PERF: Cache categories in Site model take 2.

Follow-up to aa4f0aee67d6f9802856ab4abb5a7560359854b6.

Fixed the security problem in the previous attempt.

spec/models/site_spec.rb

@@ -58,30 +58,65 @@ describe Site do
     expect(Site.new(guardian).categories.last.notification_level).to eq(1)
   end
 
-  it "omits categories users can not write to from the category list" do
-    category = Fabricate(:category)
-    user = Fabricate(:user)
+  describe '#categories' do
+    fab!(:category) { Fabricate(:category) }
+    fab!(:user) { Fabricate(:user) }
+    fab!(:guardian) { Guardian.new(user) }
 
-    expect(Site.new(Guardian.new(user)).categories.count).to eq(2)
+    after do
+      Site.clear_cache
+    end
 
-    category.set_permissions(everyone: :create_post)
-    category.save
+    it "omits read restricted categories" do
+      expect(Site.new(guardian).categories.map(&:id)).to contain_exactly(
+        SiteSetting.uncategorized_category_id, category.id
+      )
 
-    guardian = Guardian.new(user)
+      category.update!(read_restricted: true)
 
-    expect(Site.new(guardian)
-        .categories
-        .keep_if { |c| c.name == category.name }
-        .first
-        .permission)
-      .not_to eq(CategoryGroup.permission_types[:full])
+      expect(Site.new(guardian).categories.map(&:id)).to contain_exactly(
+        SiteSetting.uncategorized_category_id
+      )
+    end
 
-    # If a parent category is not visible, the child categories should not be returned
-    category.set_permissions(staff: :full)
-    category.save
+    it "includes categories that a user's group can see" do
+      group = Fabricate(:group)
+      category.update!(read_restricted: true)
+      category.groups << group
 
-    sub_category = Fabricate(:category, parent_category_id: category.id)
-    expect(Site.new(guardian).categories).not_to include(sub_category)
+      expect(Site.new(guardian).categories.map(&:id)).to contain_exactly(
+        SiteSetting.uncategorized_category_id
+      )
+
+      group.add(user)
+
+      expect(Site.new(Guardian.new(user)).categories.map(&:id)).to contain_exactly(
+        SiteSetting.uncategorized_category_id, category.id
+      )
+    end
+
+    it "omits categories users can not write to from the category list" do
+      expect(Site.new(guardian).categories.count).to eq(2)
+
+      category.set_permissions(everyone: :create_post)
+      category.save!
+
+      guardian = Guardian.new(user)
+
+      expect(Site.new(guardian)
+          .categories
+          .keep_if { |c| c.name == category.name }
+          .first
+          .permission)
+        .not_to eq(CategoryGroup.permission_types[:full])
+
+      # If a parent category is not visible, the child categories should not be returned
+      category.set_permissions(staff: :full)
+      category.save!
+
+      sub_category = Fabricate(:category, parent_category_id: category.id)
+      expect(Site.new(guardian).categories).not_to include(sub_category)
+    end
   end
 
   it "omits groups user can not see" do