|
+      roles = self.roles.to_a | [builtin_role]
+      roles.any? {|role|
         role.allowed_to?(action) &&
         (block_given? ? yield(role, self) : true)
       }