fix: solve org unscoped minor issue

Bulletdev · Bulletdev · commit eebdf8a8cf28 · 2026-04-20T13:58:01.000-03:00
validações de unicidade (player_email, riot_puuid, riot_summoner_id) também rodam sem o scope,

  eliminando os 3x [SECURITY] falsos positivos, o CurrentAttributes é thread-safe e resetado
  automaticamente ao fim do request
diff --git a/app/models/concerns/organization_scoped.rb b/app/models/concerns/organization_scoped.rb
@@ -12,6 +12,8 @@ module OrganizationScoped
       org_id = Current.organization_id
       if org_id.present?
         where(organization_id: org_id)
+      elsif Current.skip_organization_scope
+        all
       else
         # SECURITY: Fail-safe - retorna scope vazio em vez de expor dados de todas as orgs
         Rails.logger.error("[SECURITY] OrganizationScoped: organization_id is nil for #{name} - BLOCKING ACCESS")
diff --git a/app/models/current.rb b/app/models/current.rb
@@ -3,5 +3,5 @@
 # Thread-safe storage for request-scoped data
 # Use Current.organization_id instead of Thread.current[:organization_id]
 class Current < ActiveSupport::CurrentAttributes
-  attribute :organization_id, :user_id, :user_role
+  attribute :organization_id, :user_id, :user_role, :skip_organization_scope
 end
diff --git a/app/modules/authentication/controllers/auth_controller.rb b/app/modules/authentication/controllers/auth_controller.rb
@@ -209,7 +209,9 @@ def player_register
 
         player = build_free_agent_player(player_email, summoner_name, password, discord)
 
-        saved = Player.unscoped { player.save }
+        Current.skip_organization_scope = true
+        saved = player.save
+        Current.skip_organization_scope = false
 
         unless saved
           return render_error(
