1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
require 'digest/sha1'
class User < ActiveRecord::Base
# Mixins and Plugins
include Authentication
include Authentication::ByPassword
# Associations
has_many :permissions
# Validations
validates_presence_of :login
validates_length_of :login, :within => 1..40
validates_uniqueness_of :login
validates_format_of :login, :with => Authentication.login_regex,
:message => Authentication.bad_login_message
validates_presence_of :email
validates_length_of :email, :within => 6..100 #r@a.wk
validates_uniqueness_of :email
validates_format_of :email, :with => Authentication.email_regex,
:message => Authentication.bad_email_message
attr_accessible :login, :email, :password, :password_confirmation, :admin
# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
def self.authenticate(login, password)
return nil if login.blank? || password.blank?
u = find_by_login(login) # need to get the salt
u && u.authenticated?(password) ? u : nil
end
# TODO: Do we really want to have downcase logins only?
def login=(value)
write_attribute :login, (value ? value.downcase : nil)
end
def email=(value)
write_attribute :email, (value ? value.downcase : nil)
end
# Permission stuff
def grant(node)
set_permission(true, node)
end
def revoke(node)
set_permission(false, node)
end
def inherit(node)
permission = self.permissions.for_node(node).first
permission.destroy if permission
end
def get_permission_for(node)
permissions = {}
self.permissions.for_node(node).each do |permission|
permissions[permission.identifier.to_sym] = permission.granted
end
permissions
end
# Checks for permission on the node and if necessary ascends the
# nodetree until permission is found or returns false if it is not found
# at all.
def has_permission?(node)
node_permission = self.permissions.for_node(node)
return node_permission unless node_permission.nil?
node.ancestors.reverse.each do |p|
local_permission = self.get_permissions_for(p)[identifier]
unless local_permission.nil?
return local_permission
end
end
return false
end
def is_admin?
!!admin
end
private
def set_permission(granted, node)
permission = self.permissions.for_node(node).first
if permission
permission.granted = granted
else
self.permissions.create!( :node => node,
:granted => granted )
end
end
end
|