Class: User
- Inherits:
-
Principal
- Object
- ActiveRecord::Base
- ApplicationRecord
- Principal
- User
- Includes:
- Redmine::Ciphering, Redmine::SafeAttributes
- Defined in:
- app/models/user.rb
Direct Known Subclasses
Defined Under Namespace
Classes: CurrentUser
Constant Summary collapse
- USER_FORMATS =
Different ways of displaying/sorting users rubocop:disable Lint/InterpolationCheck
{ :firstname_lastname => { :string => '#{firstname} #{lastname}', :order => %w(firstname lastname id), :setting_order => 1 }, :firstname_lastinitial => { :string => '#{firstname} #{lastname.to_s.chars.first}.', :order => %w(firstname lastname id), :setting_order => 2 }, :firstinitial_lastname => { :string => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\')} #{lastname}', :order => %w(firstname lastname id), :setting_order => 2 }, :firstname => { :string => '#{firstname}', :order => %w(firstname id), :setting_order => 3 }, :lastname_firstname => { :string => '#{lastname} #{firstname}', :order => %w(lastname firstname id), :setting_order => 4 }, :lastnamefirstname => { :string => '#{lastname}#{firstname}', :order => %w(lastname firstname id), :setting_order => 5 }, :lastname_comma_firstname => { :string => '#{lastname}, #{firstname}', :order => %w(lastname firstname id), :setting_order => 6 }, :lastname => { :string => '#{lastname}', :order => %w(lastname id), :setting_order => 7 }, :username => { :string => '#{login}', :order => %w(login id), :setting_order => 8 }, }
- MAIL_NOTIFICATION_OPTIONS =
rubocop:enable Lint/InterpolationCheck
[ ['all', :label_user_mail_option_all], ['selected', :label_user_mail_option_selected], ['only_my_events', :label_user_mail_option_only_my_events], ['only_assigned', :label_user_mail_option_only_assigned], ['only_owner', :label_user_mail_option_only_owner], ['none', :label_user_mail_option_none] ]
- LOGIN_LENGTH_LIMIT =
60
- MAIL_LENGTH_LIMIT =
254
- LABEL_BY_STATUS =
{ STATUS_ANONYMOUS => 'anon', STATUS_ACTIVE => 'active', STATUS_REGISTERED => 'registered', STATUS_LOCKED => 'locked' }
Constants inherited from Principal
Principal::STATUS_ACTIVE, Principal::STATUS_ANONYMOUS, Principal::STATUS_LOCKED, Principal::STATUS_REGISTERED
Instance Attribute Summary collapse
-
#generate_password ⇒ Object
Returns the value of attribute generate_password.
-
#last_before_login_on ⇒ Object
Returns the value of attribute last_before_login_on.
-
#password ⇒ Object
Returns the value of attribute password.
-
#password_confirmation ⇒ Object
Returns the value of attribute password_confirmation.
-
#remote_ip ⇒ Object
Returns the value of attribute remote_ip.
Class Method Summary collapse
-
.anonymous ⇒ Object
Returns the anonymous user.
- .current ⇒ Object
- .current=(user) ⇒ Object
-
.default_admin_account_changed? ⇒ Boolean
Returns true if the default admin account can no longer be used.
-
.fields_for_order_statement(table = nil) ⇒ Object
Returns an array of fields names than can be used to make an order statement for users according to how user names are displayed Examples:.
- .find_by_api_key(key) ⇒ Object
- .find_by_atom_key(key) ⇒ Object
-
.find_by_login(login) ⇒ Object
Find a user account by matching the exact login and then a case-insensitive version.
-
.find_by_mail(mail) ⇒ Object
Makes find_by_mail case-insensitive.
-
.generate_salt ⇒ Object
Returns a 128bits random salt as a hex string (32 chars long).
-
.hash_password(clear_password) ⇒ Object
Return password digest.
- .name_formatter(formatter = nil) ⇒ Object
- .prune(age = 30.days) ⇒ Object
-
.salt_unsalted_passwords! ⇒ Object
Salts all existing unsalted passwords It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) This method is used in the SaltPasswords migration and is to be kept as is.
-
.try_to_autologin(key) ⇒ Object
Returns the user who matches the given autologin
key
or nil. -
.try_to_login(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are caught, logged and nil is returned.
-
.try_to_login!(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are passed through.
-
.valid_notification_options(user = nil) ⇒ Object
Only users that belong to more than 1 project can select projects for which they are notified.
-
.verify_session_token(user_id, token) ⇒ Object
Returns true if token is a valid session token for the user whose id is user_id.
Instance Method Summary collapse
- #activate ⇒ Object
- #activate! ⇒ Object
-
#allowed_to?(action, context, options = {}, &block) ⇒ Boolean
Return true if the user is allowed to do the specified action on a specific context Action can be: * a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’) * a permission Symbol (eg. :edit_project) Context can be: * a project : returns true if user is allowed to do the specified action on this project * an array of projects : returns true if user is allowed on every project * nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged.
-
#allowed_to_globally?(action, options = {}) ⇒ Boolean
Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.
- #allowed_to_view_all_time_entries?(context) ⇒ Boolean
- #anonymous? ⇒ Boolean
-
#api_key ⇒ Object
Return user’s API key (a 40 chars long string), used to access the API.
-
#atom_key ⇒ Object
Return user’s ATOM key (a 40 chars long string), used to access feeds.
- #base_reload ⇒ Object
- #bookmarked_project_ids ⇒ Object
-
#builtin_role ⇒ Object
Returns the user’s bult-in role.
-
#change_password_allowed? ⇒ Boolean
Does the backend storage allow this user to change their password?.
-
#check_password?(clear_password) ⇒ Boolean
Returns true if
clear_password
is the correct user’s password, otherwise false. - #convert_time_to_user_timezone(time) ⇒ Object
- #css_classes ⇒ Object
- #delete_autologin_token(value) ⇒ Object
- #delete_session_token(value) ⇒ Object
- #force_default_language? ⇒ Boolean
-
#generate_autologin_token ⇒ Object
Generates a new autologin token and returns its value.
- #generate_password? ⇒ Boolean
-
#generate_session_token ⇒ Object
Generates a new session token and returns its value.
-
#is_or_belongs_to?(arg) ⇒ Boolean
Returns true if user is arg or belongs to arg.
- #language ⇒ Object
- #lock ⇒ Object
- #lock! ⇒ Object
- #locked? ⇒ Boolean
- #logged? ⇒ Boolean
- #mail ⇒ Object
- #mail=(arg) ⇒ Object
- #mail_changed? ⇒ Boolean
- #mails ⇒ Object
-
#managed_roles(project) ⇒ Object
Returns the roles that the user is allowed to manage for the given project.
-
#membership(project) ⇒ Object
Returns user’s membership for the given project or nil if the user is not a member of project.
- #must_activate_twofa? ⇒ Boolean
- #must_change_password? ⇒ Boolean
-
#name(formatter = nil) ⇒ Object
Return user’s full name for display.
- #notified_project_ids=(ids) ⇒ Object
-
#notified_projects_ids ⇒ Object
Return an array of project ids for which the user has explicitly turned mail notifications on.
-
#notify_about?(object) ⇒ Boolean
Utility method to help check if a user should be notified about an event.
- #notify_about_high_priority_issues? ⇒ Boolean
-
#own_account_deletable? ⇒ Boolean
Returns true if the user is allowed to delete the user’s own account.
-
#password_expired? ⇒ Boolean
Returns true if the user password has expired.
- #pref ⇒ Object
-
#project_ids_by_role ⇒ Object
Returns a hash of project ids grouped by roles.
-
#projects_by_role ⇒ Object
Returns a hash of user’s projects grouped by roles TODO: No longer used, should be deprecated.
-
#random_password(length = 40) ⇒ Object
Generate and set a random password on given length.
- #register ⇒ Object
- #register! ⇒ Object
- #registered? ⇒ Boolean
- #reload(*args) ⇒ Object
- #roles ⇒ Object
-
#roles_for_project(project) ⇒ Object
Return user’s roles for project.
-
#salt_password(clear_password) ⇒ Object
Generates a random salt and computes hashed_password for
clear_password
The hashed password is stored in the following form: SHA1(salt + SHA1(password)). - #set_mail_notification ⇒ Object
-
#time_to_date(time) ⇒ Object
Returns the day of
time
according to user’s time zone. - #time_zone ⇒ Object
- #to_s ⇒ Object
-
#today ⇒ Object
Returns the current day according to user’s time zone.
- #twofa_active? ⇒ Boolean
- #twofa_totp_key ⇒ Object
- #twofa_totp_key=(key) ⇒ Object
- #update_hashed_password ⇒ Object
- #update_last_login_on! ⇒ Object
- #valid_notification_options ⇒ Object
-
#visible_project_ids ⇒ Object
Returns the ids of visible projects.
- #wants_comments_in_reverse_order? ⇒ Boolean
Methods included from Redmine::SafeAttributes
#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=
Methods included from Redmine::Ciphering
cipher_key, decrypt_text, encrypt_text, included, logger
Methods inherited from Principal
#<=>, #active?, detect_by_keyword, #member_of?, #nullify_projects_default_assigned_to, #project_ids, #visible?
Methods inherited from ApplicationRecord
Instance Attribute Details
#generate_password ⇒ Object
Returns the value of attribute generate_password.
103 104 105 |
# File 'app/models/user.rb', line 103 def generate_password @generate_password end |
#last_before_login_on ⇒ Object
Returns the value of attribute last_before_login_on.
104 105 106 |
# File 'app/models/user.rb', line 104 def last_before_login_on @last_before_login_on end |
#password ⇒ Object
Returns the value of attribute password.
103 104 105 |
# File 'app/models/user.rb', line 103 def password @password end |
#password_confirmation ⇒ Object
Returns the value of attribute password_confirmation.
103 104 105 |
# File 'app/models/user.rb', line 103 def password_confirmation @password_confirmation end |
#remote_ip ⇒ Object
Returns the value of attribute remote_ip.
105 106 107 |
# File 'app/models/user.rb', line 105 def remote_ip @remote_ip end |
Class Method Details
.anonymous ⇒ Object
Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only one anonymous user per database.
857 858 859 860 861 862 863 864 |
# File 'app/models/user.rb', line 857 def self.anonymous anonymous_user = AnonymousUser.unscoped.find_by(:lastname => 'Anonymous') if anonymous_user.nil? anonymous_user = AnonymousUser.unscoped.create(:lastname => 'Anonymous', :firstname => '', :login => '', :status => 0) raise 'Unable to create the anonymous user.' if anonymous_user.new_record? end anonymous_user end |
.current ⇒ Object
851 852 853 |
# File 'app/models/user.rb', line 851 def self.current CurrentUser.user ||= User.anonymous end |
.current=(user) ⇒ Object
847 848 849 |
# File 'app/models/user.rb', line 847 def self.current=(user) CurrentUser.user = user end |
.default_admin_account_changed? ⇒ Boolean
Returns true if the default admin account can no longer be used
545 546 547 |
# File 'app/models/user.rb', line 545 def self.default_admin_account_changed? !User.active.find_by_login("admin").try(:check_password?, "admin") end |
.fields_for_order_statement(table = nil) ⇒ Object
263 264 265 266 |
# File 'app/models/user.rb', line 263 def self.fields_for_order_statement(table=nil) table ||= table_name name_formatter[:order].map {|field| "#{table}.#{field}"} end |
.find_by_api_key(key) ⇒ Object
535 536 537 |
# File 'app/models/user.rb', line 535 def self.find_by_api_key(key) Token.find_active_user('api', key) end |
.find_by_atom_key(key) ⇒ Object
531 532 533 |
# File 'app/models/user.rb', line 531 def self.find_by_atom_key(key) Token.find_active_user('feeds', key) end |
.find_by_login(login) ⇒ Object
Find a user account by matching the exact login and then a case-insensitive version. Exact matches will be given priority.
518 519 520 521 522 523 524 525 526 527 528 529 |
# File 'app/models/user.rb', line 518 def self.find_by_login(login) login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s) if login.present? # First look for an exact match user = where(:login => login).detect {|u| u.login == login} unless user # Fail over to case-insensitive if none was found user = find_by("LOWER(login) = ?", login.downcase) end user end end |
.find_by_mail(mail) ⇒ Object
Makes find_by_mail case-insensitive
540 541 542 |
# File 'app/models/user.rb', line 540 def self.find_by_mail(mail) having_mail(mail).first end |
.generate_salt ⇒ Object
Returns a 128bits random salt as a hex string (32 chars long)
979 980 981 |
# File 'app/models/user.rb', line 979 def generate_salt Redmine::Utils.random_hex(16) end |
.hash_password(clear_password) ⇒ Object
Return password digest
974 975 976 |
# File 'app/models/user.rb', line 974 def hash_password(clear_password) Digest::SHA1.hexdigest(clear_password || "") end |
.name_formatter(formatter = nil) ⇒ Object
253 254 255 |
# File 'app/models/user.rb', line 253 def self.name_formatter(formatter = nil) USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname] end |
.prune(age = 30.days) ⇒ Object
888 889 890 |
# File 'app/models/user.rb', line 888 def self.prune(age=30.days) User.where("created_on < ? AND status = ?", Time.now - age, STATUS_REGISTERED).destroy_all end |
.salt_unsalted_passwords! ⇒ Object
Salts all existing unsalted passwords It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) This method is used in the SaltPasswords migration and is to be kept as is
869 870 871 872 873 874 875 876 877 878 879 |
# File 'app/models/user.rb', line 869 def self.salt_unsalted_passwords! transaction do User.where("salt IS NULL OR salt = ''").find_each do |user| next if user.hashed_password.blank? salt = User.generate_salt hashed_password = User.hash_password("#{salt}#{user.hashed_password}") User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password) end end end |
.try_to_autologin(key) ⇒ Object
Returns the user who matches the given autologin key
or nil
245 246 247 248 249 250 251 |
# File 'app/models/user.rb', line 245 def self.try_to_autologin(key) user = Token.find_active_user('autologin', key, Setting.autologin.to_i) if user user.update_last_login_on! user end end |
.try_to_login(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are caught, logged and nil is returned.
206 207 208 209 210 211 |
# File 'app/models/user.rb', line 206 def self.try_to_login(login, password, active_only=true) try_to_login!(login, password, active_only) rescue AuthSourceException => e logger.error "An error occured when authenticating #{login}: #{e.}" nil end |
.try_to_login!(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are passed through.
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 |
# File 'app/models/user.rb', line 215 def self.try_to_login!(login, password, active_only=true) login = login.to_s.strip password = password.to_s # Make sure no one can sign in with an empty login or password return nil if login.empty? || password.empty? user = find_by_login(login) if user # user is already in local database return nil unless user.check_password?(password) return nil if !user.active? && active_only else # user is not yet registered, try to authenticate with available sources attrs = AuthSource.authenticate(login, password) if attrs user = new(attrs) user.login = login user.language = Setting.default_language if user.save user.reload logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source end end end user.update_last_login_on! if user && !user.new_record? && user.active? user end |
.valid_notification_options(user = nil) ⇒ Object
Only users that belong to more than 1 project can select projects for which they are notified
506 507 508 509 510 511 512 513 514 |
# File 'app/models/user.rb', line 506 def self.(user=nil) # Note that @user.membership.size would fail since AR ignores # :include association option when doing a count if user.nil? || user.memberships.length < 1 MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'} else MAIL_NOTIFICATION_OPTIONS end end |
.verify_session_token(user_id, token) ⇒ Object
Returns true if token is a valid session token for the user whose id is user_id
461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 |
# File 'app/models/user.rb', line 461 def self.verify_session_token(user_id, token) return false if user_id.blank? || token.blank? scope = Token.where(:user_id => user_id, :value => token.to_s, :action => 'session') if Setting.session_lifetime? scope = scope.where("created_on > ?", Setting.session_lifetime.to_i.minutes.ago) end if Setting.session_timeout? scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago) end last_updated = scope.maximum(:updated_on) if last_updated.nil? false elsif last_updated <= 1.minute.ago scope.update_all(:updated_on => Time.now) == 1 else true end end |
Instance Method Details
#activate ⇒ Object
286 287 288 |
# File 'app/models/user.rb', line 286 def activate self.status = STATUS_ACTIVE end |
#activate! ⇒ Object
298 299 300 |
# File 'app/models/user.rb', line 298 def activate! update_attribute(:status, STATUS_ACTIVE) end |
#allowed_to?(action, context, options = {}, &block) ⇒ Boolean
Return true if the user is allowed to do the specified action on a specific context Action can be:
-
a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’)
-
a permission Symbol (eg. :edit_project)
Context can be:
-
a project : returns true if user is allowed to do the specified action on this project
-
an array of projects : returns true if user is allowed on every project
-
nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged
727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 |
# File 'app/models/user.rb', line 727 def allowed_to?(action, context, ={}, &block) if context && context.is_a?(Project) return false unless context.allows_to?(action) # Admin users are authorized for anything else return true if admin? roles = roles_for_project(context) return false unless roles roles.any? do |role| (context.is_public? || role.member?) && role.allowed_to?(action) && (block ? yield(role, self) : true) end elsif context && context.is_a?(Array) if context.empty? false else # Authorize if user is authorized on every element of the array context.map {|project| allowed_to?(action, project, , &block)}.reduce(:&) end elsif context raise ArgumentError.new("#allowed_to? context argument must be a Project, an Array of projects or nil") elsif [:global] # Admin users are always authorized return true if admin? # authorize if user has at least one role that has this permission roles = self.roles.to_a | [builtin_role] roles.any? do |role| role.allowed_to?(action) && (block ? yield(role, self) : true) end else false end end |
#allowed_to_globally?(action, options = {}) ⇒ Boolean
Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.
NB: this method is not used anywhere in the core codebase as of 2.5.2, but it’s used by many plugins so if we ever want to remove it it has to be carefully deprecated for a version or two.
771 772 773 |
# File 'app/models/user.rb', line 771 def allowed_to_globally?(action, ={}, &) allowed_to?(action, nil, .reverse_merge(:global => true), &) end |
#allowed_to_view_all_time_entries?(context) ⇒ Boolean
775 776 777 778 779 |
# File 'app/models/user.rb', line 775 def allowed_to_view_all_time_entries?(context) allowed_to?(:view_time_entries, context) do |role, user| role.time_entries_visibility == 'all' end end |
#anonymous? ⇒ Boolean
590 591 592 |
# File 'app/models/user.rb', line 590 def anonymous? !logged? end |
#api_key ⇒ Object
Return user’s API key (a 40 chars long string), used to access the API
425 426 427 428 429 430 |
# File 'app/models/user.rb', line 425 def api_key if api_token.nil? create_api_token(:action => 'api') end api_token.value end |
#atom_key ⇒ Object
Return user’s ATOM key (a 40 chars long string), used to access feeds
417 418 419 420 421 422 |
# File 'app/models/user.rb', line 417 def atom_key if atom_token.nil? create_atom_token(:action => 'feeds') end atom_token.value end |
#base_reload ⇒ Object
172 |
# File 'app/models/user.rb', line 172 alias :base_reload :reload |
#bookmarked_project_ids ⇒ Object
881 882 883 884 885 886 |
# File 'app/models/user.rb', line 881 def bookmarked_project_ids project_ids = [] bookmarked_project_ids = self.pref[:bookmarked_project_ids] project_ids = bookmarked_project_ids.split(',') unless bookmarked_project_ids.nil? project_ids.map(&:to_i) end |
#builtin_role ⇒ Object
Returns the user’s bult-in role
623 624 625 |
# File 'app/models/user.rb', line 623 def builtin_role @builtin_role ||= Role.non_member end |
#change_password_allowed? ⇒ Boolean
Does the backend storage allow this user to change their password?
334 335 336 |
# File 'app/models/user.rb', line 334 def change_password_allowed? auth_source.nil? ? true : auth_source.allow_password_changes? end |
#check_password?(clear_password) ⇒ Boolean
Returns true if clear_password
is the correct user’s password, otherwise false
317 318 319 320 321 322 323 |
# File 'app/models/user.rb', line 317 def check_password?(clear_password) if auth_source_id.present? auth_source.authenticate(self.login, clear_password) else User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password end end |
#convert_time_to_user_timezone(time) ⇒ Object
578 579 580 581 582 583 584 |
# File 'app/models/user.rb', line 578 def convert_time_to_user_timezone(time) if self.time_zone time.in_time_zone(self.time_zone) else time.utc? ? time.localtime : time end end |
#css_classes ⇒ Object
560 561 562 |
# File 'app/models/user.rb', line 560 def css_classes "user #{LABEL_BY_STATUS[status]}" end |
#delete_autologin_token(value) ⇒ Object
448 449 450 |
# File 'app/models/user.rb', line 448 def delete_autologin_token(value) Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all end |
#delete_session_token(value) ⇒ Object
438 439 440 |
# File 'app/models/user.rb', line 438 def delete_session_token(value) Token.where(:user_id => id, :action => 'session', :value => value).delete_all end |
#force_default_language? ⇒ Boolean
400 401 402 |
# File 'app/models/user.rb', line 400 def force_default_language? Setting.force_default_language_for_loggedin? end |
#generate_autologin_token ⇒ Object
Generates a new autologin token and returns its value
443 444 445 446 |
# File 'app/models/user.rb', line 443 def generate_autologin_token token = Token.create!(:user_id => id, :action => 'autologin') token.value end |
#generate_password? ⇒ Boolean
353 354 355 |
# File 'app/models/user.rb', line 353 def generate_password? ActiveRecord::Type::Boolean.new.deserialize(generate_password) end |
#generate_session_token ⇒ Object
Generates a new session token and returns its value
433 434 435 436 |
# File 'app/models/user.rb', line 433 def generate_session_token token = Token.create!(:user_id => id, :action => 'session') token.value end |
#is_or_belongs_to?(arg) ⇒ Boolean
Returns true if user is arg or belongs to arg
708 709 710 711 712 713 714 715 716 |
# File 'app/models/user.rb', line 708 def is_or_belongs_to?(arg) if arg.is_a?(User) self == arg elsif arg.is_a?(Group) arg.users.include?(self) else false end end |
#language ⇒ Object
404 405 406 407 408 409 410 |
# File 'app/models/user.rb', line 404 def language if force_default_language? Setting.default_language else super end end |
#lock ⇒ Object
294 295 296 |
# File 'app/models/user.rb', line 294 def lock self.status = STATUS_LOCKED end |
#lock! ⇒ Object
306 307 308 |
# File 'app/models/user.rb', line 306 def lock! update_attribute(:status, STATUS_LOCKED) end |
#locked? ⇒ Boolean
282 283 284 |
# File 'app/models/user.rb', line 282 def locked? self.status == STATUS_LOCKED end |
#logged? ⇒ Boolean
586 587 588 |
# File 'app/models/user.rb', line 586 def logged? true end |
#mail ⇒ Object
187 188 189 |
# File 'app/models/user.rb', line 187 def mail email_address.try(:address) end |
#mail=(arg) ⇒ Object
191 192 193 194 |
# File 'app/models/user.rb', line 191 def mail=(arg) email = email_address || build_email_address email.address = arg end |
#mail_changed? ⇒ Boolean
196 197 198 |
# File 'app/models/user.rb', line 196 def mail_changed? email_address.try(:address_changed?) end |
#mails ⇒ Object
200 201 202 |
# File 'app/models/user.rb', line 200 def mails email_addresses.pluck(:address) end |
#managed_roles(project) ⇒ Object
Returns the roles that the user is allowed to manage for the given project
699 700 701 702 703 704 705 |
# File 'app/models/user.rb', line 699 def managed_roles(project) if admin? @managed_roles ||= Role.givable.to_a else membership(project).try(:managed_roles) || [] end end |
#membership(project) ⇒ Object
Returns user’s membership for the given project or nil if the user is not a member of project
596 597 598 599 600 601 602 603 604 |
# File 'app/models/user.rb', line 596 def membership(project) project_id = project.is_a?(Project) ? project.id : project @membership_by_project_id ||= Hash.new do |h, project_id| h[project_id] = memberships.where(:project_id => project_id).first end @membership_by_project_id[project_id] end |
#must_activate_twofa? ⇒ Boolean
384 385 386 387 388 389 390 |
# File 'app/models/user.rb', line 384 def must_activate_twofa? return false if twofa_active? return true if Setting.twofa_required? return true if Setting.twofa_required_for_administrators? && admin? return true if Setting.twofa_optional? && groups.any?(&:twofa_required?) end |
#must_change_password? ⇒ Boolean
349 350 351 |
# File 'app/models/user.rb', line 349 def must_change_password? (must_change_passwd? || password_expired?) && change_password_allowed? end |
#name(formatter = nil) ⇒ Object
Return user’s full name for display
269 270 271 272 273 274 275 276 |
# File 'app/models/user.rb', line 269 def name(formatter = nil) f = self.class.name_formatter(formatter) if formatter eval('"' + f[:string] + '"') else @name ||= eval('"' + f[:string] + '"') end end |
#notified_project_ids=(ids) ⇒ Object
486 487 488 489 |
# File 'app/models/user.rb', line 486 def notified_project_ids=(ids) @notified_projects_ids_changed = true @notified_projects_ids = ids.map(&:to_i).uniq.select {|n| n > 0} end |
#notified_projects_ids ⇒ Object
Return an array of project ids for which the user has explicitly turned mail notifications on
482 483 484 |
# File 'app/models/user.rb', line 482 def notified_projects_ids @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id) end |
#notify_about?(object) ⇒ Boolean
Utility method to help check if a user should be notified about an event.
TODO: only supports Issue events currently
815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 |
# File 'app/models/user.rb', line 815 def notify_about?(object) if mail_notification == 'all' true elsif mail_notification.blank? || mail_notification == 'none' false else case object when Issue case mail_notification when 'selected', 'only_my_events' # user receives notifications for created/assigned issues on unselected projects object. == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee) when 'only_assigned' is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee) when 'only_owner' object. == self end when News # always send to project members except when mail_notification is set to 'none' true end end end |
#notify_about_high_priority_issues? ⇒ Boolean
839 840 841 |
# File 'app/models/user.rb', line 839 def notify_about_high_priority_issues? self.pref.notify_about_high_priority_issues end |
#own_account_deletable? ⇒ Boolean
Returns true if the user is allowed to delete the user’s own account
782 783 784 785 |
# File 'app/models/user.rb', line 782 def own_account_deletable? Setting.unsubscribe? && (!admin? || User.active.admin.where("id <> ?", id).exists?) end |
#password_expired? ⇒ Boolean
Returns true if the user password has expired
339 340 341 342 343 344 345 346 347 |
# File 'app/models/user.rb', line 339 def password_expired? period = Setting.password_max_age.to_i if period.zero? false else changed_on = self.passwd_changed_on || Time.at(0) changed_on < period.days.ago end end |
#pref ⇒ Object
392 393 394 |
# File 'app/models/user.rb', line 392 def pref self.preference ||= UserPreference.new(:user => self) end |
#project_ids_by_role ⇒ Object
Returns a hash of project ids grouped by roles. Includes the projects that the user is a member of and the projects that grant custom permissions to the builtin groups.
656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 |
# File 'app/models/user.rb', line 656 def project_ids_by_role # Clear project condition for when called from chained scopes # eg. project.children.visible(user) Project.unscoped do return @project_ids_by_role if @project_ids_by_role group_class = anonymous? ? GroupAnonymous.unscoped : GroupNonMember.unscoped group_id = group_class.pick(:id) members = Member.joins(:project, :member_roles). where("#{Project.table_name}.status <> 9"). where("#{Member.table_name}.user_id = ? OR (#{Project.table_name}.is_public = ? AND #{Member.table_name}.user_id = ?)", self.id, true, group_id). pluck(:user_id, :role_id, :project_id) hash = {} members.each do |user_id, role_id, project_id| # Ignore the roles of the builtin group if the user is a member of the project next if user_id != id && project_ids.include?(project_id) hash[role_id] ||= [] hash[role_id] << project_id end result = Hash.new([]) if hash.present? roles = Role.where(:id => hash.keys).to_a hash.each do |role_id, proj_ids| role = roles.detect {|r| r.id == role_id} if role result[role] = proj_ids.uniq end end end @project_ids_by_role = result end end |
#projects_by_role ⇒ Object
Returns a hash of user’s projects grouped by roles TODO: No longer used, should be deprecated
643 644 645 646 647 648 649 650 651 |
# File 'app/models/user.rb', line 643 def projects_by_role return @projects_by_role if @projects_by_role result = Hash.new([]) project_ids_by_role.each do |role, ids| result[role] = Project.where(:id => ids).to_a end @projects_by_role = result end |
#random_password(length = 40) ⇒ Object
Generate and set a random password on given length
358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
# File 'app/models/user.rb', line 358 def random_password(length=40) chars_list = [('A'..'Z').to_a, ('a'..'z').to_a, ('0'..'9').to_a] # auto-generated passwords contain special characters only when admins # require users to use passwords which contains special characters if Setting.password_required_char_classes.include?('special_chars') chars_list << ("\x20".."\x7e").to_a.select {|c| c =~ Setting::PASSWORD_CHAR_CLASSES['special_chars']} end chars_list.each {|v| v.reject! {|c| %(0O1l|'"`*).include?(c)}} password = +'' chars_list.each do |chars| password << chars[SecureRandom.random_number(chars.size)] length -= 1 end chars = chars_list.flatten length.times {password << chars[SecureRandom.random_number(chars.size)]} password = password.chars.shuffle(random: SecureRandom).join self.password = password self.password_confirmation = password self end |
#register ⇒ Object
290 291 292 |
# File 'app/models/user.rb', line 290 def register self.status = STATUS_REGISTERED end |
#register! ⇒ Object
302 303 304 |
# File 'app/models/user.rb', line 302 def register! update_attribute(:status, STATUS_REGISTERED) end |
#registered? ⇒ Boolean
278 279 280 |
# File 'app/models/user.rb', line 278 def registered? self.status == STATUS_REGISTERED end |
#reload(*args) ⇒ Object
173 174 175 176 177 178 179 180 181 182 183 184 185 |
# File 'app/models/user.rb', line 173 def reload(*args) @name = nil @roles = nil @projects_by_role = nil @project_ids_by_role = nil @membership_by_project_id = nil @notified_projects_ids = nil @notified_projects_ids_changed = false @builtin_role = nil @visible_project_ids = nil @managed_roles = nil base_reload(*args) end |
#roles ⇒ Object
606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 |
# File 'app/models/user.rb', line 606 def roles @roles ||= Role.joins(members: :project). where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]). where(Member.arel_table[:user_id].eq(id)).distinct if @roles.blank? group_class = anonymous? ? GroupAnonymous : GroupNonMember @roles = Role.joins(members: :project). where(["#{Project.table_name}.status <> ? AND #{Project.table_name}.is_public = ?", Project::STATUS_ARCHIVED, true]). where(Member.arel_table[:user_id].eq(group_class.first.id)).distinct end @roles end |
#roles_for_project(project) ⇒ Object
Return user’s roles for project
628 629 630 631 632 633 634 635 636 637 638 639 |
# File 'app/models/user.rb', line 628 def roles_for_project(project) # No role on archived projects return [] if project.nil? || project.archived? if membership = membership(project) membership.roles.to_a elsif project.is_public? project.override_roles(builtin_role) else [] end end |
#salt_password(clear_password) ⇒ Object
Generates a random salt and computes hashed_password for clear_password
The hashed password is stored in the following form: SHA1(salt + SHA1(password))
327 328 329 330 331 |
# File 'app/models/user.rb', line 327 def salt_password(clear_password) self.salt = User.generate_salt self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}") self.passwd_changed_on = Time.now.change(:usec => 0) end |
#set_mail_notification ⇒ Object
160 161 162 163 |
# File 'app/models/user.rb', line 160 def set_mail_notification self.mail_notification = Setting.default_notification_option if self.mail_notification.blank? true end |
#time_to_date(time) ⇒ Object
Returns the day of time
according to user’s time zone
574 575 576 |
# File 'app/models/user.rb', line 574 def time_to_date(time) self.convert_time_to_user_timezone(time).to_date end |
#time_zone ⇒ Object
396 397 398 |
# File 'app/models/user.rb', line 396 def time_zone @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone]) end |
#to_s ⇒ Object
549 550 551 |
# File 'app/models/user.rb', line 549 def to_s name end |
#today ⇒ Object
Returns the current day according to user’s time zone
565 566 567 568 569 570 571 |
# File 'app/models/user.rb', line 565 def today if time_zone.nil? Date.today else time_zone.today end end |
#twofa_active? ⇒ Boolean
380 381 382 |
# File 'app/models/user.rb', line 380 def twofa_active? twofa_scheme.present? end |
#twofa_totp_key ⇒ Object
452 453 454 |
# File 'app/models/user.rb', line 452 def twofa_totp_key read_ciphered_attribute(:twofa_totp_key) end |
#twofa_totp_key=(key) ⇒ Object
456 457 458 |
# File 'app/models/user.rb', line 456 def twofa_totp_key=(key) write_ciphered_attribute(:twofa_totp_key, key) end |
#update_hashed_password ⇒ Object
165 166 167 168 169 170 |
# File 'app/models/user.rb', line 165 def update_hashed_password # update hashed_password if password was set if self.password && self.auth_source_id.blank? salt_password(password) end end |
#update_last_login_on! ⇒ Object
310 311 312 313 314 |
# File 'app/models/user.rb', line 310 def update_last_login_on! return if last_login_on.present? && last_login_on >= 1.minute.ago update_column(:last_login_on, Time.now) end |
#valid_notification_options ⇒ Object
501 502 503 |
# File 'app/models/user.rb', line 501 def self.class.(self) end |
#visible_project_ids ⇒ Object
Returns the ids of visible projects
694 695 696 |
# File 'app/models/user.rb', line 694 def visible_project_ids @visible_project_ids ||= Project.visible(self).pluck(:id) end |
#wants_comments_in_reverse_order? ⇒ Boolean
412 413 414 |
# File 'app/models/user.rb', line 412 def wants_comments_in_reverse_order? self.pref[:comments_sorting] == 'desc' end |