# encoding: UTF-8 module Spontaneous::Permissions class User < Sequel::Model(:spontaneous_users) extend Forwardable plugin :timestamps one_to_one :group, :class => :'Spontaneous::Permissions::AccessGroup' many_to_many :groups, :class => :'Spontaneous::Permissions::AccessGroup', :join_table => :spontaneous_groups_users one_to_many :access_keys, :class => :'Spontaneous::Permissions::AccessKey', :reciprocal => :user set_restricted_columns(:crypted_password) def_delegators :group, :level, :access_selector def self.login(login) login_dataset.call(:login => login).first end def self.login_dataset @login_dataset ||= self.where(:login => :$login). eager_graph(:access_keys). prepare(:select, :select_user_by_login) end def self.authenticate(login, clear_password, ip_address = nil) if (user = self[:login => login, :disabled => false]) authenticator = Spontaneous::Crypt.new(clear_password, user.crypted_password) if authenticator.valid? user.upgrade_authentication(authenticator) if authenticator.outdated? access_key = user.logged_in!(ip_address) return access_key end end nil end def self.create(attributes = {}) level = attributes.delete(:level) || attributes.delete("level") user = super user.update(:level => Spontaneous::Permissions[level]) if level && user user end def self.export(user = nil) users = self.order(:login).all users = users.reject { |u| u.level > user.level } if user exported = {} exported[:users] = users.map { |u| export_user(u) } base_level = user.nil? ? nil : user.level exported[:levels] = UserLevel.all(base_level).map { |level| { :level => level.to_s, :can_publish => level.can_publish?, :is_admin => level.admin? } } exported end def self.export_user(u) keys = u.access_keys.map { |key| {:last_access_at => key.last_access_at.httpdate, :last_access_ip => key.last_access_ip} } { :id => u.id, :name => u.name, :email => u.email, :login => u.login, :level => u.level.to_s, :disabled => u.disabled?, :keys => keys } end attr_accessor :password alias_method :disabled?, :disabled ## # Find the highest access level available from all the groups we # belong to # TODO: actually match the content against the memberships def level_for(content) memberships.map { |m| m.level_for(content) }.sort.last end def last_access_at access_keys.map(&:last_access_at).sort.last end def logged_in!(ip_address = nil) self.last_login_at = Time.now generate_access_key(ip_address) end def generate_access_key(ip_address) key = AccessKey.new(:last_access_ip => ip_address) self.add_access_key(key) self.save key end def encrypt_password(clear_password) Spontaneous::Crypt.hash_password(clear_password) end def upgrade_authentication(auth) update_all :crypted_password => auth.upgrade end def before_save self.crypted_password = encrypt_password(password) unless password.blank? clear_access_keys! if disabled? super end def clear_access_keys! access_keys.each { | key | key.delete } end def enabled? !disabled? end def disable! self.disabled = true self.save end def enable! self.disabled = false self.save end def after_create super ensure_group! end def password=(new_password) updating_password! @password = new_password end def level=(level) ensure_group! group.level = level group.save end def raise_on_save_failure false end def memberships groups.push(group) end def developer? level.developer? || false end def can_publish? level.can_publish? || false end def admin? level.admin? || false end def export { :name => name, :email => email, :login => login, :can_publish => can_publish?, :developer => developer?, :admin => admin? } end def serialise_http(user) Spontaneous.serialise_http(export) end protected def validate super errors.add(:name, 'is required') if name.blank? errors.add(:email, 'is required') if email.blank? errors.add(:email, 'is invalid') unless email.blank? or email =~ /\A[^@]+@.+\z/ if login.blank? errors.add(:login, 'is required') else errors.add(:login, 'should only contain letters, numbers & underscore') unless login =~ /\A[a-zA-Z0-9_]+\z/ errors.add(:login, 'should be at least 3 letters long') if login.length < 3 end if (u = User[:login => login]) && (u.id != id) errors.add(:login, "must be unique, login '#{login}' already exists") end if new? || updating_password? if password.blank? errors.add(:password, 'is required') elsif password.length < 8 errors.add(:password, 'should be at least 6 characters long') end end end def updating_password! @_updating_password = true end def updating_password? @_updating_password end def ensure_group! if group.nil? self.group = AccessGroup.create(:user_id => id, :name => "_#{name}_", :level_name => UserLevel.none.to_s) end end end end