Class: EgovUtils::User
Class Method Summary
collapse
Instance Method Summary
collapse
Methods inherited from Principal
#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload
Class Method Details
.anonymous ⇒ Object
69
70
71
|
# File 'app/models/egov_utils/user.rb', line 69
def self.anonymous
self.new
end
|
.authenticate(login, password, active_only = true) ⇒ Object
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# File 'app/models/egov_utils/user.rb', line 40
def self.authenticate(login, password, active_only=true)
login = login.to_s
password = password.to_s
return nil if login.empty? || password.empty?
user = find_by(login: login) || where( arel_table[:login].lower.eq(login.downcase) ).first
if user
return nil unless user.password_check?(password)
return nil if active_only && !user.active?
else
attrs = EgovUtils::AuthSource.authenticate(login, password)
if attrs
user = new(attrs.merge(active: true))
if user.ldap_register_allowed? && user.save
user.reload
logger.info("User '#{user.login}' created from external auth source: #{user.provider}") if logger && user.auth_source
end
end
end
user.update_column(:last_login_at, Time.now) if user && !user.new_record? && user.active?
user
end
|
.current ⇒ Object
77
78
79
|
# File 'app/models/egov_utils/user.rb', line 77
def self.current
RequestLocals.fetch(:current_user) { User.anonymous }
end
|
.current=(user) ⇒ Object
73
74
75
|
# File 'app/models/egov_utils/user.rb', line 73
def self.current=(user)
RequestLocals.store[:current_user] = user || anonymous
end
|
Instance Method Details
#admin? ⇒ Boolean
117
118
119
|
# File 'app/models/egov_utils/user.rb', line 117
def admin?
has_role?('admin')
end
|
#all_role_names ⇒ Object
125
126
127
128
129
130
131
|
# File 'app/models/egov_utils/user.rb', line 125
def all_role_names
@all_role_names ||= Rails.cache.fetch("#{cache_key}/all_role_names", expires_in: 1.hours) do
groups.collect{|g| g.roles}.reduce([], :concat) + roles
end
@all_role_names << self.class.default_role if self.class.default_role && !@all_role_names.any?
@all_role_names
end
|
#all_roles ⇒ Object
133
134
135
|
# File 'app/models/egov_utils/user.rb', line 133
def all_roles
all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end
|
#fullname ⇒ Object
113
114
115
|
# File 'app/models/egov_utils/user.rb', line 113
def fullname
"#{firstname} #{lastname}"
end
|
#generate_reset_password_token ⇒ Object
166
167
168
169
|
# File 'app/models/egov_utils/user.rb', line 166
def generate_reset_password_token
self.confirmation_code = nil
generate_confirmation_code
end
|
#groups ⇒ Object
137
138
139
|
# File 'app/models/egov_utils/user.rb', line 137
def groups
super.to_a.concat( Array.wrap(ldap_groups) )
end
|
#has_role?(role_name) ⇒ Boolean
121
122
123
|
# File 'app/models/egov_utils/user.rb', line 121
def has_role?(role_name)
all_role_names.include?(role_name)
end
|
#ldap_dn ⇒ Object
141
142
143
|
# File 'app/models/egov_utils/user.rb', line 141
def ldap_dn
@ldap_dn ||= ( dn = auth_source.send(:get_user_dn, login) ) && dn[:dn]
end
|
#ldap_groups ⇒ Object
145
146
147
148
149
150
151
152
153
154
155
156
|
# File 'app/models/egov_utils/user.rb', line 145
def ldap_groups
if provider.present?
group_ids = persisted? && Rails.cache.read("#{cache_key}/ldap_group_ids", expires_in: 30.minutes)
if group_ids
groups = EgovUtils::Group.where(id: group_ids).to_a
else
groups = EgovUtils::Group.where(provider: provider).to_a.select{|g| auth_source.member?(ldap_dn, g.external_uid) }
Rails.cache.write("#{cache_key}/ldap_group_ids", groups.collect(&:id), expires_in: 30.minutes) if persisted?
end
groups
end
end
|
#ldap_register_allowed? ⇒ Boolean
89
90
91
|
# File 'app/models/egov_utils/user.rb', line 89
def ldap_register_allowed?
auth_source && auth_source.register_members_only? && ldap_groups.any?
end
|
#locked? ⇒ Boolean
109
110
111
|
# File 'app/models/egov_utils/user.rb', line 109
def locked?
false
end
|
#logged? ⇒ Boolean
105
106
107
|
# File 'app/models/egov_utils/user.rb', line 105
def logged?
persisted?
end
|
#must_change_password? ⇒ Boolean
158
159
160
|
# File 'app/models/egov_utils/user.rb', line 158
def must_change_password?
(super || password_expired?) && !provider?
end
|
#password_change_possible? ⇒ Boolean
101
102
103
|
# File 'app/models/egov_utils/user.rb', line 101
def password_change_possible?
!provider.present?
end
|
#password_check?(password) ⇒ Boolean
93
94
95
96
97
98
99
|
# File 'app/models/egov_utils/user.rb', line 93
def password_check?(password)
if provider.present?
auth_source.authenticate(login, password)
else
authenticate(password)
end
end
|
#password_expired? ⇒ Boolean
162
163
164
|
# File 'app/models/egov_utils/user.rb', line 162
def password_expired?
false
end
|
#roles ⇒ Object
85
86
87
|
# File 'app/models/egov_utils/user.rb', line 85
def roles
logged? ? super : ['anonymous']
end
|
#to_s ⇒ Object
81
82
83
|
# File 'app/models/egov_utils/user.rb', line 81
def to_s
fullname
end
|