Class: Hippo::User
Constant Summary collapse
- USER_EDITABLE_ATTRIBUTES =
We override the default implementation so that we can guarantee that the current user can always update their own information
[:name, :email, :password]
Constants included from Concerns::ApiAttributeAccess
Concerns::ApiAttributeAccess::DEFAULT_BLACKLISTED
Class Method Summary collapse
- .can_write_attributes?(attr, user) ⇒ Boolean
-
.current ⇒ User
If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil.
-
.current_id ⇒ Fixnum
Retrieve the current id of the user we’re proxying for.
- .for_jwt_token(token) ⇒ Object
-
.scoped_to(user) ⇒ UserProxy
sets the user for the duration of the block.
- .seed_admin_account ⇒ Object
- .with_login(login) ⇒ Object
Instance Method Summary collapse
-
#admin? ⇒ Boolan
Does the user have the “administrator” role?.
-
#can_delete?(model, id) ⇒ Boolean
Can the User delete the model?.
-
#can_read?(model, attribute = nil) ⇒ Boolean
Can the User view the model?.
-
#can_write?(model, attribute = nil) ⇒ Boolean
Can the User create and update the model?.
- #can_write_attributes?(attr, user) ⇒ Boolean
- #jwt_token ⇒ Object
- #roles ⇒ Object
- #setting_attribute_is_allowed?(name, user) ⇒ Boolean
- #workspace_data ⇒ Object
Methods inherited from Model
belongs_to_tenant, scoped_by_tenant?
Methods included from Concerns::ApiAttributeAccess
#_set_attribute_data_from_collection, #set_attribute_data
Class Method Details
.can_write_attributes?(attr, user) ⇒ Boolean
68 69 70 |
# File 'lib/hippo/user.rb', line 68 def self.can_write_attributes?(attr, user) (attr['id'] && attr['id'].to_i == user.id) ? true : super end |
.current ⇒ User
If all that’s needed is the user’s id, see ‘current_id`, that method does not not attempt to instantiate a User Defaults to nil
94 95 96 97 98 99 100 101 102 |
# File 'lib/hippo/user.rb', line 94 def self.current uid = Thread.current[:hippo_current_user] if uid.is_a?(User) uid else user = Thread.current[:hippo_current_user] = User.find_by_id(uid) return user ? user.id : nil end end |
.current_id ⇒ Fixnum
Retrieve the current id of the user we’re proxying for. get’s a bit complicated since we can proxy both for a user object or just the user’s id
108 109 110 111 112 113 114 115 116 117 |
# File 'lib/hippo/user.rb', line 108 def self.current_id uid = Thread.current[:hippo_current_user] if uid.nil? 0 elsif uid.is_a?(User) uid.id else uid end end |
.for_jwt_token(token) ⇒ Object
81 82 83 84 85 86 87 88 |
# File 'lib/hippo/user.rb', line 81 def self.for_jwt_token(token) payload = JWT.decode( token, Hippo.config.session_secret_key_base, true, { :algorithm => 'HS256' } ) if payload.length && (uid = payload.first['uid']) return where(id: uid).first end end |
.scoped_to(user) ⇒ UserProxy
sets the user for the duration of the block
145 146 147 148 149 150 |
# File 'lib/hippo/user.rb', line 145 def self.scoped_to( user ) prev_user, Thread.current[:hippo_current_user] = self.current, user yield user ensure Thread.current[:hippo_current_user] = prev_user end |
.seed_admin_account ⇒ Object
152 153 154 155 156 157 158 159 |
# File 'lib/hippo/user.rb', line 152 def self.seed_admin_account where(login: 'admin').first || create!( name: "Admin", email: "[email protected]", password: 'password', login: 'admin', role_names: ['administrator'] ) end |
.with_login(login) ⇒ Object
17 18 19 |
# File 'lib/hippo/user.rb', line 17 def self.with_login(login) where("lower(login) = ?", login.downcase) end |
Instance Method Details
#admin? ⇒ Boolan
Returns does the user have the “administrator” role?.
73 74 75 |
# File 'lib/hippo/user.rb', line 73 def admin? roles.include? 'administrator' end |
#can_delete?(model, id) ⇒ Boolean
Returns Can the User delete the model?.
55 56 57 |
# File 'lib/hippo/user.rb', line 55 def can_delete?(model, id) roles.can_delete?(model, id) end |
#can_read?(model, attribute = nil) ⇒ Boolean
Returns Can the User view the model?.
41 42 43 |
# File 'lib/hippo/user.rb', line 41 def can_read?(model, attribute = nil) roles.can_read?(model, attribute) end |
#can_write?(model, attribute = nil) ⇒ Boolean
Returns Can the User create and update the model?.
48 49 50 |
# File 'lib/hippo/user.rb', line 48 def can_write?(model, attribute = nil) roles.can_write?(model, attribute) end |
#can_write_attributes?(attr, user) ⇒ Boolean
65 66 67 |
# File 'lib/hippo/user.rb', line 65 def can_write_attributes?(attr, user) (!new_record? && user.id == self.id) ? true : super end |
#jwt_token ⇒ Object
77 78 79 |
# File 'lib/hippo/user.rb', line 77 def jwt_token JWT.encode({'uid' => id}, Hippo.config.session_secret_key_base, 'HS256') end |
#roles ⇒ Object
21 22 23 |
# File 'lib/hippo/user.rb', line 21 def roles @cached_roles ||= Access::RoleCollection.new(self) end |
#setting_attribute_is_allowed?(name, user) ⇒ Boolean
62 63 64 |
# File 'lib/hippo/user.rb', line 62 def setting_attribute_is_allowed?(name, user) ( !new_record? && user.id == self.id && USER_EDITABLE_ATTRIBUTES.include?(name) ) ? true : super end |
#workspace_data ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/hippo/user.rb', line 25 def workspace_data user_data = attributes.slice( 'id','login','name','email', 'role_names', 'options', 'created_at','created_by','updated_at', 'updated_by' ) { user: user_data, access: Access.for_user(self), access_token: jwt_token, screen_ids: Hippo::Screen.ids_for_user(self) } end |