Class: Decidim::Authorization

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Decidim::Authorization

Includes:

HasUploadValidations, Traceable

Defined in:

app/models/decidim/authorization.rb

Overview

An authorization is a record that a User has been authorized somehow. Other models in the system can use different kind of authorizations to allow a user to perform actions.

To create an authorization for a user we need to use an AuthorizationHandler that validates the user against a set of rules. An example could be a handler that validates a user email against an API and depending on the response it allows the creation of the authorization or not.

Class Method Summary

• .create_or_update_from(handler) ⇒ Object

Instance Method Summary

• #expired? ⇒ Boolean
• #expires_at ⇒ Object

  Calculates at when this authorization will expire, if it needs to.

• #grant! ⇒ Object
• #granted? ⇒ Boolean
• #metadata_cell ⇒ Object

  Returns a String, the cell to be used to render the metadata.

• #renewable? ⇒ Boolean

  Returns true if the authorization is renewable by the participant.

Methods included from HasUploadValidations

#maximum_avatar_size, #maximum_upload_size

Class Method Details

.create_or_update_from(handler) ⇒ Object

# File 'app/models/decidim/authorization.rb', line 29

def self.create_or_update_from(handler)
  authorization = find_or_initialize_by(
    user: handler.user,
    name: handler.handler_name
  )

  authorization.attributes = {
    unique_id: handler.unique_id,
    metadata: handler.metadata
  }

  authorization.grant!
end

Instance Method Details

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/decidim/authorization.rb', line 78

def expired?
  expires_at.present? && expires_at < Time.current
end

#expires_at ⇒ Object

Calculates at when this authorization will expire, if it needs to.

Returns nil if the authorization does not expire. Returns an ActiveSupport::TimeWithZone if it expires.

# File 'app/models/decidim/authorization.rb', line 71

def expires_at
  return unless workflow_manifest
  return if workflow_manifest.expires_in.zero?

  (granted_at || created_at) + workflow_manifest.expires_in
end

#grant! ⇒ Object

# File 'app/models/decidim/authorization.rb', line 43

def grant!
  remove_verification_attachment!

  update!(granted_at: Time.current, verification_metadata: {})
end

#granted? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/decidim/authorization.rb', line 49

def granted?
  !granted_at.nil?
end

#metadata_cell ⇒ Object

Returns a String, the cell to be used to render the metadata

# File 'app/models/decidim/authorization.rb', line 61

def metadata_cell
  return unless workflow_manifest

  workflow_manifest.metadata_cell
end

#renewable? ⇒ Boolean

Returns true if the authorization is renewable by the participant

Returns:

• (Boolean)

# File 'app/models/decidim/authorization.rb', line 54

def renewable?
  return unless workflow_manifest

  workflow_manifest.renewable && renewable_at < Time.current
end