Class: Decidim::Authorization

Inherits:
ApplicationRecord show all
Includes:
HasUploadValidations, RecordEncryptor, Traceable
Defined in:
decidim-core/app/models/decidim/authorization.rb

Overview

An authorization is a record that a User has been authorized somehow. Other models in the system can use different kind of authorizations to allow a user to perform actions.

To create an authorization for a user we need to use an AuthorizationHandler that validates the user against a set of rules. An example could be a handler that validates a user email against an API and depending on the response it allows the creation of the authorization or not.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from HasUploadValidations

#attached_uploader, #maximum_avatar_size, #maximum_upload_size

Class Method Details

.create_or_update_from(handler) ⇒ Object



34
35
36
37
38
39
40
41
42
43
# File 'decidim-core/app/models/decidim/authorization.rb', line 34

def self.create_or_update_from(handler)
  authorization = find_or_initialize_by(
    user: handler.user,
    name: handler.handler_name
  )

  authorization.attributes = handler.authorization_attributes

  authorization.grant!
end

Instance Method Details

#expired?Boolean

Returns:

  • (Boolean)


78
79
80
# File 'decidim-core/app/models/decidim/authorization.rb', line 78

def expired?
  expires_at.present? && expires_at < Time.current
end

#expires_atObject

Calculates at when this authorization will expire, if it needs to.

Returns nil if the authorization does not expire. Returns an ActiveSupport::TimeWithZone if it expires.



71
72
73
74
75
76
# File 'decidim-core/app/models/decidim/authorization.rb', line 71

def expires_at
  return unless workflow_manifest
  return if workflow_manifest.expires_in.zero?

  (granted_at || created_at) + workflow_manifest.expires_in
end

#grant!Object



45
46
47
# File 'decidim-core/app/models/decidim/authorization.rb', line 45

def grant!
  update!(granted_at: Time.current, verification_metadata: {}, verification_attachment: nil)
end

#granted?Boolean

Returns:

  • (Boolean)


49
50
51
# File 'decidim-core/app/models/decidim/authorization.rb', line 49

def granted?
  !granted_at.nil?
end

#metadata_cellObject

Returns a String, the cell to be used to render the metadata



61
62
63
64
65
# File 'decidim-core/app/models/decidim/authorization.rb', line 61

def 
  return unless workflow_manifest

  workflow_manifest.
end

#renewable?Boolean

Returns true if the authorization is renewable by the participant

Returns:

  • (Boolean)


54
55
56
57
58
# File 'decidim-core/app/models/decidim/authorization.rb', line 54

def renewable?
  return unless workflow_manifest

  workflow_manifest.renewable && renewable_at < Time.current
end

#transfer!(handler) ⇒ Decidim::AuthorizationTransfer

Transfers the authorization and data bound to the authorization to the other user provided as an argument.

Parameters:

  • handler (Decidim::AuthorizationHandler)

    The authorization handler that caused the conflicting situation to happen and which stores the authorizing user’s information with the latest authorization data.

Returns:



90
91
92
# File 'decidim-core/app/models/decidim/authorization.rb', line 90

def transfer!(handler)
  Decidim::AuthorizationTransfer.perform!(self, handler)
end