user.rb in zen-0.4

- old
+ new

@@ -1,29 +1,74 @@
 module Users
-  #:nodoc:
   module Model
     ##
     # Model that represents a single user.
     #
-    # @since  0.1
+    # @example Sending an Email for a new user
+    #  Zen::Event.listen(:after_new_user) do |user|
+    #    Mail.deliver do
+    #      from    'user@domain.tld'
+    #      to      user.email
+    #      subject 'Your new account'
+    #      body    "Dear #{user.name}, your account has been created."
+    #    end
+    #  end
     #
+    # @since 0.1
+    # @event before_new_user
+    # @event after_new_user
+    # @event before_edit_user
+    # @event after_edit_user
+    # @event before_delete_user
+    # @event after_delete_user
+    #
     class User < Sequel::Model
+      ##
       # Regex to do some basic Email validation. Emails such as foo@bar,
-      # foo@bar.com and foo@bar.a.b are all valid but foo bar@bar.com isn't.
+      # "foo@bar.com" and "foo@bar.a.b" are all valid but "foo bar@bar.com"
+      # isn't.
+      #
       EMAIL_REGEX = '^[^@]\S+@\S+(\.[a-z]+)*[^.]$'
 
+      ##
+      # Array containing the columns that can be set by the user.
+      #
+      # @since 17-02-2012
+      #
+      COLUMNS = [
+        :email,
+        :name,
+        :website,
+        :password,
+        :confirm_password,
+        :user_status_id,
+        :language,
+        :frontend_language,
+        :date_format,
+        :user_group_pks
+      ]
+
       include Zen::Model::Helper
 
       many_to_many :user_groups, :class => 'Users::Model::UserGroup',
         :eager => [:permissions]
 
       many_to_one :user_status, :class => 'Users::Model::UserStatus'
       one_to_many :permissions, :class => 'Users::Model::Permission'
+      one_to_many :widgets,     :class => 'Dashboard::Model::Widget'
 
       plugin :timestamps, :create => :created_at, :update => :updated_at
       plugin :association_dependencies, :permissions => :delete
 
+      plugin :events,
+        :before_create  => :before_new_user,
+        :after_create   => :after_new_user,
+        :before_update  => :before_edit_user,
+        :after_update   => :after_edit_user,
+        :before_destroy => :before_delete_user,
+        :after_destroy  => :after_delete_user
+
       ##
       # Searches for a set of users that match the given query.
       #
       # @since  16-10-2011
       # @param  [String] query The search query.
@@ -81,11 +126,14 @@
       # @param  [String] password The raw password
       #
       def password=(password)
         return if password.nil? or password.empty?
 
-        password = BCrypt::Password.create(password, :cost => 10)
+        password = BCrypt::Password.create(
+          Zen::Security.sanitize(password),
+          :cost => 10
+        )
 
         super(password)
       end
 
       ##
@@ -104,9 +152,14 @@
       # Hook run before creating or updating an object.
       #
       # @since  0.3
       #
       def before_save
+        # Password is sanitized in password=.
+        sanitize_fields([
+          :email, :name, :website, :language, :frontend_language, :date_format
+        ])
+
         if self.user_status_id.nil?
           self.user_status_id = Users::Model::UserStatus[:name => 'closed'].id
         end
 
         super