class Eco::API::Policies::DefaultPolicies::UserAccess < Eco::API::Common::Loaders::Policy name "default-user-access" attr_reader :session, :options, :job attr_accessor :account_removed_count def main(people, session, options, policy, job) @session = session; @options = options; @job = job self.account_removed_count = 0 people.each do |person| remove_account_when_no_email!(person) if person.email.to_s.empty? person.account.policy_group_ids = defid if no_policy_group_ids?(person) refresh_abilities!(person) end warn_account_removal! end private def warn_account_removal! if account_removed_count > 0 msg = "(DefaultPolicy on job '#{job.name}') Removed account to #{account_removed_count} people" session.logger.warn(msg) end end def remove_account_when_no_email!(person) if person.account self.account_removed_count += 1 if had_account?(person) person.account = nil end end def had_account?(person) return false if person.new? return false if person.account_added? return !!person.original_doc["account"] end def refresh_abilities!(person) return nil if options.dig(:exclude, :abilities) return nil unless account = person.account account.permissions_custom = session.new_preset(person) account.permissions_custom = min_abilities if no_abilities?(person) end def no_policy_group_ids?(person) (account = person.account) && account.policy_group_ids.empty? end def no_abilities?(person) return true unless account = person.account account.permissions_custom && account.permissions_custom.values.all?(&:nil?) end def min_abilities { "files" => "upload", "data" => nil, "reports" => nil, "pages" => "create", "page_editor" => "basic", "registers" => "view", "organization" => nil, "person_core" => "attach", "person_core_edit" => nil, "person_core_create" => nil, "person_details" => "view", "person_account" => nil } end def defid @defid ||= policy_groups.to_id([default_group]).compact end def default_group session.config.people.default_usergroup end def policy_groups session.policy_groups end end