Class: EgovUtils::User
Constant Summary
collapse
- DEFAULT_ROLE =
nil
Class Method Summary
collapse
Instance Method Summary
collapse
Methods inherited from Principal
#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload
Class Method Details
.anonymous ⇒ Object
79
80
81
|
# File 'app/models/egov_utils/user.rb', line 79
def self.anonymous
self.new
end
|
.authenticate(login, password, active_only = true) ⇒ Object
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# File 'app/models/egov_utils/user.rb', line 41
def self.authenticate(login, password, active_only=true)
login = login.to_s
password = password.to_s
return nil if login.empty? || password.empty?
user = find_by(login: login) || where( arel_table[:login].lower.eq(login.downcase) ).first
if user
return nil unless user.password_check?(password)
return nil if active_only && !user.active?
else
attrs = EgovUtils::AuthSource.authenticate(login, password)
if attrs
user = new(attrs.merge(active: true))
if user.ldap_register_allowed? && user.save
user.reload
logger.info("User '#{user.login}' created from external auth source: #{user.provider}") if logger && user.auth_source
end
end
end
if user && !user.new_record?
if user.days_before_inactive && user.last_login_at < (Time.now - user.days_before_inactive.days)
user.udpate_column(active: false)
end
user.update_column(:last_login_at, Time.now) if user.active?
end
user
end
|
.current ⇒ Object
87
88
89
|
# File 'app/models/egov_utils/user.rb', line 87
def self.current
RequestLocals.fetch(:current_user) { User.anonymous }
end
|
.current=(user) ⇒ Object
83
84
85
|
# File 'app/models/egov_utils/user.rb', line 83
def self.current=(user)
RequestLocals.store[:current_user] = user || anonymous
end
|
Instance Method Details
#admin? ⇒ Boolean
127
128
129
|
# File 'app/models/egov_utils/user.rb', line 127
def admin?
has_role?('admin')
end
|
#all_role_names ⇒ Object
135
136
137
138
139
140
141
|
# File 'app/models/egov_utils/user.rb', line 135
def all_role_names
@all_role_names ||= Rails.cache.fetch("#{cache_key}/all_role_names", expires_in: 1.hours) do
groups.collect{|g| g.roles}.reduce([], :concat) + roles
end
@all_role_names << DEFAULT_ROLE if DEFAULT_ROLE && !@all_role_names.any?
@all_role_names
end
|
#all_roles ⇒ Object
143
144
145
|
# File 'app/models/egov_utils/user.rb', line 143
def all_roles
all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end
|
#fullname ⇒ Object
123
124
125
|
# File 'app/models/egov_utils/user.rb', line 123
def fullname
"#{firstname} #{lastname}"
end
|
#generate_reset_password_token ⇒ Object
176
177
178
179
|
# File 'app/models/egov_utils/user.rb', line 176
def generate_reset_password_token
self.confirmation_code = nil
generate_confirmation_code
end
|
#groups ⇒ Object
147
148
149
|
# File 'app/models/egov_utils/user.rb', line 147
def groups
super.to_a.concat( Array.wrap(ldap_groups) )
end
|
#has_role?(role_name) ⇒ Boolean
131
132
133
|
# File 'app/models/egov_utils/user.rb', line 131
def has_role?(role_name)
all_role_names.include?(role_name)
end
|
#ldap_dn ⇒ Object
151
152
153
|
# File 'app/models/egov_utils/user.rb', line 151
def ldap_dn
@ldap_dn ||= ( dn = auth_source.send(:get_user_dn, login) ) && dn[:dn]
end
|
#ldap_groups ⇒ Object
155
156
157
158
159
160
161
162
163
164
165
166
|
# File 'app/models/egov_utils/user.rb', line 155
def ldap_groups
if provider.present?
group_ids = persisted? && Rails.cache.read("#{cache_key}/ldap_group_ids", expires_in: 30.minutes)
if group_ids
groups = EgovUtils::Group.where(id: group_ids).to_a
else
groups = EgovUtils::Group.where(provider: provider).to_a.select{|g| auth_source.member?(ldap_dn, g.external_uid) }
Rails.cache.write("#{cache_key}/ldap_group_ids", groups.collect(&:id), expires_in: 30.minutes) if persisted?
end
groups
end
end
|
#ldap_register_allowed? ⇒ Boolean
99
100
101
|
# File 'app/models/egov_utils/user.rb', line 99
def ldap_register_allowed?
auth_source && auth_source.register_members_only? && ldap_groups.any?
end
|
#locked? ⇒ Boolean
119
120
121
|
# File 'app/models/egov_utils/user.rb', line 119
def locked?
false
end
|
#logged? ⇒ Boolean
115
116
117
|
# File 'app/models/egov_utils/user.rb', line 115
def logged?
persisted?
end
|
#must_change_password? ⇒ Boolean
168
169
170
|
# File 'app/models/egov_utils/user.rb', line 168
def must_change_password?
(super || password_expired?) && !provider?
end
|
#password_change_possible? ⇒ Boolean
111
112
113
|
# File 'app/models/egov_utils/user.rb', line 111
def password_change_possible?
!provider.present?
end
|
#password_check?(password) ⇒ Boolean
103
104
105
106
107
108
109
|
# File 'app/models/egov_utils/user.rb', line 103
def password_check?(password)
if provider.present?
auth_source.authenticate(login, password)
else
authenticate(password)
end
end
|
#password_expired? ⇒ Boolean
172
173
174
|
# File 'app/models/egov_utils/user.rb', line 172
def password_expired?
false
end
|
#roles ⇒ Object
95
96
97
|
# File 'app/models/egov_utils/user.rb', line 95
def roles
logged? ? super : ['anonymous']
end
|
#to_s ⇒ Object
91
92
93
|
# File 'app/models/egov_utils/user.rb', line 91
def to_s
fullname
end
|