Class: User

Inherits:
Principal show all
Includes:
Redmine::Ciphering, Redmine::SafeAttributes
Defined in:
app/models/user.rb

Direct Known Subclasses

AnonymousUser

Defined Under Namespace

Classes: CurrentUser

Constant Summary collapse

USER_FORMATS =

Different ways of displaying/sorting users rubocop:disable Lint/InterpolationCheck

{
  :firstname_lastname => {
    :string => '#{firstname} #{lastname}',
    :initials => '#{firstname.to_s.first}#{lastname.to_s.first}',
    :order => %w(firstname lastname id),
    :setting_order => 1
  },
  :firstname_lastinitial => {
    :string => '#{firstname} #{lastname.to_s.chars.first}.',
    :initials => '#{firstname.to_s.first}#{lastname.to_s.first}',
    :order => %w(firstname lastname id),
    :setting_order => 2
  },
  :firstinitial_lastname => {
    :string => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\')} #{lastname}',
    :initials => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\').first}#{lastname.to_s.first}',
    :order => %w(firstname lastname id),
    :setting_order => 2
  },
  :firstname => {
    :string => '#{firstname}',
    :initials => '#{firstname.to_s.first(2)}',
    :order => %w(firstname id),
    :setting_order => 3
  },
  :lastname_firstname => {
    :string => '#{lastname} #{firstname}',
    :initials => '#{lastname.to_s.first}#{firstname.to_s.first}',
    :order => %w(lastname firstname id),
    :setting_order => 4
  },
  :lastnamefirstname => {
    :string => '#{lastname}#{firstname}',
    :initials => '#{lastname.to_s.first}#{firstname.to_s.first}',
    :order => %w(lastname firstname id),
    :setting_order => 5
  },
  :lastname_comma_firstname => {
    :string => '#{lastname}, #{firstname}',
    :initials => '#{lastname.to_s.first}#{firstname.to_s.first}',
    :order => %w(lastname firstname id),
    :setting_order => 6
  },
  :lastname => {
    :string => '#{lastname}',
    :initials => '#{lastname.to_s.first(2)}',
    :order => %w(lastname id),
    :setting_order => 7
  },
  :username => {
    :string => '#{login}',
    :initials => '#{login.to_s.first(2)}',
    :order => %w(login id),
    :setting_order => 8
  },
}
MAIL_NOTIFICATION_OPTIONS =

rubocop:enable Lint/InterpolationCheck

[
  ['all', :label_user_mail_option_all],
  ['selected', :label_user_mail_option_selected],
  ['only_my_events', :label_user_mail_option_only_my_events],
  ['only_assigned', :label_user_mail_option_only_assigned],
  ['only_owner', :label_user_mail_option_only_owner],
  ['none', :label_user_mail_option_none]
]
LOGIN_LENGTH_LIMIT = 
60
MAIL_LENGTH_LIMIT = 
254
LABEL_BY_STATUS = 
{
  STATUS_ANONYMOUS  => 'anon',
  STATUS_ACTIVE     => 'active',
  STATUS_REGISTERED => 'registered',
  STATUS_LOCKED     => 'locked'
}

Constants inherited from Principal

Principal::STATUS_ACTIVE, Principal::STATUS_ANONYMOUS, Principal::STATUS_LOCKED, Principal::STATUS_REGISTERED

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Methods included from Redmine::Ciphering

cipher_key, decrypt_text, encrypt_text, included, logger

Methods inherited from Principal

#<=>, #active?, detect_by_keyword, #member_of?, #nullify_projects_default_assigned_to, #project_ids, #visible?

Methods inherited from ApplicationRecord

human_attribute_name

Instance Attribute Details

#generate_passwordObject

Returns the value of attribute generate_password.



112
113
114
 
# File 'app/models/user.rb', line 112

def generate_password
  @generate_password
end

#last_before_login_onObject

Returns the value of attribute last_before_login_on.



113
114
115
 
# File 'app/models/user.rb', line 113

def 
  
end

#oauth_scope=(value) ⇒ Object (writeonly)

Sets the attribute oauth_scope

Parameters:

  • value

    the value to set the attribute oauth_scope to.



115
116
117
 
# File 'app/models/user.rb', line 115

def oauth_scope=(value)
  @oauth_scope = value
end

#passwordObject

Returns the value of attribute password.



112
113
114
 
# File 'app/models/user.rb', line 112

def password
  @password
end

#password_confirmationObject

Returns the value of attribute password_confirmation.



112
113
114
 
# File 'app/models/user.rb', line 112

def password_confirmation
  @password_confirmation
end

#remote_ipObject

Returns the value of attribute remote_ip.



114
115
116
 
# File 'app/models/user.rb', line 114

def remote_ip
  @remote_ip
end

Class Method Details

.anonymousObject

Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only one anonymous user per database.



889
890
891
892
893
894
895
896
 
# File 'app/models/user.rb', line 889

def self.anonymous
  anonymous_user = AnonymousUser.unscoped.find_by(:lastname => 'Anonymous')
  if anonymous_user.nil?
    anonymous_user = AnonymousUser.unscoped.create(:lastname => 'Anonymous', :firstname => '', :login => '', :status => 0)
    raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
  end
  anonymous_user
end

.currentObject 



883
884
885
 
# File 'app/models/user.rb', line 883

def self.current
  CurrentUser.user ||= User.anonymous
end

.current=(user) ⇒ Object 



879
880
881
 
# File 'app/models/user.rb', line 879

def self.current=(user)
  CurrentUser.user = user
end

.default_admin_account_changed?Boolean

Returns true if the default admin account can no longer be used

Returns:

  • (Boolean) 


563
564
565
 
# File 'app/models/user.rb', line 563

def self.
  !User.active.("admin").try(:check_password?, "admin")
end

.fields_for_order_statement(table = nil) ⇒ Object

Returns an array of fields names than can be used to make an order statement for users according to how user names are displayed Examples:

User.fields_for_order_statement              => ['users.login', 'users.id']
User.fields_for_order_statement('authors')   => ['authors.login', 'authors.id']



273
274
275
276
 
# File 'app/models/user.rb', line 273

def self.fields_for_order_statement(table=nil)
  table ||= table_name
  name_formatter[:order].map {|field| "#{table}.#{field}"}
end

.find_by_api_key(key) ⇒ Object 



553
554
555
 
# File 'app/models/user.rb', line 553

def self.find_by_api_key(key)
  Token.find_active_user('api', key)
end

.find_by_atom_key(key) ⇒ Object 



549
550
551
 
# File 'app/models/user.rb', line 549

def self.find_by_atom_key(key)
  Token.find_active_user('feeds', key)
end

.find_by_login(login) ⇒ Object

Find a user account by matching the exact login and then a case-insensitive version. Exact matches will be given priority.



536
537
538
539
540
541
542
543
544
545
546
547
 
# File 'app/models/user.rb', line 536

def self.()
   = Redmine::CodesetUtil.replace_invalid_utf8(.to_s)
  if .present?
    # First look for an exact match
    user = where(:login => ).detect {|u| u. == }
    unless user
      # Fail over to case-insensitive if none was found
      user = find_by("LOWER(login) = ?", .downcase)
    end
    user
  end
end

.find_by_mail(mail) ⇒ Object

Makes find_by_mail case-insensitive



558
559
560
 
# File 'app/models/user.rb', line 558

def self.find_by_mail(mail)
  having_mail(mail).first
end

.generate_saltObject

Returns a 128bits random salt as a hex string (32 chars long)



1011
1012
1013
 
# File 'app/models/user.rb', line 1011

def generate_salt
  Redmine::Utils.random_hex(16)
end

.hash_password(clear_password) ⇒ Object

Return password digest



1006
1007
1008
 
# File 'app/models/user.rb', line 1006

def hash_password(clear_password)
  Digest::SHA1.hexdigest(clear_password || "")
end

.name_formatter(formatter = nil) ⇒ Object 



263
264
265
 
# File 'app/models/user.rb', line 263

def self.name_formatter(formatter = nil)
  USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
end

.prune(age = 30.days) ⇒ Object 



920
921
922
 
# File 'app/models/user.rb', line 920

def self.prune(age=30.days)
  User.where("created_on < ? AND status = ?", Time.now - age, STATUS_REGISTERED).destroy_all
end

.salt_unsalted_passwords!Object

Salts all existing unsalted passwords It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) This method is used in the SaltPasswords migration and is to be kept as is



901
902
903
904
905
906
907
908
909
910
911
 
# File 'app/models/user.rb', line 901

def self.salt_unsalted_passwords!
  transaction do
    User.where("salt IS NULL OR salt = ''").find_each do |user|
      next if user.hashed_password.blank?

      salt = User.generate_salt
      hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
      User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password)
    end
  end
end

.try_to_autologin(key) ⇒ Object

Returns the user who matches the given autologin key or nil



255
256
257
258
259
260
261
 
# File 'app/models/user.rb', line 255

def self.try_to_autologin(key)
  user = Token.find_active_user('autologin', key, Setting.autologin.to_i)
  if user
    user.
    user
  end
end

.try_to_login(login, password, active_only = true) ⇒ Object

Returns the user that matches provided login and password, or nil AuthSource errors are caught, logged and nil is returned.



216
217
218
219
220
221
 
# File 'app/models/user.rb', line 216

def self.(, password, active_only=true)
  try_to_login!(, password, active_only)
rescue AuthSourceException => e
  logger.error "An error occured when authenticating #{login}: #{e.message}"
  nil
end

.try_to_login!(login, password, active_only = true) ⇒ Object

Returns the user that matches provided login and password, or nil AuthSource errors are passed through.



225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
 
# File 'app/models/user.rb', line 225

def self.try_to_login!(, password, active_only=true)
   = .to_s.strip
  password = password.to_s

  # Make sure no one can sign in with an empty login or password
  return nil if .empty? || password.empty?

  user = ()
  if user
    # user is already in local database
    return nil unless user.check_password?(password)
    return nil if !user.active? && active_only
  else
    # user is not yet registered, try to authenticate with available sources
    attrs = AuthSource.authenticate(, password)
    if attrs
      user = new(attrs)
      user. = 
      user.language = Setting.default_language
      if user.save
        user.reload
        logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
      end
    end
  end
  user. if user && !user.new_record? && user.active?
  user
end

.valid_notification_options(user = nil) ⇒ Object

Only users that belong to more than 1 project can select projects for which they are notified



524
525
526
527
528
529
530
531
532
 
# File 'app/models/user.rb', line 524

def self.valid_notification_options(user=nil)
  # Note that @user.membership.size would fail since AR ignores
  # :include association option when doing a count
  if user.nil? || user.memberships.length < 1
    MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
  else
    MAIL_NOTIFICATION_OPTIONS
  end
end

.verify_session_token(user_id, token) ⇒ Object

Returns true if token is a valid session token for the user whose id is user_id



479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
 
# File 'app/models/user.rb', line 479

def self.verify_session_token(user_id, token)
  return false if user_id.blank? || token.blank?

  scope = Token.where(:user_id => user_id, :value => token.to_s, :action => 'session')
  if Setting.session_lifetime?
    scope = scope.where("created_on > ?", Setting.session_lifetime.to_i.minutes.ago)
  end
  if Setting.session_timeout?
    scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago)
  end
  last_updated = scope.maximum(:updated_on)
  if last_updated.nil?
    false
  elsif last_updated <= 1.minute.ago
    scope.update_all(:updated_on => Time.now) == 1
  else
    true
  end
end

Instance Method Details

#activateObject 



304
305
306
 
# File 'app/models/user.rb', line 304

def activate
  self.status = STATUS_ACTIVE
end

#activate!Object 



316
317
318
 
# File 'app/models/user.rb', line 316

def activate!
  update_attribute(:status, STATUS_ACTIVE)
end

#admin?Boolean

Returns:

  • (Boolean) 


736
737
738
739
740
741
742
743
 
# File 'app/models/user.rb', line 736

def admin?
  if authorized_by_oauth?
    # when signed in via oauth, the user only acts as admin when the admin scope is set
    super and @oauth_scope.include?(:admin)
  else
    super
  end
end

#allowed_to?(action, context, options = {}, &block) ⇒ Boolean

Return true if the user is allowed to do the specified action on a specific context Action can be:

  • a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’)

  • a permission Symbol (eg. :edit_project)

Context can be:

  • a project : returns true if user is allowed to do the specified action on this project

  • an array of projects : returns true if user is allowed on every project

  • nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged

Returns:

  • (Boolean) 


759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
 
# File 'app/models/user.rb', line 759

def allowed_to?(action, context, options={}, &block)
  if context && context.is_a?(Project)
    return false unless context.allows_to?(action)
    # Admin users are authorized for anything else
    return true if admin?

    roles = roles_for_project(context)
    return false unless roles

    roles.any? do |role|
      (context.is_public? || role.member?) &&
      role.allowed_to?(action, @oauth_scope) &&
      (block ? yield(role, self) : true)
    end
  elsif context && context.is_a?(Array)
    if context.empty?
      false
    else
      # Authorize if user is authorized on every element of the array
      context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&)
    end
  elsif context
    raise ArgumentError.new("#allowed_to? context argument must be a Project, an Array of projects or nil")
  elsif options[:global]
    # Admin users are always authorized
    return true if admin?

    # authorize if user has at least one role that has this permission
    roles = self.roles.to_a | [builtin_role]
    roles.any? do |role|
      role.allowed_to?(action, @oauth_scope) &&
      (block ? yield(role, self) : true)
    end
  else
    false
  end
end

#allowed_to_globally?(action, options = {}) ⇒ Boolean

Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.

NB: this method is not used anywhere in the core codebase as of 2.5.2, but it’s used by many plugins so if we ever want to remove it it has to be carefully deprecated for a version or two.

Returns:

  • (Boolean) 


803
804
805
 
# File 'app/models/user.rb', line 803

def allowed_to_globally?(action, options={}, &)
  allowed_to?(action, nil, options.reverse_merge(:global => true), &)
end

#allowed_to_view_all_time_entries?(context) ⇒ Boolean

Returns:

  • (Boolean) 


807
808
809
810
811
 
# File 'app/models/user.rb', line 807

def allowed_to_view_all_time_entries?(context)
  allowed_to?(:view_time_entries, context) do |role, user|
    role.time_entries_visibility == 'all'
  end
end

#anonymous?Boolean

Returns:

  • (Boolean) 


608
609
610
 
# File 'app/models/user.rb', line 608

def anonymous?
  !logged?
end

#api_keyObject

Return user’s API key (a 40 chars long string), used to access the API



443
444
445
446
447
448
 
# File 'app/models/user.rb', line 443

def api_key
  if api_token.nil?
    create_api_token(:action => 'api')
  end
  api_token.value
end

#atom_keyObject

Return user’s ATOM key (a 40 chars long string), used to access feeds



435
436
437
438
439
440
 
# File 'app/models/user.rb', line 435

def atom_key
  if atom_token.nil?
    create_atom_token(:action => 'feeds')
  end
  atom_token.value
end

#authorized_by_oauth?Boolean

true if the user has signed in via oauth

Returns:

  • (Boolean) 


746
747
748
 
# File 'app/models/user.rb', line 746

def authorized_by_oauth?
  !@oauth_scope.nil?
end

#base_reloadObject 



182
 
# File 'app/models/user.rb', line 182

alias :base_reload :reload

#bookmarked_project_idsObject 



913
914
915
916
917
918
 
# File 'app/models/user.rb', line 913

def bookmarked_project_ids
  project_ids = []
  bookmarked_project_ids = self.pref[:bookmarked_project_ids]
  project_ids = bookmarked_project_ids.split(',') unless bookmarked_project_ids.nil?
  project_ids.map(&:to_i)
end

#builtin_roleObject

Returns the user’s bult-in role



641
642
643
 
# File 'app/models/user.rb', line 641

def builtin_role
  @builtin_role ||= Role.non_member
end

#change_password_allowed?Boolean

Does the backend storage allow this user to change their password?

Returns:

  • (Boolean) 


352
353
354
 
# File 'app/models/user.rb', line 352

def change_password_allowed?
  auth_source.nil? ? true : auth_source.allow_password_changes?
end

#check_password?(clear_password) ⇒ Boolean

Returns true if clear_password is the correct user’s password, otherwise false

Returns:

  • (Boolean) 


335
336
337
338
339
340
341
 
# File 'app/models/user.rb', line 335

def check_password?(clear_password)
  if auth_source_id.present?
    auth_source.authenticate(self., clear_password)
  else
    User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
  end
end

#convert_time_to_user_timezone(time) ⇒ Object 



596
597
598
599
600
601
602
 
# File 'app/models/user.rb', line 596

def convert_time_to_user_timezone(time)
  if self.time_zone
    time.in_time_zone(self.time_zone)
  else
    time.utc? ? time.localtime : time
  end
end

#css_classesObject 



578
579
580
 
# File 'app/models/user.rb', line 578

def css_classes
  "user #{LABEL_BY_STATUS[status]}"
end

#delete_autologin_token(value) ⇒ Object 



466
467
468
 
# File 'app/models/user.rb', line 466

def delete_autologin_token(value)
  Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all
end

#delete_session_token(value) ⇒ Object 



456
457
458
 
# File 'app/models/user.rb', line 456

def delete_session_token(value)
  Token.where(:user_id => id, :action => 'session', :value => value).delete_all
end

#force_default_language?Boolean

Returns:

  • (Boolean) 


418
419
420
 
# File 'app/models/user.rb', line 418

def force_default_language?
  Setting.force_default_language_for_loggedin?
end

#generate_autologin_tokenObject

Generates a new autologin token and returns its value



461
462
463
464
 
# File 'app/models/user.rb', line 461

def generate_autologin_token
  token = Token.create!(:user_id => id, :action => 'autologin')
  token.value
end

#generate_password?Boolean

Returns:

  • (Boolean) 


371
372
373
 
# File 'app/models/user.rb', line 371

def generate_password?
  ActiveRecord::Type::Boolean.new.deserialize(generate_password)
end

#generate_session_tokenObject

Generates a new session token and returns its value



451
452
453
454
 
# File 'app/models/user.rb', line 451

def generate_session_token
  token = Token.create!(:user_id => id, :action => 'session')
  token.value
end

#initials(formatter = nil) ⇒ Object

Return user’s initials based on name format



289
290
291
292
293
294
 
# File 'app/models/user.rb', line 289

def initials(formatter = nil)
  f = self.class.name_formatter(formatter)
  format = f[:initials] || USER_FORMATS[:firstname_lastname][:initials]
  initials = eval('"' + format + '"')
  initials.upcase
end

#is_or_belongs_to?(arg) ⇒ Boolean

Returns true if user is arg or belongs to arg

Returns:

  • (Boolean) 


726
727
728
729
730
731
732
733
734
 
# File 'app/models/user.rb', line 726

def is_or_belongs_to?(arg)
  if arg.is_a?(User)
    self == arg
  elsif arg.is_a?(Group)
    arg.users.include?(self)
  else
    false
  end
end

#languageObject 



422
423
424
425
426
427
428
 
# File 'app/models/user.rb', line 422

def language
  if force_default_language?
    Setting.default_language
  else
    super
  end
end

#lockObject 



312
313
314
 
# File 'app/models/user.rb', line 312

def lock
  self.status = STATUS_LOCKED
end

#lock!Object 



324
325
326
 
# File 'app/models/user.rb', line 324

def lock!
  update_attribute(:status, STATUS_LOCKED)
end

#locked?Boolean

Returns:

  • (Boolean) 


300
301
302
 
# File 'app/models/user.rb', line 300

def locked?
  self.status == STATUS_LOCKED
end

#logged?Boolean

Returns:

  • (Boolean) 


604
605
606
 
# File 'app/models/user.rb', line 604

def logged?
  true
end

#mailObject 



197
198
199
 
# File 'app/models/user.rb', line 197

def mail
  email_address.try(:address)
end

#mail=(arg) ⇒ Object 



201
202
203
204
 
# File 'app/models/user.rb', line 201

def mail=(arg)
  email = email_address || build_email_address
  email.address = arg
end

#mail_changed?Boolean

Returns:

  • (Boolean) 


206
207
208
 
# File 'app/models/user.rb', line 206

def mail_changed?
  email_address.try(:address_changed?)
end

#mailsObject 



210
211
212
 
# File 'app/models/user.rb', line 210

def mails
  email_addresses.pluck(:address)
end

#managed_roles(project) ⇒ Object

Returns the roles that the user is allowed to manage for the given project



717
718
719
720
721
722
723
 
# File 'app/models/user.rb', line 717

def managed_roles(project)
  if admin?
    @managed_roles ||= Role.givable.to_a
  else
    membership(project).try(:managed_roles) || []
  end
end

#membership(project) ⇒ Object

Returns user’s membership for the given project or nil if the user is not a member of project



614
615
616
617
618
619
620
621
622
 
# File 'app/models/user.rb', line 614

def membership(project)
  project_id = project.is_a?(Project) ? project.id : project

  @membership_by_project_id ||=
    Hash.new do |h, project_id|
      h[project_id] = memberships.where(:project_id => project_id).first
    end
  @membership_by_project_id[project_id]
end

#must_activate_twofa?Boolean

Returns:

  • (Boolean) 


402
403
404
405
406
407
408
 
# File 'app/models/user.rb', line 402

def must_activate_twofa?
  return false if twofa_active?

  return true if Setting.twofa_required?
  return true if Setting.twofa_required_for_administrators? && admin?
  return true if Setting.twofa_optional? && groups.any?(&:twofa_required?)
end

#must_change_password?Boolean

Returns:

  • (Boolean) 


367
368
369
 
# File 'app/models/user.rb', line 367

def must_change_password?
  (must_change_passwd? || password_expired?) && change_password_allowed?
end

#name(formatter = nil) ⇒ Object

Return user’s full name for display



279
280
281
282
283
284
285
286
 
# File 'app/models/user.rb', line 279

def name(formatter = nil)
  f = self.class.name_formatter(formatter)
  if formatter
    eval('"' + f[:string] + '"')
  else
    @name ||= eval('"' + f[:string] + '"')
  end
end

#notified_project_ids=(ids) ⇒ Object 



504
505
506
507
 
# File 'app/models/user.rb', line 504

def notified_project_ids=(ids)
  @notified_projects_ids_changed = true
  @notified_projects_ids = ids.map(&:to_i).uniq.select {|n| n > 0}
end

#notified_projects_idsObject

Return an array of project ids for which the user has explicitly turned mail notifications on



500
501
502
 
# File 'app/models/user.rb', line 500

def notified_projects_ids
  @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
end

#notify_about?(object) ⇒ Boolean

Utility method to help check if a user should be notified about an event.

TODO: only supports Issue events currently

Returns:

  • (Boolean) 


847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
 
# File 'app/models/user.rb', line 847

def notify_about?(object)
  if mail_notification == 'all'
    true
  elsif mail_notification.blank? || mail_notification == 'none'
    false
  else
    case object
    when Issue
      case mail_notification
      when 'selected', 'only_my_events'
        # user receives notifications for created/assigned issues on unselected projects
        object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee)
      when 'only_assigned'
        is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee)
      when 'only_owner'
        object.author == self
      end
    when News
      # always send to project members except when mail_notification is set to 'none'
      true
    end
  end
end

#notify_about_high_priority_issues?Boolean

Returns:

  • (Boolean) 


871
872
873
 
# File 'app/models/user.rb', line 871

def notify_about_high_priority_issues?
  self.pref.notify_about_high_priority_issues
end

#own_account_deletable?Boolean

Returns true if the user is allowed to delete the user’s own account

Returns:

  • (Boolean) 


814
815
816
817
 
# File 'app/models/user.rb', line 814

def 
  Setting.unsubscribe? &&
    (!admin? || User.active.admin.where("id <> ?", id).exists?)
end

#password_expired?Boolean

Returns true if the user password has expired

Returns:

  • (Boolean) 


357
358
359
360
361
362
363
364
365
 
# File 'app/models/user.rb', line 357

def password_expired?
  period = Setting.password_max_age.to_i
  if period.zero?
    false
  else
    changed_on = self.passwd_changed_on || Time.at(0)
    changed_on < period.days.ago
  end
end

#prefObject 



410
411
412
 
# File 'app/models/user.rb', line 410

def pref
  self.preference ||= UserPreference.new(:user => self)
end

#project_ids_by_roleObject

Returns a hash of project ids grouped by roles. Includes the projects that the user is a member of and the projects that grant custom permissions to the builtin groups.



674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
 
# File 'app/models/user.rb', line 674

def project_ids_by_role
  # Clear project condition for when called from chained scopes
  # eg. project.children.visible(user)
  Project.unscoped do
    return @project_ids_by_role if @project_ids_by_role

    group_class = anonymous? ? GroupAnonymous.unscoped : GroupNonMember.unscoped
    group_id = group_class.pick(:id)

    members = Member.joins(:project, :member_roles).
      where("#{Project.table_name}.status <> 9").
      where("#{Member.table_name}.user_id = ? OR (#{Project.table_name}.is_public = ? AND #{Member.table_name}.user_id = ?)", self.id, true, group_id).
      pluck(:user_id, :role_id, :project_id)

    hash = {}
    members.each do |user_id, role_id, project_id|
      # Ignore the roles of the builtin group if the user is a member of the project
      next if user_id != id && project_ids.include?(project_id)

      hash[role_id] ||= []
      hash[role_id] << project_id
    end

    result = Hash.new {|_h, _k| []}
    if hash.present?
      roles = Role.where(:id => hash.keys).to_a
      hash.each do |role_id, proj_ids|
        role = roles.detect {|r| r.id == role_id}
        if role
          result[role] = proj_ids.uniq
        end
      end
    end
    @project_ids_by_role = result
  end
end

#projects_by_roleObject

Returns a hash of user’s projects grouped by roles TODO: No longer used, should be deprecated



661
662
663
664
665
666
667
668
669
 
# File 'app/models/user.rb', line 661

def projects_by_role
  return @projects_by_role if @projects_by_role

  result = Hash.new {|_h, _k| []}
  project_ids_by_role.each do |role, ids|
    result[role] = Project.where(:id => ids).to_a
  end
  @projects_by_role = result
end

#random_password(length = 40) ⇒ Object

Generate and set a random password on given length



376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
 
# File 'app/models/user.rb', line 376

def random_password(length=40)
  chars_list = [('A'..'Z').to_a, ('a'..'z').to_a, ('0'..'9').to_a]
  # auto-generated passwords contain special characters only when admins
  # require users to use passwords which contains special characters
  if Setting.password_required_char_classes.include?('special_chars')
    chars_list << ("\x20".."\x7e").to_a.select {|c| c =~ Setting::PASSWORD_CHAR_CLASSES['special_chars']}
  end
  chars_list.each {|v| v.reject! {|c| %(0O1l|'"`*).include?(c)}}

  password = +''
  chars_list.each do |chars|
    password << chars[SecureRandom.random_number(chars.size)]
    length -= 1
  end
  chars = chars_list.flatten
  length.times {password << chars[SecureRandom.random_number(chars.size)]}
  password = password.chars.shuffle(random: SecureRandom).join
  self.password = password
  self.password_confirmation = password
  self
end

#registerObject 



308
309
310
 
# File 'app/models/user.rb', line 308

def register
  self.status = STATUS_REGISTERED
end

#register!Object 



320
321
322
 
# File 'app/models/user.rb', line 320

def register!
  update_attribute(:status, STATUS_REGISTERED)
end

#registered?Boolean

Returns:

  • (Boolean) 


296
297
298
 
# File 'app/models/user.rb', line 296

def registered?
  self.status == STATUS_REGISTERED
end

#reloadObject 



183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'app/models/user.rb', line 183

def reload(*)
  @name = nil
  @roles = nil
  @projects_by_role = nil
  @project_ids_by_role = nil
  @membership_by_project_id = nil
  @notified_projects_ids = nil
  @notified_projects_ids_changed = false
  @builtin_role = nil
  @visible_project_ids = nil
  @managed_roles = nil
  base_reload(*)
end

#rolesObject 



624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
 
# File 'app/models/user.rb', line 624

def roles
  @roles ||=
    Role.joins(members: :project).
      where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]).
        where(Member.arel_table[:user_id].eq(id)).distinct

  if @roles.blank?
    group_class = anonymous? ? GroupAnonymous : GroupNonMember
    @roles = Role.joins(members: :project).
      where(["#{Project.table_name}.status <> ? AND #{Project.table_name}.is_public = ?", Project::STATUS_ARCHIVED, true]).
      where(Member.arel_table[:user_id].eq(group_class.first.id)).distinct
  end

  @roles
end

#roles_for_project(project) ⇒ Object

Return user’s roles for project



646
647
648
649
650
651
652
653
654
655
656
657
 
# File 'app/models/user.rb', line 646

def roles_for_project(project)
  # No role on archived projects
  return [] if project.nil? || project.archived?

  if membership = membership(project)
    membership.roles.to_a
  elsif project.is_public?
    project.override_roles(builtin_role)
  else
    []
  end
end

#salt_password(clear_password) ⇒ Object

Generates a random salt and computes hashed_password for clear_password The hashed password is stored in the following form: SHA1(salt + SHA1(password))



345
346
347
348
349
 
# File 'app/models/user.rb', line 345

def salt_password(clear_password)
  self.salt = User.generate_salt
  self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
  self.passwd_changed_on = Time.now.change(:usec => 0)
end

#set_mail_notificationObject 



170
171
172
173
 
# File 'app/models/user.rb', line 170

def set_mail_notification
  self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
  true
end

#time_to_date(time) ⇒ Object

Returns the day of time according to user’s time zone



592
593
594
 
# File 'app/models/user.rb', line 592

def time_to_date(time)
  self.convert_time_to_user_timezone(time).to_date
end

#time_zoneObject 



414
415
416
 
# File 'app/models/user.rb', line 414

def time_zone
  @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
end

#to_sObject 



567
568
569
 
# File 'app/models/user.rb', line 567

def to_s
  name
end

#todayObject

Returns the current day according to user’s time zone



583
584
585
586
587
588
589
 
# File 'app/models/user.rb', line 583

def today
  if time_zone.nil?
    Date.today
  else
    time_zone.today
  end
end

#twofa_active?Boolean

Returns:

  • (Boolean) 


398
399
400
 
# File 'app/models/user.rb', line 398

def twofa_active?
  twofa_scheme.present?
end

#twofa_totp_keyObject 



470
471
472
 
# File 'app/models/user.rb', line 470

def twofa_totp_key
  read_ciphered_attribute(:twofa_totp_key)
end

#twofa_totp_key=(key) ⇒ Object 



474
475
476
 
# File 'app/models/user.rb', line 474

def twofa_totp_key=(key)
  write_ciphered_attribute(:twofa_totp_key, key)
end

#update_hashed_passwordObject 



175
176
177
178
179
180
 
# File 'app/models/user.rb', line 175

def update_hashed_password
  # update hashed_password if password was set
  if self.password && self.auth_source_id.blank?
    salt_password(password)
  end
end

#update_last_login_on!Object 



328
329
330
331
332
 
# File 'app/models/user.rb', line 328

def 
  return if .present? &&  >= 1.minute.ago

  update_column(:last_login_on, Time.now)
end

#valid_notification_optionsObject 



519
520
521
 
# File 'app/models/user.rb', line 519

def valid_notification_options
  self.class.valid_notification_options(self)
end

#visible_project_idsObject

Returns the ids of visible projects



712
713
714
 
# File 'app/models/user.rb', line 712

def visible_project_ids
  @visible_project_ids ||= Project.visible(self).pluck(:id)
end

#wants_comments_in_reverse_order?Boolean

Returns:

  • (Boolean) 


430
431
432
 
# File 'app/models/user.rb', line 430

def wants_comments_in_reverse_order?
  self.pref[:comments_sorting] == 'desc'
end