# Default policy: # 1. Removes the account if the email is empty # 2. Adds the defined default_usergroup if user does not have policy groups # 3. Adds the defined default_login_method if update includes empty login methods class Eco::API::Policies::DefaultPolicies::UserAccess < Eco::API::Common::Loaders::Policy name "default-user-access" attr_reader :job attr_accessor :account_removed_count def main(_peo, _sess, _opts, _plc, job) @job = job self.account_removed_count = 0 people.each do |person| remove_account_when_no_email!(person) if person.email.to_s.empty? next unless account = person.account next if options.dig(:exclude, :account) add_def_policy_group_if_applicable!(account) add_login_method_if_applicable!(account) end warn_account_removal! end private def warn_account_removal! return unless account_removed_count.positive? msg = "(DefaultPolicy on job '#{job.name}') Removed account to #{account_removed_count} people" log(:info) { msg } end def remove_account_when_no_email!(person) return unless person.account self.account_removed_count += 1 if had_account?(person) person.account = nil end def had_account?(person) return false if person.new? return false if person.account_added? !!person.original_doc["account"] end def add_def_policy_group_if_applicable!(account) return unless account return unless account.policy_group_ids.empty? return unless def_pg account.policy_group_ids = [def_pg] end def add_login_method_if_applicable!(account) return unless account return unless account.as_update.key?("login_provider_ids") return unless account.login_provider_ids.empty? return unless def_login account.login_provider_ids = [def_login] end def def_pg @def_pg ||= policy_groups.to_id(default_group) end def def_login @def_login ||= login_providers.to_id(default_login) end def default_group config.people.default_usergroup end def default_login config.people.default_login_method end def login_providers session.login_providers end def policy_groups session.policy_groups end end