Class: EgovUtils::User
Class Method Summary
collapse
Instance Method Summary
collapse
Methods inherited from Principal
#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload
Class Method Details
.anonymous ⇒ Object
72
73
74
|
# File 'app/models/egov_utils/user.rb', line 72
def self.anonymous
self.new
end
|
.authenticate(login, password, active_only = true) ⇒ Object
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# File 'app/models/egov_utils/user.rb', line 43
def self.authenticate(login, password, active_only=true)
login = login.to_s
password = password.to_s
return nil if login.empty? || password.empty?
user = find_by(login: login) || where( arel_table[:login].lower.eq(login.downcase) ).first
if user
return nil unless user.password_check?(password)
return nil if active_only && !user.active?
else
attrs = EgovUtils::AuthSource.authenticate(login, password)
if attrs
user = new(attrs.merge(active: true))
if user.ldap_register_allowed? && user.save
user.reload
logger.info("User '#{user.login}' created from external auth source: #{user.provider}") if logger && user.auth_source
end
end
end
user.update_column(:last_login_at, Time.now) if user && !user.new_record? && user.active?
user
end
|
.current ⇒ Object
80
81
82
|
# File 'app/models/egov_utils/user.rb', line 80
def self.current
RequestLocals.fetch(:current_user) { User.anonymous }
end
|
.current=(user) ⇒ Object
76
77
78
|
# File 'app/models/egov_utils/user.rb', line 76
def self.current=(user)
RequestLocals.store[:current_user] = user || anonymous
end
|
Instance Method Details
#admin? ⇒ Boolean
120
121
122
|
# File 'app/models/egov_utils/user.rb', line 120
def admin?
has_role?('admin')
end
|
#all_role_names ⇒ Object
128
129
130
131
132
133
134
|
# File 'app/models/egov_utils/user.rb', line 128
def all_role_names
@all_role_names ||= Rails.cache.fetch("#{cache_key}/all_role_names", expires_in: 1.hours) do
groups.collect{|g| g.roles}.reduce([], :concat) + roles
end
@all_role_names << self.class.default_role if self.class.default_role && !@all_role_names.any?
@all_role_names
end
|
#all_roles ⇒ Object
136
137
138
|
# File 'app/models/egov_utils/user.rb', line 136
def all_roles
all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end
|
#fullname ⇒ Object
116
117
118
|
# File 'app/models/egov_utils/user.rb', line 116
def fullname
"#{firstname} #{lastname}"
end
|
#generate_reset_password_token ⇒ Object
169
170
171
172
|
# File 'app/models/egov_utils/user.rb', line 169
def generate_reset_password_token
self.confirmation_code = nil
generate_confirmation_code
end
|
#groups ⇒ Object
140
141
142
|
# File 'app/models/egov_utils/user.rb', line 140
def groups
super.to_a.concat( Array.wrap(ldap_groups) )
end
|
#has_role?(role_name) ⇒ Boolean
124
125
126
|
# File 'app/models/egov_utils/user.rb', line 124
def has_role?(role_name)
all_role_names.include?(role_name)
end
|
#ldap_dn ⇒ Object
144
145
146
|
# File 'app/models/egov_utils/user.rb', line 144
def ldap_dn
@ldap_dn ||= ( dn = auth_source.send(:get_user_dn, login) ) && dn[:dn]
end
|
#ldap_groups ⇒ Object
148
149
150
151
152
153
154
155
156
157
158
159
|
# File 'app/models/egov_utils/user.rb', line 148
def ldap_groups
if provider.present?
group_ids = persisted? && Rails.cache.read("#{cache_key}/ldap_group_ids", expires_in: 30.minutes)
if group_ids
groups = EgovUtils::Group.where(id: group_ids).to_a
else
groups = EgovUtils::Group.where(provider: provider).to_a.select{|g| auth_source.member?(ldap_dn, g.external_uid) }
Rails.cache.write("#{cache_key}/ldap_group_ids", groups.collect(&:id), expires_in: 30.minutes) if persisted?
end
groups
end
end
|
#ldap_register_allowed? ⇒ Boolean
92
93
94
|
# File 'app/models/egov_utils/user.rb', line 92
def ldap_register_allowed?
auth_source && auth_source.register_members_only? && ldap_groups.any?
end
|
#locked? ⇒ Boolean
112
113
114
|
# File 'app/models/egov_utils/user.rb', line 112
def locked?
false
end
|
#logged? ⇒ Boolean
108
109
110
|
# File 'app/models/egov_utils/user.rb', line 108
def logged?
persisted?
end
|
#must_change_password? ⇒ Boolean
161
162
163
|
# File 'app/models/egov_utils/user.rb', line 161
def must_change_password?
(super || password_expired?) && !provider?
end
|
#password_change_possible? ⇒ Boolean
104
105
106
|
# File 'app/models/egov_utils/user.rb', line 104
def password_change_possible?
!provider.present?
end
|
#password_check?(password) ⇒ Boolean
96
97
98
99
100
101
102
|
# File 'app/models/egov_utils/user.rb', line 96
def password_check?(password)
if provider.present?
auth_source.authenticate(login, password)
else
authenticate(password)
end
end
|
#password_expired? ⇒ Boolean
165
166
167
|
# File 'app/models/egov_utils/user.rb', line 165
def password_expired?
false
end
|
#roles ⇒ Object
88
89
90
|
# File 'app/models/egov_utils/user.rb', line 88
def roles
logged? ? super : ['anonymous']
end
|
#to_s ⇒ Object
84
85
86
|
# File 'app/models/egov_utils/user.rb', line 84
def to_s
fullname
end
|