class Eco::API::Policies::DefaultPolicies::UserAccess < Eco::API::Common::Loaders::Policy name "default-user-access" attr_reader :session, :options attr_accessor :account_removed_count def main(people, session, options, policy, job) @session = session; @options = options self.account_removed_count = 0 people.each do |person| remove_account_when_no_email!(person) if person.email.to_s.empty? person.account.policy_group_ids = [defid] if no_policy_group_ids?(person) refresh_abilities!(person.account) end warn_account_removal! end private def warn_account_removal! if account_removed_count > 0 msg = "Removed account to #{account_removed_count} people" session.logger.warn(msg) end end def remove_account_when_no_email!(person) if person.account account_removed_count += 1 if had_account?(person) person.account = nil end end def had_account?(person) return false if person.new? return false if person.account_added? return !!person.original_doc["account"] end def provision_basic_level!(person) if account = person.account unless options.dig(:exclude, :abilities) account.permissions_custom = session.new_preset(person) if no_abilities?(person) account.permissions_custom = min_abilities end end end end def refresh_abilities!(account) return nil unless account end def no_policy_group_ids?(person) (account = person.account) && account.policy_group_ids.empty? end def no_abilities?(person) person.account.permissions_custom && person.account.permissions_custom.values.all?(&:nil?) end def min_abilities { "files" => "upload", "data" => nil, "reports" => nil, "pages" => "create", "page_editor" => "basic", "registers" => "view", "organization" => nil, "person_core" => "attach", "person_core_edit" => nil, "person_core_create" => nil, "person_details" => "view", "person_account" => nil } end def defid @defid ||= policy_groups.to_id(default_group) end def default_group session.config.people.default_usergroup end def policy_groups session.policy_groups end end