Class: Decidim::Authorization

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Decidim::Authorization

Defined in:

app/models/decidim/authorization.rb

Overview

An authorization is a record that a User has been authorized somehow. Other models in the system can use different kind of authorizations to allow a user to perform actions.

To create an authorization for a user we need to use an AuthorizationHandler that validates the user against a set of rules. An example could be a handler that validates a user email against an API and depending on the response it allows the creation of the authorization or not.

Class Method Summary

• .create_or_update_from(handler) ⇒ Object

Instance Method Summary

• #expired? ⇒ Boolean
• #expires_at ⇒ Object

  Calculates at when this authorization will expire, if it needs to.

• #grant! ⇒ Object
• #granted? ⇒ Boolean

Class Method Details

.create_or_update_from(handler) ⇒ Object

# File 'app/models/decidim/authorization.rb', line 25

def self.create_or_update_from(handler)
  authorization = find_or_initialize_by(
    user: handler.user,
    name: handler.handler_name
  )

  authorization.attributes = {
    unique_id: handler.unique_id,
    metadata: handler.metadata
  }

  authorization.grant!
end

Instance Method Details

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/decidim/authorization.rb', line 60

def expired?
  expires_at.present? && expires_at < Time.current
end

#expires_at ⇒ Object

Calculates at when this authorization will expire, if it needs to.

Returns nil if the authorization does not expire. Returns an ActiveSupport::TimeWithZone if it expires.

# File 'app/models/decidim/authorization.rb', line 53

def expires_at
  return unless workflow_manifest
  return if workflow_manifest.expires_in.zero?

  (granted_at || created_at) + workflow_manifest.expires_in
end

#grant! ⇒ Object

# File 'app/models/decidim/authorization.rb', line 39

def grant!
  remove_verification_attachment!

  update!(granted_at: Time.current, verification_metadata: {})
end

#granted? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/decidim/authorization.rb', line 45

def granted?
  !granted_at.nil?
end