summaryrefslogtreecommitdiff
path: root/app/models/user.rb
blob: 92ac33aa96e9856e0b65057c377f1df43d80b758 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
require 'digest/sha1'

class User < ApplicationRecord
  # Mixins and Plugins
  include Authentication
  include Authentication::ByPassword

  # Associations
  has_many :permissions

  # Validations
  validates_presence_of     :login
  validates_length_of       :login, :within => 1..40
  validates_uniqueness_of   :login
  validates_format_of       :login, :with => Authentication.login_regex,
                            :message => Authentication.bad_login_message

  validates_presence_of     :email
  validates_length_of       :email, :within => 6..100 #r@a.wk
  validates_uniqueness_of   :email
  validates_format_of       :email, :with => Authentication.email_regex,
                            :message => Authentication.bad_email_message

  # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
  def self.authenticate(login, password)
    return nil if login.blank? || password.blank?
    u = find_by_login(login) # need to get the salt
    u && u.authenticated?(password) ? u : nil
  end

  # TODO: Do we really want to have downcase logins only?
  def login=(value)
    write_attribute :login, (value ? value.downcase : nil)
  end

  def email=(value)
    write_attribute :email, (value ? value.downcase : nil)
  end
  
  # Permission stuff
  
  def grant(node)
    set_permission(true, node)
  end
  
  def revoke(node)
    set_permission(false, node)
  end

  def inherit(node)    
    permission = self.permissions.for_node(node).first
    permission.destroy if permission
  end
  
  def get_permission_for(node)
    permissions = {}
    self.permissions.for_node(node).each do |permission|
      permissions[permission.identifier.to_sym] = permission.granted
    end
    permissions
  end
  
  # Checks for permission on the node and if necessary ascends the
  # nodetree until permission is found or returns false if it is not found 
  # at all.
  def has_permission?(node)
    node_permission = self.permissions.for_node(node)
    return node_permission unless node_permission.nil?

    node.ancestors.reverse.each do |p|
      local_permission = self.get_permissions_for(p)[identifier]
      unless local_permission.nil?
        return local_permission
      end
    end
    
    return false
  end
  
  def is_admin?
    !!admin
  end
  
  private
    
    def set_permission(granted, node)    
      permission = self.permissions.for_node(node).first
      if permission
        permission.granted = granted
      else
        self.permissions.create!( :node       => node, 
                                  :granted    => granted )
      end
    end
end