Class: Decidim::Authorization

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Decidim::Authorization

Includes:

HasUploadValidations, RecordEncryptor, Traceable

Defined in:

decidim-core/app/models/decidim/authorization.rb

Overview

An authorization is a record that a User has been authorized somehow. Other models in the system can use different kind of authorizations to allow a user to perform actions.

To create an authorization for a user we need to use an AuthorizationHandler that validates the user against a set of rules. An example could be a handler that validates a user email against an API and depending on the response it allows the creation of the authorization or not.

Class Method Summary

• .create_or_update_from(handler) ⇒ Object

Instance Method Summary

• #expired? ⇒ Boolean
• #expires_at ⇒ Object

  Calculates at when this authorization will expire, if it needs to.

• #grant! ⇒ Object
• #granted? ⇒ Boolean
• #metadata_cell ⇒ Object

  Returns a String, the cell to be used to render the metadata.

• #renewable? ⇒ Boolean

  Returns true if the authorization is renewable by the participant.

• #transfer!(handler) ⇒ Decidim::AuthorizationTransfer

  Transfers the authorization and data bound to the authorization to the other user provided as an argument.

Methods included from HasUploadValidations

#attached_uploader, #maximum_avatar_size, #maximum_upload_size

Class Method Details

.create_or_update_from(handler) ⇒ Object

# File 'decidim-core/app/models/decidim/authorization.rb', line 34

def self.create_or_update_from(handler)
  authorization = find_or_initialize_by(
    user: handler.user,
    name: handler.handler_name
  )

  authorization.attributes = handler.authorization_attributes

  authorization.grant!
end

Instance Method Details

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'decidim-core/app/models/decidim/authorization.rb', line 78

def expired?
  expires_at.present? && expires_at < Time.current
end

#expires_at ⇒ Object

Calculates at when this authorization will expire, if it needs to.

Returns nil if the authorization does not expire. Returns an ActiveSupport::TimeWithZone if it expires.

# File 'decidim-core/app/models/decidim/authorization.rb', line 71

def expires_at
  return unless workflow_manifest
  return if workflow_manifest.expires_in.zero?

  (granted_at || created_at) + workflow_manifest.expires_in
end

#grant! ⇒ Object

# File 'decidim-core/app/models/decidim/authorization.rb', line 45

def grant!
  update!(granted_at: Time.current, verification_metadata: {}, verification_attachment: nil)
end

#granted? ⇒ Boolean

Returns:

• (Boolean)

# File 'decidim-core/app/models/decidim/authorization.rb', line 49

def granted?
  !granted_at.nil?
end

#metadata_cell ⇒ Object

Returns a String, the cell to be used to render the metadata

# File 'decidim-core/app/models/decidim/authorization.rb', line 61

def metadata_cell
  return unless workflow_manifest

  workflow_manifest.metadata_cell
end

#renewable? ⇒ Boolean

Returns true if the authorization is renewable by the participant

Returns:

• (Boolean)

# File 'decidim-core/app/models/decidim/authorization.rb', line 54

def renewable?
  return unless workflow_manifest

  workflow_manifest.renewable && renewable_at < Time.current
end

#transfer!(handler) ⇒ Decidim::AuthorizationTransfer

Transfers the authorization and data bound to the authorization to the other user provided as an argument.

Parameters:

• handler (Decidim::AuthorizationHandler) —

  The authorization handler that caused the conflicting situation to happen and which stores the authorizing user’s information with the latest authorization data.

Returns:

• (Decidim::AuthorizationTransfer) —

  The authorization transfer that was just processed with its information.

# File 'decidim-core/app/models/decidim/authorization.rb', line 90

def transfer!(handler)
  Decidim::AuthorizationTransfer.perform!(self, handler)
end