Class: User
- Includes:
- Redmine::Ciphering, Redmine::SafeAttributes
- Defined in:
- app/models/user.rb
Direct Known Subclasses
Constant Summary collapse
- USER_FORMATS =
Different ways of displaying/sorting users
{ :firstname_lastname => { :string => '#{firstname} #{lastname}', :order => %w(firstname lastname id), :setting_order => 1 }, :firstname_lastinitial => { :string => '#{firstname} #{lastname.to_s.chars.first}.', :order => %w(firstname lastname id), :setting_order => 2 }, :firstinitial_lastname => { :string => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\')} #{lastname}', :order => %w(firstname lastname id), :setting_order => 2 }, :firstname => { :string => '#{firstname}', :order => %w(firstname id), :setting_order => 3 }, :lastname_firstname => { :string => '#{lastname} #{firstname}', :order => %w(lastname firstname id), :setting_order => 4 }, :lastnamefirstname => { :string => '#{lastname}#{firstname}', :order => %w(lastname firstname id), :setting_order => 5 }, :lastname_comma_firstname => { :string => '#{lastname}, #{firstname}', :order => %w(lastname firstname id), :setting_order => 6 }, :lastname => { :string => '#{lastname}', :order => %w(lastname id), :setting_order => 7 }, :username => { :string => '#{login}', :order => %w(login id), :setting_order => 8 }, }
- MAIL_NOTIFICATION_OPTIONS =
[ ['all', :label_user_mail_option_all], ['selected', :label_user_mail_option_selected], ['only_my_events', :label_user_mail_option_only_my_events], ['only_assigned', :label_user_mail_option_only_assigned], ['only_owner', :label_user_mail_option_only_owner], ['none', :label_user_mail_option_none] ]
- LOGIN_LENGTH_LIMIT =
60
- MAIL_LENGTH_LIMIT =
254
- LABEL_BY_STATUS =
{ STATUS_ANONYMOUS => 'anon', STATUS_ACTIVE => 'active', STATUS_REGISTERED => 'registered', STATUS_LOCKED => 'locked' }
Constants inherited from Principal
Principal::STATUS_ACTIVE, Principal::STATUS_ANONYMOUS, Principal::STATUS_LOCKED, Principal::STATUS_REGISTERED
Instance Attribute Summary collapse
-
#generate_password ⇒ Object
Returns the value of attribute generate_password.
-
#last_before_login_on ⇒ Object
Returns the value of attribute last_before_login_on.
-
#password ⇒ Object
Returns the value of attribute password.
-
#password_confirmation ⇒ Object
Returns the value of attribute password_confirmation.
-
#remote_ip ⇒ Object
Returns the value of attribute remote_ip.
Class Method Summary collapse
-
.anonymous ⇒ Object
Returns the anonymous user.
- .current ⇒ Object
- .current=(user) ⇒ Object
-
.default_admin_account_changed? ⇒ Boolean
Returns true if the default admin account can no longer be used.
-
.fields_for_order_statement(table = nil) ⇒ Object
Returns an array of fields names than can be used to make an order statement for users according to how user names are displayed Examples:.
- .find_by_api_key(key) ⇒ Object
- .find_by_atom_key(key) ⇒ Object
-
.find_by_login(login) ⇒ Object
Find a user account by matching the exact login and then a case-insensitive version.
-
.find_by_mail(mail) ⇒ Object
Makes find_by_mail case-insensitive.
-
.find_by_rss_key(key) ⇒ Object
TODO: remove in Redmine 6.0.
-
.generate_salt ⇒ Object
Returns a 128bits random salt as a hex string (32 chars long).
-
.hash_password(clear_password) ⇒ Object
Return password digest.
- .name_formatter(formatter = nil) ⇒ Object
- .prune(age) ⇒ Object
-
.salt_unsalted_passwords! ⇒ Object
Salts all existing unsalted passwords It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) This method is used in the SaltPasswords migration and is to be kept as is.
-
.try_to_autologin(key) ⇒ Object
Returns the user who matches the given autologin
key
or nil. -
.try_to_login(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are caught, logged and nil is returned.
-
.try_to_login!(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are passed through.
-
.valid_notification_options(user = nil) ⇒ Object
Only users that belong to more than 1 project can select projects for which they are notified.
-
.verify_session_token(user_id, token) ⇒ Object
Returns true if token is a valid session token for the user whose id is user_id.
Instance Method Summary collapse
- #activate ⇒ Object
- #activate! ⇒ Object
- #active? ⇒ Boolean
-
#allowed_to?(action, context, options = {}, &block) ⇒ Boolean
Return true if the user is allowed to do the specified action on a specific context Action can be: * a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’) * a permission Symbol (eg. :edit_project) Context can be: * a project : returns true if user is allowed to do the specified action on this project * an array of projects : returns true if user is allowed on every project * nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged.
-
#allowed_to_globally?(action, options = {}, &block) ⇒ Boolean
Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.
- #allowed_to_view_all_time_entries?(context) ⇒ Boolean
- #anonymous? ⇒ Boolean
-
#api_key ⇒ Object
Return user’s API key (a 40 chars long string), used to access the API.
-
#atom_key ⇒ Object
Return user’s ATOM key (a 40 chars long string), used to access feeds.
- #base_reload ⇒ Object
- #bookmarked_project_ids ⇒ Object
-
#builtin_role ⇒ Object
Returns the user’s bult-in role.
-
#change_password_allowed? ⇒ Boolean
Does the backend storage allow this user to change their password?.
-
#check_password?(clear_password) ⇒ Boolean
Returns true if
clear_password
is the correct user’s password, otherwise false. - #convert_time_to_user_timezone(time) ⇒ Object
- #css_classes ⇒ Object
- #delete_autologin_token(value) ⇒ Object
- #delete_session_token(value) ⇒ Object
- #force_default_language? ⇒ Boolean
-
#generate_autologin_token ⇒ Object
Generates a new autologin token and returns its value.
- #generate_password? ⇒ Boolean
-
#generate_session_token ⇒ Object
Generates a new session token and returns its value.
-
#is_or_belongs_to?(arg) ⇒ Boolean
Returns true if user is arg or belongs to arg.
- #language ⇒ Object
- #lock ⇒ Object
- #lock! ⇒ Object
- #locked? ⇒ Boolean
- #logged? ⇒ Boolean
- #mail ⇒ Object
- #mail=(arg) ⇒ Object
- #mail_changed? ⇒ Boolean
- #mails ⇒ Object
-
#managed_roles(project) ⇒ Object
Returns the roles that the user is allowed to manage for the given project.
-
#membership(project) ⇒ Object
Returns user’s membership for the given project or nil if the user is not a member of project.
- #must_activate_twofa? ⇒ Boolean
- #must_change_password? ⇒ Boolean
-
#name(formatter = nil) ⇒ Object
Return user’s full name for display.
- #notified_project_ids=(ids) ⇒ Object
-
#notified_projects_ids ⇒ Object
Return an array of project ids for which the user has explicitly turned mail notifications on.
-
#notify_about?(object) ⇒ Boolean
Utility method to help check if a user should be notified about an event.
- #notify_about_high_priority_issues? ⇒ Boolean
-
#own_account_deletable? ⇒ Boolean
Returns true if the user is allowed to delete the user’s own account.
-
#password_expired? ⇒ Boolean
Returns true if the user password has expired.
- #pref ⇒ Object
-
#project_ids_by_role ⇒ Object
Returns a hash of project ids grouped by roles.
-
#projects_by_role ⇒ Object
Returns a hash of user’s projects grouped by roles TODO: No longer used, should be deprecated.
-
#random_password(length = 40) ⇒ Object
Generate and set a random password on given length.
- #register ⇒ Object
- #register! ⇒ Object
- #registered? ⇒ Boolean
- #reload(*args) ⇒ Object
- #roles ⇒ Object
-
#roles_for_project(project) ⇒ Object
Return user’s roles for project.
-
#rss_key ⇒ Object
TODO: remove in Redmine 6.0.
-
#salt_password(clear_password) ⇒ Object
Generates a random salt and computes hashed_password for
clear_password
The hashed password is stored in the following form: SHA1(salt + SHA1(password)). - #set_mail_notification ⇒ Object
-
#time_to_date(time) ⇒ Object
Returns the day of
time
according to user’s time zone. - #time_zone ⇒ Object
- #to_s ⇒ Object
-
#today ⇒ Object
Returns the current day according to user’s time zone.
- #twofa_active? ⇒ Boolean
- #twofa_totp_key ⇒ Object
- #twofa_totp_key=(key) ⇒ Object
- #update_hashed_password ⇒ Object
- #update_last_login_on! ⇒ Object
- #valid_notification_options ⇒ Object
-
#visible_project_ids ⇒ Object
Returns the ids of visible projects.
- #wants_comments_in_reverse_order? ⇒ Boolean
Methods included from Redmine::SafeAttributes
#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=
Methods included from Redmine::Ciphering
cipher_key, decrypt_text, encrypt_text, included, logger
Methods inherited from Principal
#<=>, detect_by_keyword, #member_of?, #nullify_projects_default_assigned_to, #project_ids, #visible?
Instance Attribute Details
#generate_password ⇒ Object
Returns the value of attribute generate_password.
101 102 103 |
# File 'app/models/user.rb', line 101 def generate_password @generate_password end |
#last_before_login_on ⇒ Object
Returns the value of attribute last_before_login_on.
102 103 104 |
# File 'app/models/user.rb', line 102 def last_before_login_on @last_before_login_on end |
#password ⇒ Object
Returns the value of attribute password.
101 102 103 |
# File 'app/models/user.rb', line 101 def password @password end |
#password_confirmation ⇒ Object
Returns the value of attribute password_confirmation.
101 102 103 |
# File 'app/models/user.rb', line 101 def password_confirmation @password_confirmation end |
#remote_ip ⇒ Object
Returns the value of attribute remote_ip.
103 104 105 |
# File 'app/models/user.rb', line 103 def remote_ip @remote_ip end |
Class Method Details
.anonymous ⇒ Object
Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only one anonymous user per database.
866 867 868 869 870 871 872 873 |
# File 'app/models/user.rb', line 866 def self.anonymous anonymous_user = AnonymousUser.unscoped.find_by(:lastname => 'Anonymous') if anonymous_user.nil? anonymous_user = AnonymousUser.unscoped.create(:lastname => 'Anonymous', :firstname => '', :login => '', :status => 0) raise 'Unable to create the anonymous user.' if anonymous_user.new_record? end anonymous_user end |
.current ⇒ Object
860 861 862 |
# File 'app/models/user.rb', line 860 def self.current RequestStore.store[:current_user] ||= User.anonymous end |
.current=(user) ⇒ Object
856 857 858 |
# File 'app/models/user.rb', line 856 def self.current=(user) RequestStore.store[:current_user] = user end |
.default_admin_account_changed? ⇒ Boolean
Returns true if the default admin account can no longer be used
558 559 560 |
# File 'app/models/user.rb', line 558 def self.default_admin_account_changed? !User.active.find_by_login("admin").try(:check_password?, "admin") end |
.fields_for_order_statement(table = nil) ⇒ Object
260 261 262 263 |
# File 'app/models/user.rb', line 260 def self.fields_for_order_statement(table=nil) table ||= table_name name_formatter[:order].map {|field| "#{table}.#{field}"} end |
.find_by_api_key(key) ⇒ Object
548 549 550 |
# File 'app/models/user.rb', line 548 def self.find_by_api_key(key) Token.find_active_user('api', key) end |
.find_by_atom_key(key) ⇒ Object
538 539 540 |
# File 'app/models/user.rb', line 538 def self.find_by_atom_key(key) Token.find_active_user('feeds', key) end |
.find_by_login(login) ⇒ Object
Find a user account by matching the exact login and then a case-insensitive version. Exact matches will be given priority.
525 526 527 528 529 530 531 532 533 534 535 536 |
# File 'app/models/user.rb', line 525 def self.find_by_login(login) login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s) if login.present? # First look for an exact match user = where(:login => login).detect {|u| u.login == login} unless user # Fail over to case-insensitive if none was found user = find_by("LOWER(login) = ?", login.downcase) end user end end |
.find_by_mail(mail) ⇒ Object
Makes find_by_mail case-insensitive
553 554 555 |
# File 'app/models/user.rb', line 553 def self.find_by_mail(mail) having_mail(mail).first end |
.find_by_rss_key(key) ⇒ Object
TODO: remove in Redmine 6.0
543 544 545 546 |
# File 'app/models/user.rb', line 543 def self.find_by_rss_key(key) ActiveSupport::Deprecation.warn "User.find_by_rss_key is deprecated and will be removed in Redmine 6.0. Please use User.find_by_atom_key instead." self.find_by_atom_key(key) end |
.generate_salt ⇒ Object
Returns a 128bits random salt as a hex string (32 chars long)
977 978 979 |
# File 'app/models/user.rb', line 977 def generate_salt Redmine::Utils.random_hex(16) end |
.hash_password(clear_password) ⇒ Object
Return password digest
972 973 974 |
# File 'app/models/user.rb', line 972 def hash_password(clear_password) Digest::SHA1.hexdigest(clear_password || "") end |
.name_formatter(formatter = nil) ⇒ Object
250 251 252 |
# File 'app/models/user.rb', line 250 def self.name_formatter(formatter = nil) USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname] end |
.prune(age) ⇒ Object
897 898 899 |
# File 'app/models/user.rb', line 897 def self.prune(age) User.where("created_on < ? AND status = ?", Time.now - age, STATUS_REGISTERED).destroy_all end |
.salt_unsalted_passwords! ⇒ Object
Salts all existing unsalted passwords It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password)) This method is used in the SaltPasswords migration and is to be kept as is
878 879 880 881 882 883 884 885 886 887 888 |
# File 'app/models/user.rb', line 878 def self.salt_unsalted_passwords! transaction do User.where("salt IS NULL OR salt = ''").find_each do |user| next if user.hashed_password.blank? salt = User.generate_salt hashed_password = User.hash_password("#{salt}#{user.hashed_password}") User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password) end end end |
.try_to_autologin(key) ⇒ Object
Returns the user who matches the given autologin key
or nil
242 243 244 245 246 247 248 |
# File 'app/models/user.rb', line 242 def self.try_to_autologin(key) user = Token.find_active_user('autologin', key, Setting.autologin.to_i) if user user.update_last_login_on! user end end |
.try_to_login(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are caught, logged and nil is returned.
203 204 205 206 207 208 |
# File 'app/models/user.rb', line 203 def self.try_to_login(login, password, active_only=true) try_to_login!(login, password, active_only) rescue AuthSourceException => e logger.error "An error occured when authenticating #{login}: #{e.}" nil end |
.try_to_login!(login, password, active_only = true) ⇒ Object
Returns the user that matches provided login and password, or nil AuthSource errors are passed through.
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 |
# File 'app/models/user.rb', line 212 def self.try_to_login!(login, password, active_only=true) login = login.to_s.strip password = password.to_s # Make sure no one can sign in with an empty login or password return nil if login.empty? || password.empty? user = find_by_login(login) if user # user is already in local database return nil unless user.check_password?(password) return nil if !user.active? && active_only else # user is not yet registered, try to authenticate with available sources attrs = AuthSource.authenticate(login, password) if attrs user = new(attrs) user.login = login user.language = Setting.default_language if user.save user.reload logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source end end end user.update_last_login_on! if user && !user.new_record? && user.active? user end |
.valid_notification_options(user = nil) ⇒ Object
Only users that belong to more than 1 project can select projects for which they are notified
513 514 515 516 517 518 519 520 521 |
# File 'app/models/user.rb', line 513 def self.(user=nil) # Note that @user.membership.size would fail since AR ignores # :include association option when doing a count if user.nil? || user.memberships.length < 1 MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'} else MAIL_NOTIFICATION_OPTIONS end end |
.verify_session_token(user_id, token) ⇒ Object
Returns true if token is a valid session token for the user whose id is user_id
468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 |
# File 'app/models/user.rb', line 468 def self.verify_session_token(user_id, token) return false if user_id.blank? || token.blank? scope = Token.where(:user_id => user_id, :value => token.to_s, :action => 'session') if Setting.session_lifetime? scope = scope.where("created_on > ?", Setting.session_lifetime.to_i.minutes.ago) end if Setting.session_timeout? scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago) end last_updated = scope.maximum(:updated_on) if last_updated.nil? false elsif last_updated <= 1.minute.ago scope.update_all(:updated_on => Time.now) == 1 else true end end |
Instance Method Details
#activate ⇒ Object
287 288 289 |
# File 'app/models/user.rb', line 287 def activate self.status = STATUS_ACTIVE end |
#activate! ⇒ Object
299 300 301 |
# File 'app/models/user.rb', line 299 def activate! update_attribute(:status, STATUS_ACTIVE) end |
#active? ⇒ Boolean
275 276 277 |
# File 'app/models/user.rb', line 275 def active? self.status == STATUS_ACTIVE end |
#allowed_to?(action, context, options = {}, &block) ⇒ Boolean
Return true if the user is allowed to do the specified action on a specific context Action can be:
-
a parameter-like Hash (eg. :controller => ‘projects’, :action => ‘edit’)
-
a permission Symbol (eg. :edit_project)
Context can be:
-
a project : returns true if user is allowed to do the specified action on this project
-
an array of projects : returns true if user is allowed on every project
-
nil with options set : check if user has at least one role allowed for this action, or falls back to Non Member / Anonymous permissions depending if the user is logged
740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 |
# File 'app/models/user.rb', line 740 def allowed_to?(action, context, ={}, &block) if context && context.is_a?(Project) return false unless context.allows_to?(action) # Admin users are authorized for anything else return true if admin? roles = roles_for_project(context) return false unless roles roles.any? do |role| (context.is_public? || role.member?) && role.allowed_to?(action) && (block ? yield(role, self) : true) end elsif context && context.is_a?(Array) if context.empty? false else # Authorize if user is authorized on every element of the array context.map {|project| allowed_to?(action, project, , &block)}.reduce(:&) end elsif context raise ArgumentError.new("#allowed_to? context argument must be a Project, an Array of projects or nil") elsif [:global] # Admin users are always authorized return true if admin? # authorize if user has at least one role that has this permission roles = self.roles.to_a | [builtin_role] roles.any? do |role| role.allowed_to?(action) && (block ? yield(role, self) : true) end else false end end |
#allowed_to_globally?(action, options = {}, &block) ⇒ Boolean
Is the user allowed to do the specified action on any project? See allowed_to? for the actions and valid options.
NB: this method is not used anywhere in the core codebase as of 2.5.2, but it’s used by many plugins so if we ever want to remove it it has to be carefully deprecated for a version or two.
784 785 786 |
# File 'app/models/user.rb', line 784 def allowed_to_globally?(action, ={}, &block) allowed_to?(action, nil, .reverse_merge(:global => true), &block) end |
#allowed_to_view_all_time_entries?(context) ⇒ Boolean
788 789 790 791 792 |
# File 'app/models/user.rb', line 788 def allowed_to_view_all_time_entries?(context) allowed_to?(:view_time_entries, context) do |role, user| role.time_entries_visibility == 'all' end end |
#anonymous? ⇒ Boolean
603 604 605 |
# File 'app/models/user.rb', line 603 def anonymous? !logged? end |
#api_key ⇒ Object
Return user’s API key (a 40 chars long string), used to access the API
432 433 434 435 436 437 |
# File 'app/models/user.rb', line 432 def api_key if api_token.nil? create_api_token(:action => 'api') end api_token.value end |
#atom_key ⇒ Object
Return user’s ATOM key (a 40 chars long string), used to access feeds
418 419 420 421 422 423 |
# File 'app/models/user.rb', line 418 def atom_key if atom_token.nil? create_atom_token(:action => 'feeds') end atom_token.value end |
#base_reload ⇒ Object
169 |
# File 'app/models/user.rb', line 169 alias :base_reload :reload |
#bookmarked_project_ids ⇒ Object
890 891 892 893 894 895 |
# File 'app/models/user.rb', line 890 def bookmarked_project_ids project_ids = [] bookmarked_project_ids = self.pref[:bookmarked_project_ids] project_ids = bookmarked_project_ids.split(',') unless bookmarked_project_ids.nil? project_ids.map(&:to_i) end |
#builtin_role ⇒ Object
Returns the user’s bult-in role
636 637 638 |
# File 'app/models/user.rb', line 636 def builtin_role @builtin_role ||= Role.non_member end |
#change_password_allowed? ⇒ Boolean
Does the backend storage allow this user to change their password?
335 336 337 |
# File 'app/models/user.rb', line 335 def change_password_allowed? auth_source.nil? ? true : auth_source.allow_password_changes? end |
#check_password?(clear_password) ⇒ Boolean
Returns true if clear_password
is the correct user’s password, otherwise false
318 319 320 321 322 323 324 |
# File 'app/models/user.rb', line 318 def check_password?(clear_password) if auth_source_id.present? auth_source.authenticate(self.login, clear_password) else User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password end end |
#convert_time_to_user_timezone(time) ⇒ Object
591 592 593 594 595 596 597 |
# File 'app/models/user.rb', line 591 def convert_time_to_user_timezone(time) if self.time_zone time.in_time_zone(self.time_zone) else time.utc? ? time.localtime : time end end |
#css_classes ⇒ Object
573 574 575 |
# File 'app/models/user.rb', line 573 def css_classes "user #{LABEL_BY_STATUS[status]}" end |
#delete_autologin_token(value) ⇒ Object
455 456 457 |
# File 'app/models/user.rb', line 455 def delete_autologin_token(value) Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all end |
#delete_session_token(value) ⇒ Object
445 446 447 |
# File 'app/models/user.rb', line 445 def delete_session_token(value) Token.where(:user_id => id, :action => 'session', :value => value).delete_all end |
#force_default_language? ⇒ Boolean
401 402 403 |
# File 'app/models/user.rb', line 401 def force_default_language? Setting.force_default_language_for_loggedin? end |
#generate_autologin_token ⇒ Object
Generates a new autologin token and returns its value
450 451 452 453 |
# File 'app/models/user.rb', line 450 def generate_autologin_token token = Token.create!(:user_id => id, :action => 'autologin') token.value end |
#generate_password? ⇒ Boolean
354 355 356 |
# File 'app/models/user.rb', line 354 def generate_password? ActiveRecord::Type::Boolean.new.deserialize(generate_password) end |
#generate_session_token ⇒ Object
Generates a new session token and returns its value
440 441 442 443 |
# File 'app/models/user.rb', line 440 def generate_session_token token = Token.create!(:user_id => id, :action => 'session') token.value end |
#is_or_belongs_to?(arg) ⇒ Boolean
Returns true if user is arg or belongs to arg
721 722 723 724 725 726 727 728 729 |
# File 'app/models/user.rb', line 721 def is_or_belongs_to?(arg) if arg.is_a?(User) self == arg elsif arg.is_a?(Group) arg.users.include?(self) else false end end |
#language ⇒ Object
405 406 407 408 409 410 411 |
# File 'app/models/user.rb', line 405 def language if force_default_language? Setting.default_language else super end end |
#lock ⇒ Object
295 296 297 |
# File 'app/models/user.rb', line 295 def lock self.status = STATUS_LOCKED end |
#lock! ⇒ Object
307 308 309 |
# File 'app/models/user.rb', line 307 def lock! update_attribute(:status, STATUS_LOCKED) end |
#locked? ⇒ Boolean
283 284 285 |
# File 'app/models/user.rb', line 283 def locked? self.status == STATUS_LOCKED end |
#logged? ⇒ Boolean
599 600 601 |
# File 'app/models/user.rb', line 599 def logged? true end |
#mail ⇒ Object
184 185 186 |
# File 'app/models/user.rb', line 184 def mail email_address.try(:address) end |
#mail=(arg) ⇒ Object
188 189 190 191 |
# File 'app/models/user.rb', line 188 def mail=(arg) email = email_address || build_email_address email.address = arg end |
#mail_changed? ⇒ Boolean
193 194 195 |
# File 'app/models/user.rb', line 193 def mail_changed? email_address.try(:address_changed?) end |
#mails ⇒ Object
197 198 199 |
# File 'app/models/user.rb', line 197 def mails email_addresses.pluck(:address) end |
#managed_roles(project) ⇒ Object
Returns the roles that the user is allowed to manage for the given project
712 713 714 715 716 717 718 |
# File 'app/models/user.rb', line 712 def managed_roles(project) if admin? @managed_roles ||= Role.givable.to_a else membership(project).try(:managed_roles) || [] end end |
#membership(project) ⇒ Object
Returns user’s membership for the given project or nil if the user is not a member of project
609 610 611 612 613 614 615 616 617 |
# File 'app/models/user.rb', line 609 def membership(project) project_id = project.is_a?(Project) ? project.id : project @membership_by_project_id ||= Hash.new do |h, project_id| h[project_id] = memberships.where(:project_id => project_id).first end @membership_by_project_id[project_id] end |
#must_activate_twofa? ⇒ Boolean
385 386 387 388 389 390 391 |
# File 'app/models/user.rb', line 385 def must_activate_twofa? return false if twofa_active? return true if Setting.twofa_required? return true if Setting.twofa_required_for_administrators? && admin? return true if Setting.twofa_optional? && groups.any?(&:twofa_required?) end |
#must_change_password? ⇒ Boolean
350 351 352 |
# File 'app/models/user.rb', line 350 def must_change_password? (must_change_passwd? || password_expired?) && change_password_allowed? end |
#name(formatter = nil) ⇒ Object
Return user’s full name for display
266 267 268 269 270 271 272 273 |
# File 'app/models/user.rb', line 266 def name(formatter = nil) f = self.class.name_formatter(formatter) if formatter eval('"' + f[:string] + '"') else @name ||= eval('"' + f[:string] + '"') end end |
#notified_project_ids=(ids) ⇒ Object
493 494 495 496 |
# File 'app/models/user.rb', line 493 def notified_project_ids=(ids) @notified_projects_ids_changed = true @notified_projects_ids = ids.map(&:to_i).uniq.select {|n| n > 0} end |
#notified_projects_ids ⇒ Object
Return an array of project ids for which the user has explicitly turned mail notifications on
489 490 491 |
# File 'app/models/user.rb', line 489 def notified_projects_ids @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id) end |
#notify_about?(object) ⇒ Boolean
Utility method to help check if a user should be notified about an event.
TODO: only supports Issue events currently
828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 |
# File 'app/models/user.rb', line 828 def notify_about?(object) if mail_notification == 'all' true elsif mail_notification.blank? || mail_notification == 'none' false else case object when Issue case mail_notification when 'selected', 'only_my_events' # user receives notifications for created/assigned issues on unselected projects object. == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee) when 'only_assigned' is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.previous_assignee) when 'only_owner' object. == self end when News # always send to project members except when mail_notification is set to 'none' true end end end |
#notify_about_high_priority_issues? ⇒ Boolean
852 853 854 |
# File 'app/models/user.rb', line 852 def notify_about_high_priority_issues? self.pref.notify_about_high_priority_issues end |
#own_account_deletable? ⇒ Boolean
Returns true if the user is allowed to delete the user’s own account
795 796 797 798 |
# File 'app/models/user.rb', line 795 def own_account_deletable? Setting.unsubscribe? && (!admin? || User.active.admin.where("id <> ?", id).exists?) end |
#password_expired? ⇒ Boolean
Returns true if the user password has expired
340 341 342 343 344 345 346 347 348 |
# File 'app/models/user.rb', line 340 def password_expired? period = Setting.password_max_age.to_i if period.zero? false else changed_on = self.passwd_changed_on || Time.at(0) changed_on < period.days.ago end end |
#pref ⇒ Object
393 394 395 |
# File 'app/models/user.rb', line 393 def pref self.preference ||= UserPreference.new(:user => self) end |
#project_ids_by_role ⇒ Object
Returns a hash of project ids grouped by roles. Includes the projects that the user is a member of and the projects that grant custom permissions to the builtin groups.
669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 |
# File 'app/models/user.rb', line 669 def project_ids_by_role # Clear project condition for when called from chained scopes # eg. project.children.visible(user) Project.unscoped do return @project_ids_by_role if @project_ids_by_role group_class = anonymous? ? GroupAnonymous.unscoped : GroupNonMember.unscoped group_id = group_class.pick(:id) members = Member.joins(:project, :member_roles). where("#{Project.table_name}.status <> 9"). where("#{Member.table_name}.user_id = ? OR (#{Project.table_name}.is_public = ? AND #{Member.table_name}.user_id = ?)", self.id, true, group_id). pluck(:user_id, :role_id, :project_id) hash = {} members.each do |user_id, role_id, project_id| # Ignore the roles of the builtin group if the user is a member of the project next if user_id != id && project_ids.include?(project_id) hash[role_id] ||= [] hash[role_id] << project_id end result = Hash.new([]) if hash.present? roles = Role.where(:id => hash.keys).to_a hash.each do |role_id, proj_ids| role = roles.detect {|r| r.id == role_id} if role result[role] = proj_ids.uniq end end end @project_ids_by_role = result end end |
#projects_by_role ⇒ Object
Returns a hash of user’s projects grouped by roles TODO: No longer used, should be deprecated
656 657 658 659 660 661 662 663 664 |
# File 'app/models/user.rb', line 656 def projects_by_role return @projects_by_role if @projects_by_role result = Hash.new([]) project_ids_by_role.each do |role, ids| result[role] = Project.where(:id => ids).to_a end @projects_by_role = result end |
#random_password(length = 40) ⇒ Object
Generate and set a random password on given length
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 |
# File 'app/models/user.rb', line 359 def random_password(length=40) chars_list = [('A'..'Z').to_a, ('a'..'z').to_a, ('0'..'9').to_a] # auto-generated passwords contain special characters only when admins # require users to use passwords which contains special characters if Setting.password_required_char_classes.include?('special_chars') chars_list << ("\x20".."\x7e").to_a.select {|c| c =~ Setting::PASSWORD_CHAR_CLASSES['special_chars']} end chars_list.each {|v| v.reject! {|c| %(0O1l|'"`*).include?(c)}} password = +'' chars_list.each do |chars| password << chars[SecureRandom.random_number(chars.size)] length -= 1 end chars = chars_list.flatten length.times {password << chars[SecureRandom.random_number(chars.size)]} password = password.split('').shuffle(random: SecureRandom).join self.password = password self.password_confirmation = password self end |
#register ⇒ Object
291 292 293 |
# File 'app/models/user.rb', line 291 def register self.status = STATUS_REGISTERED end |
#register! ⇒ Object
303 304 305 |
# File 'app/models/user.rb', line 303 def register! update_attribute(:status, STATUS_REGISTERED) end |
#registered? ⇒ Boolean
279 280 281 |
# File 'app/models/user.rb', line 279 def registered? self.status == STATUS_REGISTERED end |
#reload(*args) ⇒ Object
170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'app/models/user.rb', line 170 def reload(*args) @name = nil @roles = nil @projects_by_role = nil @project_ids_by_role = nil @membership_by_project_id = nil @notified_projects_ids = nil @notified_projects_ids_changed = false @builtin_role = nil @visible_project_ids = nil @managed_roles = nil base_reload(*args) end |
#roles ⇒ Object
619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 |
# File 'app/models/user.rb', line 619 def roles @roles ||= Role.joins(members: :project). where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]). where(Member.arel_table[:user_id].eq(id)).distinct if @roles.blank? group_class = anonymous? ? GroupAnonymous : GroupNonMember @roles = Role.joins(members: :project). where(["#{Project.table_name}.status <> ? AND #{Project.table_name}.is_public = ?", Project::STATUS_ARCHIVED, true]). where(Member.arel_table[:user_id].eq(group_class.first.id)).distinct end @roles end |
#roles_for_project(project) ⇒ Object
Return user’s roles for project
641 642 643 644 645 646 647 648 649 650 651 652 |
# File 'app/models/user.rb', line 641 def roles_for_project(project) # No role on archived projects return [] if project.nil? || project.archived? if membership = membership(project) membership.roles.to_a elsif project.is_public? project.override_roles(builtin_role) else [] end end |
#rss_key ⇒ Object
TODO: remove in Redmine 6.0
426 427 428 429 |
# File 'app/models/user.rb', line 426 def rss_key ActiveSupport::Deprecation.warn "User.rss_key is deprecated and will be removed in Redmine 6.0. Please use User.atom_key instead." atom_key end |
#salt_password(clear_password) ⇒ Object
Generates a random salt and computes hashed_password for clear_password
The hashed password is stored in the following form: SHA1(salt + SHA1(password))
328 329 330 331 332 |
# File 'app/models/user.rb', line 328 def salt_password(clear_password) self.salt = User.generate_salt self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}") self.passwd_changed_on = Time.now.change(:usec => 0) end |
#set_mail_notification ⇒ Object
157 158 159 160 |
# File 'app/models/user.rb', line 157 def set_mail_notification self.mail_notification = Setting.default_notification_option if self.mail_notification.blank? true end |
#time_to_date(time) ⇒ Object
Returns the day of time
according to user’s time zone
587 588 589 |
# File 'app/models/user.rb', line 587 def time_to_date(time) self.convert_time_to_user_timezone(time).to_date end |
#time_zone ⇒ Object
397 398 399 |
# File 'app/models/user.rb', line 397 def time_zone @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone]) end |
#to_s ⇒ Object
562 563 564 |
# File 'app/models/user.rb', line 562 def to_s name end |
#today ⇒ Object
Returns the current day according to user’s time zone
578 579 580 581 582 583 584 |
# File 'app/models/user.rb', line 578 def today if time_zone.nil? Date.today else time_zone.today end end |
#twofa_active? ⇒ Boolean
381 382 383 |
# File 'app/models/user.rb', line 381 def twofa_active? twofa_scheme.present? end |
#twofa_totp_key ⇒ Object
459 460 461 |
# File 'app/models/user.rb', line 459 def twofa_totp_key read_ciphered_attribute(:twofa_totp_key) end |
#twofa_totp_key=(key) ⇒ Object
463 464 465 |
# File 'app/models/user.rb', line 463 def twofa_totp_key=(key) write_ciphered_attribute(:twofa_totp_key, key) end |
#update_hashed_password ⇒ Object
162 163 164 165 166 167 |
# File 'app/models/user.rb', line 162 def update_hashed_password # update hashed_password if password was set if self.password && self.auth_source_id.blank? salt_password(password) end end |
#update_last_login_on! ⇒ Object
311 312 313 314 315 |
# File 'app/models/user.rb', line 311 def update_last_login_on! return if last_login_on.present? && last_login_on >= 1.minute.ago update_column(:last_login_on, Time.now) end |
#valid_notification_options ⇒ Object
508 509 510 |
# File 'app/models/user.rb', line 508 def self.class.(self) end |
#visible_project_ids ⇒ Object
Returns the ids of visible projects
707 708 709 |
# File 'app/models/user.rb', line 707 def visible_project_ids @visible_project_ids ||= Project.visible(self).pluck(:id) end |
#wants_comments_in_reverse_order? ⇒ Boolean
413 414 415 |
# File 'app/models/user.rb', line 413 def wants_comments_in_reverse_order? self.pref[:comments_sorting] == 'desc' end |