Class: Hippo::User
Constant Summary collapse
- USER_EDITABLE_ATTRIBUTES =
We override the default implementation so that we can guarantee that the current user can always update their own information
[:name, :email, :password]
Constants included from Concerns::ApiAttributeAccess
Concerns::ApiAttributeAccess::DEFAULT_BLACKLISTED
Class Method Summary collapse
- .can_write_attributes?(attr, user) ⇒ Boolean
-
.current ⇒ User
If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil.
-
.current_id ⇒ Fixnum
Retrieve the current id of the user we’re proxying for.
- .for_jwt_token(token) ⇒ Object
-
.scoped_to(user) ⇒ UserProxy
sets the user for the duration of the block.
- .seed_admin_account ⇒ Object
- .with_login(login) ⇒ Object
Instance Method Summary collapse
-
#admin? ⇒ Boolan
Does the user have the “administrator” role?.
-
#can_delete?(model, id) ⇒ Boolean
Can the User delete the model?.
-
#can_read?(model, attribute = nil) ⇒ Boolean
Can the User view the model?.
-
#can_write?(model, attribute = nil) ⇒ Boolean
Can the User create and update the model?.
- #can_write_attributes?(attr, user) ⇒ Boolean
- #jwt_token ⇒ Object
- #roles ⇒ Object
- #setting_attribute_is_allowed?(name, user) ⇒ Boolean
- #workspace_data ⇒ Object
Methods inherited from Model
belongs_to_tenant, scoped_by_tenant?
Methods included from Concerns::ApiAttributeAccess
#_set_attribute_data_from_collection, #set_attribute_data
Class Method Details
.can_write_attributes?(attr, user) ⇒ Boolean
67 68 69 |
# File 'lib/hippo/user.rb', line 67 def self.can_write_attributes?( attr, user ) ( attr[:id] && attr[:id].to_i == user.id ) ? true : super end |
.current ⇒ User
If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil
93 94 95 96 97 98 99 100 101 |
# File 'lib/hippo/user.rb', line 93 def self.current uid = Thread.current[:hippo_current_user] if uid.is_a?(User) uid else user = Thread.current[:hippo_current_user] = User.find_by_id(uid) return user ? user.id : nil end end |
.current_id ⇒ Fixnum
Retrieve the current id of the user we’re proxying for. get’s a bit complicated since we can proxy both for a user object or just the user’s id
107 108 109 110 111 112 113 114 115 116 |
# File 'lib/hippo/user.rb', line 107 def self.current_id uid = Thread.current[:hippo_current_user] if uid.nil? 0 elsif uid.is_a?(User) uid.id else uid end end |
.for_jwt_token(token) ⇒ Object
80 81 82 83 84 85 86 87 |
# File 'lib/hippo/user.rb', line 80 def self.for_jwt_token(token) payload = JWT.decode( token, Hippo.config.session_secret_key_base, true, { :algorithm => 'HS256' } ) if payload.length && (uid = payload.first['uid']) return where(id: uid).first end end |
.scoped_to(user) ⇒ UserProxy
sets the user for the duration of the block
144 145 146 147 148 149 |
# File 'lib/hippo/user.rb', line 144 def self.scoped_to( user ) prev_user, Thread.current[:hippo_current_user] = self.current, user yield user ensure Thread.current[:hippo_current_user] = prev_user end |
.seed_admin_account ⇒ Object
151 152 153 154 155 156 157 158 |
# File 'lib/hippo/user.rb', line 151 def self.seed_admin_account where(login: 'admin').first || create!( name: "Admin", email: "[email protected]", password: 'password', login: 'admin', role_names: ['administrator'] ) end |
.with_login(login) ⇒ Object
17 18 19 |
# File 'lib/hippo/user.rb', line 17 def self.with_login(login) where("lower(login) = ?", login.downcase) end |
Instance Method Details
#admin? ⇒ Boolan
Returns does the user have the “administrator” role?.
72 73 74 |
# File 'lib/hippo/user.rb', line 72 def admin? roles.include? 'administrator' end |
#can_delete?(model, id) ⇒ Boolean
Returns Can the User delete the model?.
54 55 56 |
# File 'lib/hippo/user.rb', line 54 def can_delete?(model, id) roles.can_delete?(model, id) end |
#can_read?(model, attribute = nil) ⇒ Boolean
Returns Can the User view the model?.
40 41 42 |
# File 'lib/hippo/user.rb', line 40 def can_read?(model, attribute = nil) roles.can_read?(model, attribute) end |
#can_write?(model, attribute = nil) ⇒ Boolean
Returns Can the User create and update the model?.
47 48 49 |
# File 'lib/hippo/user.rb', line 47 def can_write?(model, attribute = nil) roles.can_write?(model, attribute) end |
#can_write_attributes?(attr, user) ⇒ Boolean
64 65 66 |
# File 'lib/hippo/user.rb', line 64 def can_write_attributes?( attr, user ) ( !new_record? && user.id == self.id ) ? true : super end |
#jwt_token ⇒ Object
76 77 78 |
# File 'lib/hippo/user.rb', line 76 def jwt_token JWT.encode({'uid' => id}, Hippo.config.session_secret_key_base, 'HS256') end |
#roles ⇒ Object
21 22 23 |
# File 'lib/hippo/user.rb', line 21 def roles @cached_roles ||= Access::RoleCollection.new(self) end |
#setting_attribute_is_allowed?(name, user) ⇒ Boolean
61 62 63 |
# File 'lib/hippo/user.rb', line 61 def setting_attribute_is_allowed?(name, user) ( !new_record? && user.id == self.id && USER_EDITABLE_ATTRIBUTES.include?(name) ) ? true : super end |
#workspace_data ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/hippo/user.rb', line 25 def workspace_data my_data = attributes.slice('id','login','name','email','created_at', 'created_by','updated_at','updated_by','role_names', 'options') Hippo::SystemSettings .public_json .merge( user: my_data, access: Access.for_user(self), access_token: jwt_token, screen_ids: Hippo::Screen.active_ids, ) end |