The above code is called on all page requests to discourse. The problem arises that
guardian is a lazy-loaded memoized variable which at this point during login in the call is just a representation of an Anonymous user because the user login has not yet been attempted and thus failed or succeeded. When the success login response is rendered the memoized variable for guardian is still used and thus returns policies based on an anonymous user and not the policies for the user we just logged in as.
The result of a login serialises the current user to json and conditionally adds fields based on the policies returned by guardian. One of the policies is
can_edit of which an anonymous user can not edit the current users record, however the actual user logged in should be able to edit their own user account and if the
guardian variable is replaced with an instance of the currently logged in user then the json returns
can_edit to be true as it should.
I am more than happy to PR a fix but theres a couple of ways to fix this, and I wanted to know if there was a deeper less hacky way to fix this deeper in the depths of Discourse short of just adding
@guardian = nil to
Current workaround is to set the environment variable