mod/account/set/right/account.rb in card-1.98.3 vs mod/account/set/right/account.rb in card-1.99.0

@@ -1,186 +1,58 @@
 # -*- encoding : utf-8 -*-
 
-include All::Permissions::Accounts
-
 card_accessor :email
 card_accessor :password
 card_accessor :salt
 card_accessor :status
-card_accessor :token
+card_accessor :api_key
 
-#### ON CREATE
+require_field :email
 
-# legal to add +*account card
-event :validate_accountability, :prepare_to_validate, on: :create do
-  errors.add :content, tr(:error_not_allowed) unless left&.accountable?
+def accounted
+  left
 end
 
-event :require_email, :prepare_to_validate,
-      after: :validate_accountability, on: :create do
-  errors.add :email, "required" unless subfield(:email)
+def accounted_id
+  left_id
 end
 
-event :set_default_salt, :prepare_to_validate, on: :create do
-  salt = Digest::SHA1.hexdigest "--#{Time.zone.now}--"
-  Env[:salt] = salt # HACK!!! need viable mechanism to get this to password
-  add_subfield :salt, content: salt
-end
-
-event :set_default_status, :prepare_to_validate, on: :create do
-  default_status = left&.try(:default_account_status) || "active"
-  add_subfield :status, content: default_status
-end
-
-event :generate_confirmation_token,
-      :prepare_to_store, on: :create, when: :can_approve? do
-  add_subfield :token, content: generate_token
-end
-
-event :send_account_verification_email, :integrate,
-      on: :create, when: proc { |c| c.token.present? } do
-  Card[:verification_email].deliver self, to: email
-end
-
-# ON UPDATE
-
-# reset password emails contain a link to update the +*account card
-# and trigger this event
-event :reset_password, :prepare_to_validate, on: :update, trigger: :required do
-  reset_password_with_token Env.params[:token]
-end
-
-# STANDALONE EVENTS
-# only triggered when called directly (as methods)
-
-event :reset_token do
-  token = generate_token
-  Auth.as_bot { token_card.update! content: token }
-  token
-end
-
-event :send_welcome_email do
-  welcome = Card[:welcome_email]
-  welcome.deliver self, to: email if welcome&.type_code == :email_template
-end
-
-event :send_reset_password_token do
-  reset_token
-  Card[:password_reset_email].deliver self, to: email
-end
-
-def active?
-  status == "active"
-end
-
-def blocked?
-  status == "blocked"
-end
-
-def built_in?
-  status == "system"
-end
-
-def pending?
-  status == "pending"
-end
-
-def validate_token! test_token
-  token_card.validate! test_token
-end
-
-def reset_password_with_token token
-  aborting do
-    if !token
-      errors.add :token, "is required"
-    elsif !validate_token!(token)
-      # FIXME: This should be an error.
-      # However, an error abort will trigger a rollback, so the
-      # token reset won't work.  That may be an argument for
-      # handling the token update in a separate request?
-      success << reset_password_try_again
-    else
-      success << reset_password_success
-    end
-  end
-end
-
-def refreshed_token
-  if token_card.id
-    token_card.refresh(true).db_content # TODO: explain why refresh is needed
-  else # eg when viewing email template
-    "[token]"
-  end
-end
-
-def can_approve?
-  Card.new(type_id: Card.default_accounted_type_id).ok? :create
-end
-
 def ok_to_read
   own_account? ? true : super
 end
 
-def reset_password_success
-  # token_card.used!
-  Auth.signin left_id
-  { id: name, view: :edit }
-end
+# allow account owner to update account field content
+def ok_to_update
+  return true if own_account? && !name_changed? && !type_id_changed?
 
-def reset_password_try_again
-  message = tr :sorry_email_reset, error_msg: token_card.errors.first.last
-  send_reset_password_token
-  { id: "_self", view: "message", message: message }
+  super
 end
 
-# FIXME: explain or remove.
-def edit_password_success_args; end
-
 def changes_visible? act
   act.actions_affecting(act.card).each do |action|
     return true if action.card.ok? :read
   end
   false
 end
 
-format do
-  view :verify_url, cache: :never do
-    card_url path(token_path_opts.merge(mark: card.name.left))
+def send_account_email email_template
+  ecard = Card[email_template]
+  unless ecard&.type_id == EmailTemplateID
+    raise Card::Error, "invalid email template: #{email_template}"
   end
 
-  view :verify_days, cache: :never do
-    (Card.config.token_expiry / 1.day).to_s
-  end
+  ecard.deliver self, to: email
+end
 
-  view :reset_password_url do
-    card_url path(token_path_opts.merge(card: { trigger: :reset_password }))
-  end
-
-  view :reset_password_days do
-    (Card.config.token_expiry / 1.day).to_s
-  end
-
-  def token_path_opts
-    { action: :update, live_token: true, token: card.refreshed_token }
-  end
+def validate_api_key! api_key
+  api_key_card.validate! api_key
 end
 
-format :html do
-  view :raw do
-    # FIXME: use field_nest instead of parsing content
-    # Problem: when you do that then the fields are missing in the sign up form:
-    # output( [field_nest(:email, view: :titled, title: "email"),
-    #          field_nest(:password, view: :titled, title: "password")])
-    %({{+#{:email.cardname}|labeled;title:email;edit:inline}}
-      {{+#{:password.cardname}|labeled;title:password;edit:inline}})
-  end
+def method_missing method, *args
+  super unless args.empty? && (matches = method.match(/^(?<status>.*)\?$/))
 
-  before :content_formgroup do
-    voo.edit_structure = [[:email, "email"], [:password, "password"]]
-  end
+  status == matches[:status]
 end
 
-format :email do
-  def mail context, fields
-    super context, fields.reverse_merge(to: card.email)
-  end
+def respond_to_missing? method, _include_private=false
+  method.match?(/\?/) ? true : super
 end