Class: User

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Authorization, Foreman::ThreadSession::UserModel, Taxonomix
Defined in:
app/models/user.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Taxonomix

included

Methods included from Foreman::ThreadSession::UserModel

included

Methods included from Authorization

#enforce_create_permissions, #enforce_destroy_permissions, #enforce_edit_permissions, #enforce_permissions, included, #permission_failed?

Instance Attribute Details

#editing_selfObject

Returns the value of attribute editing_self


12
13
14
# File 'app/models/user.rb', line 12

def editing_self
  @editing_self
end

#passwordObject

Returns the value of attribute password


12
13
14
# File 'app/models/user.rb', line 12

def password
  @password
end

#password_confirmationObject

Returns the value of attribute password_confirmation


12
13
14
# File 'app/models/user.rb', line 12

def password_confirmation
  @password_confirmation
end

Class Method Details

.adminObject


102
103
104
# File 'app/models/user.rb', line 102

def self.admin
  unscoped. 'admin' or create_admin
end

.create_adminObject


89
90
91
92
93
94
95
96
97
98
99
100
# File 'app/models/user.rb', line 89

def self.create_admin
  email = Setting[:administrator]
  user = User.new(:login => "admin", :firstname => "Admin", :lastname => "User",
                     :mail => email, :auth_source => AuthSourceInternal.first, :password => "changeme")
  user.update_attribute :admin, true
  old_current = User.current
  User.current = user
  user.save!
  user
ensure
  User.current = old_current
end

.try_to_login(login, password) ⇒ Object

Tries to find the user in the DB and then authenticate against their authentication source If the user is not in the DB then try to login the user on each available authentication source If this succeeds then copy the user's details from the authentication source into the User table Returns : User object OR nil


110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# File 'app/models/user.rb', line 110

def self.(, password)
  # Make sure no one can sign in with an empty password
  return nil if password.to_s.empty?

  # user is already in local database
  if (user = unscoped.())
    # user has an authentication method and the authentication was successful
    if user.auth_source and user.auth_source.authenticate(, password)
      logger.debug "Authenticated user #{user} against #{user.auth_source} authentication source"
    else
      logger.debug "Failed to authenticate #{user} against #{user.auth_source} authentication source"
      user = nil
    end
  else
    user = try_to_auto_create_user(, password)
  end
  if user
    as "admin" do
      user.update_attribute(:last_login_on, Time.now.utc)
      anonymous = Role.find_by_name("Anonymous")
      user.roles << anonymous unless user.roles.include?(anonymous)
      User.current = user
    end
  else
    logger.info "invalid user"
    User.current = nil
  end
  user
end

Instance Method Details

#<=>(other) ⇒ Object


80
81
82
# File 'app/models/user.rb', line 80

def <=>(other)
  self.name.downcase <=> other.name.downcase
end

#allowed_to?(action, options = {}) ⇒ Boolean

Return true if the user is allowed to do the specified action action can be:

  • a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')

  • a permission Symbol (eg. :edit_project)


172
173
174
175
176
# File 'app/models/user.rb', line 172

def allowed_to?(action, options={})
  return true if admin?
  return true if editing_self
  roles.detect {|role| role.allowed_to?(action)}.present?
end

#can_assign?(roles) ⇒ Boolean

user must be assigned all given roles in order to delegate them


195
196
197
# File 'app/models/user.rb', line 195

def can_assign?(roles)
  can_change_admin_flag? || roles.all? { |r| self.role_ids_was.include?(r) }
end

#can_change_admin_flag?Boolean

only admin can change admin flag


200
201
202
# File 'app/models/user.rb', line 200

def can_change_admin_flag?
  self.admin?
end

#filtering?Boolean

Indicates whether the user has host filtering enabled Returns : Boolean


184
185
186
187
188
189
190
191
192
# File 'app/models/user.rb', line 184

def filtering?
  filter_on_owner        or
  compute_resources.any? or
  domains.any?           or
  hostgroups.any?        or
  facts.any?             or
  locations.any?         or
  organizations.any?
end

#hostsObject


156
157
158
# File 'app/models/user.rb', line 156

def hosts
  direct_hosts + indirect_hosts
end

#indirect_hostsObject


152
153
154
# File 'app/models/user.rb', line 152

def indirect_hosts
  my_usergroups.map{|g| g.hosts}.flatten.uniq
end

#logged?Boolean


178
179
180
# File 'app/models/user.rb', line 178

def logged?
  true
end

#manage_password?Boolean


164
165
166
# File 'app/models/user.rb', line 164

def manage_password?
  auth_source and auth_source.can_set_password?
end

#matching_password?(pass) ⇒ Boolean


140
141
142
# File 'app/models/user.rb', line 140

def matching_password?(pass)
  self.password_hash == encrypt_password(pass)
end

#my_usergroupsObject


144
145
146
147
148
149
150
# File 'app/models/user.rb', line 144

def my_usergroups
  all_groups = []
  for usergroup in usergroups
    all_groups += usergroup.all_usergroups
  end
  all_groups.uniq
end

#recipientsObject


160
161
162
# File 'app/models/user.rb', line 160

def recipients
  [mail]
end

#role_ids_changed?Boolean


211
212
213
# File 'app/models/user.rb', line 211

def role_ids_changed?
  @role_ids_changed
end

#role_ids_wasObject


215
216
217
# File 'app/models/user.rb', line 215

def role_ids_was
  @role_ids_was ||= role_ids
end

#role_ids_with_change_detection=(roles) ⇒ Object


204
205
206
207
208
# File 'app/models/user.rb', line 204

def role_ids_with_change_detection=(roles)
  @role_ids_changed = roles.uniq.select(&:present?).map(&:to_i).sort != role_ids.sort
  @role_ids_was = role_ids.clone
  self.role_ids_without_change_detection = roles
end

#select_titleObject

The text item to see in a select dropdown menu


85
86
87
# File 'app/models/user.rb', line 85

def select_title
  to_label + " (#{login})"
end

#to_labelObject Also known as: name


71
72
73
# File 'app/models/user.rb', line 71

def to_label
  (firstname.present? || lastname.present?) ? "#{firstname} #{lastname}" : 
end

#to_paramObject


76
77
78
# File 'app/models/user.rb', line 76

def to_param
  "#{id}-#{login.parameterize}"
end