# Default policy: # 1. Removes the account if the email is empty # 2. Adds the defined default_usergroup if user does not have policy groups # 3. Adds the defined default_login_method if update includes empty login methods class Eco::API::Policies::DefaultPolicies::UserAccess < Eco::API::Common::Loaders::Policy name "default-user-access" attr_reader :session, :options, :job attr_accessor :account_removed_count def main(people, session, options, policy, job) @session = session; @options = options; @job = job self.account_removed_count = 0 people.each do |person| remove_account_when_no_email!(person) if person.email.to_s.empty? next unless account = person.account if account.policy_group_ids.empty? && def_pg account.policy_group_ids = [def_pg] end add_login_method_if_applicable!(account) end warn_account_removal! end private def warn_account_removal! if account_removed_count > 0 msg = "(DefaultPolicy on job '#{job.name}') Removed account to #{account_removed_count} people" session.logger.info(msg) end end def remove_account_when_no_email!(person) if person.account self.account_removed_count += 1 if had_account?(person) person.account = nil end end def had_account?(person) return false if person.new? return false if person.account_added? return !!person.original_doc["account"] end def add_login_method_if_applicable!(account) return unless account.as_update.key?("login_provider_ids") if account.login_provider_ids.empty? && def_login account.login_provider_ids = [def_login] end end def def_pg @def_pg ||= policy_groups.to_id(default_group) end def def_login @def_login ||= login_providers.to_id(default_login) end def default_group config.people.default_usergroup end def default_login config.people.default_login_method end def login_providers session.login_providers end def policy_groups session.policy_groups end end