Class: Decidim::Authorization

Inherits:
ApplicationRecord show all
Includes:
HasUploadValidations, RecordEncryptor, Traceable
Defined in:
decidim-core/app/models/decidim/authorization.rb

Overview

An authorization is a record that a User has been authorized somehow. Other models in the system can use different kind of authorizations to allow a user to perform actions.

To create an authorization for a user we need to use an AuthorizationHandler that validates the user against a set of rules. An example could be a handler that validates a user email against an API and depending on the response it allows the creation of the authorization or not.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from HasUploadValidations

#maximum_avatar_size, #maximum_upload_size

Class Method Details

.create_or_update_from(handler) ⇒ Object


33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'decidim-core/app/models/decidim/authorization.rb', line 33

def self.create_or_update_from(handler)
  authorization = find_or_initialize_by(
    user: handler.user,
    name: handler.handler_name
  )

  authorization.attributes = {
    unique_id: handler.unique_id,
    metadata: handler.
  }

  authorization.grant!
end

Instance Method Details

#expired?Boolean

Returns:

  • (Boolean)

82
83
84
# File 'decidim-core/app/models/decidim/authorization.rb', line 82

def expired?
  expires_at.present? && expires_at < Time.current
end

#expires_atObject

Calculates at when this authorization will expire, if it needs to.

Returns nil if the authorization does not expire. Returns an ActiveSupport::TimeWithZone if it expires.


75
76
77
78
79
80
# File 'decidim-core/app/models/decidim/authorization.rb', line 75

def expires_at
  return unless workflow_manifest
  return if workflow_manifest.expires_in.zero?

  (granted_at || created_at) + workflow_manifest.expires_in
end

#grant!Object


47
48
49
50
51
# File 'decidim-core/app/models/decidim/authorization.rb', line 47

def grant!
  remove_verification_attachment!

  update!(granted_at: Time.current, verification_metadata: {})
end

#granted?Boolean

Returns:

  • (Boolean)

53
54
55
# File 'decidim-core/app/models/decidim/authorization.rb', line 53

def granted?
  !granted_at.nil?
end

#metadata_cellObject

Returns a String, the cell to be used to render the metadata


65
66
67
68
69
# File 'decidim-core/app/models/decidim/authorization.rb', line 65

def 
  return unless workflow_manifest

  workflow_manifest.
end

#renewable?Boolean

Returns true if the authorization is renewable by the participant

Returns:

  • (Boolean)

58
59
60
61
62
# File 'decidim-core/app/models/decidim/authorization.rb', line 58

def renewable?
  return unless workflow_manifest

  workflow_manifest.renewable && renewable_at < Time.current
end