fix: use current attributes instead of thread

Bulletdev · Bulletdev · commit 837d8d1fabd7 · 2026-02-11T13:40:08.000-03:00
diff --git a/app/controllers/concerns/authenticatable.rb b/app/controllers/concerns/authenticatable.rb
@@ -29,11 +29,10 @@ def authenticate_request!
       @current_user = User.unscoped.find(@jwt_payload[:user_id])
       @current_organization = @current_user.organization
 
-      # Set thread-local variables for OrganizationScoped models
-      # This is needed early for update_last_login! and will be maintained by set_organization_context
-      Thread.current[:current_organization_id] = @current_organization.id
-      Thread.current[:current_user_id] = @current_user.id
-      Thread.current[:current_user_role] = @current_user.role
+      # Set request-scoped attributes for OrganizationScoped models (thread-safe)
+      Current.organization_id = @current_organization.id
+      Current.user_id = @current_user.id
+      Current.user_role = @current_user.role
 
       # Update last login time (uses update_column which skips callbacks/audit logs)
       @current_user.update_last_login! if should_update_last_login?
diff --git a/app/models/concerns/organization_scoped.rb b/app/models/concerns/organization_scoped.rb
@@ -2,15 +2,15 @@
 
 # Concern para aplicar scoping automático de organização
 # Como o RLS do PostgreSQL não funciona com o usuário owner (postgres),
-# implementamos o scoping no nível da aplicação Rails
+# implementamos o scoping no nível da aplicação Rails usando CurrentAttributes
 module OrganizationScoped
   extend ActiveSupport::Concern
 
   included do
     # Aplicar default_scope apenas se houver uma organização no contexto
     default_scope lambda {
-      if Thread.current[:current_organization_id].present?
-        where(organization_id: Thread.current[:current_organization_id])
+      if Current.organization_id.present?
+        where(organization_id: Current.organization_id)
       else
         all
       end
diff --git a/app/models/current.rb b/app/models/current.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# Thread-safe storage for request-scoped data
+# Use Current.organization_id instead of Thread.current[:organization_id]
+class Current < ActiveSupport::CurrentAttributes
+  attribute :organization_id, :user_id, :user_role
+end
