soundsoftware-site: app/models/user.rb comparison

comparison app/models/user.rb @ 1338:25603efa57b5

Merge from live branch

author	Chris Cannam
date	Thu, 20 Jun 2013 13:14:14 +0100
parents	bb32da3bea34
children	4f746d8966dd 51364c0cd58f

comparison

equal deleted inserted replaced

-:1b1138f6f55e
+:25603efa57b5
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2012  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 STATUS_REGISTERED = 2
 STATUS_LOCKED     = 3
 # Different ways of displaying/sorting users
 USER_FORMATS = {
-:firstname_lastname => {:string => '#{firstname} #{lastname}', :order => %w(firstname lastname id)},
+:firstname_lastname => {
-:firstname => {:string => '#{firstname}', :order => %w(firstname id)},
+:string => '#{firstname} #{lastname}',
-:lastname_firstname => {:string => '#{lastname} #{firstname}', :order => %w(lastname firstname id)},
+:order => %w(firstname lastname id),
-:lastname_coma_firstname => {:string => '#{lastname}, #{firstname}', :order => %w(lastname firstname id)},
+:setting_order => 1
-:username => {:string => '#{login}', :order => %w(login id)},
+},
+:firstname_lastinitial => {
+:string => '#{firstname} #{lastname.to_s.chars.first}.',
+:order => %w(firstname lastname id),
+:setting_order => 2
+},
+:firstname => {
+:string => '#{firstname}',
+:order => %w(firstname id),
+:setting_order => 3
+},
+:lastname_firstname => {
+:string => '#{lastname} #{firstname}',
+:order => %w(lastname firstname id),
+:setting_order => 4
+},
+:lastname_coma_firstname => {
+:string => '#{lastname}, #{firstname}',
+:order => %w(lastname firstname id),
+:setting_order => 5
+},
+:lastname => {
+:string => '#{lastname}',
+:order => %w(lastname id),
+:setting_order => 6
+},
+:username => {
+:string => '#{login}',
+:order => %w(login id),
+:setting_order => 7
+},
 }
 MAIL_NOTIFICATION_OPTIONS = [
 ['all', :label_user_mail_option_all],
 ['selected', :label_user_mail_option_selected],
 has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
 has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
 has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
 belongs_to :auth_source
+scope :logged, :conditions => "#{User.table_name}.status <> #{STATUS_ANONYMOUS}"
+scope :status, lambda {|arg| arg.blank? ? {} : {:conditions => {:status => arg.to_i}} }
 has_one :ssamr_user_detail, :dependent => :destroy, :class_name => 'SsamrUserDetail'
 accepts_nested_attributes_for :ssamr_user_detail
 has_one :author
-# Active non-anonymous users scope
-named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
 acts_as_customizable
 attr_accessor :password, :password_confirmation
 attr_accessor :last_before_login_on
 # Prevents unauthorized assignments
 attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
+LOGIN_LENGTH_LIMIT = 60
+MAIL_LENGTH_LIMIT = 60
 validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
+validates_uniqueness_of :login, :if => Proc.new { |user| user.login_changed? && user.login.present? }, :case_sensitive => false
+validates_uniqueness_of :mail, :if => Proc.new { |user| user.mail_changed? && user.mail.present? }, :case_sensitive => false
-# TODO: is this validation correct validates_presence_of :ssamr_user_detail
-validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }, :case_sensitive => false
-validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
 # Login must contain lettres, numbers, underscores only
 validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
-validates_length_of :login, :maximum => 30
+validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
 validates_length_of :firstname, :lastname, :maximum => 30
 validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_blank => true
-validates_length_of :mail, :maximum => 60, :allow_nil => true
+validates_length_of :mail, :maximum => MAIL_LENGTH_LIMIT, :allow_nil => true
 validates_confirmation_of :password, :allow_nil => true
 validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
 validate :validate_password_length
 before_create :set_mail_notification
 before_save   :update_hashed_password
 before_destroy :remove_references_before_destroy
 validates_acceptance_of :terms_and_conditions, :on => :create, :message => :must_accept_terms_and_conditions
-named_scope :in_group, lambda {|group|
+scope :in_group, lambda {|group|
 group_id = group.is_a?(Group) ? group.id : group.to_i
-{ :conditions => ["#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
+where("#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
 }
-named_scope :not_in_group, lambda {|group|
+scope :not_in_group, lambda {|group|
 group_id = group.is_a?(Group) ? group.id : group.to_i
-{ :conditions => ["#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id] }
+where("#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
 }
 def set_mail_notification
 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
 true
 self.read_attribute(:identity_url)
 end
 # Returns the user that matches provided login and password, or nil
 def self.try_to_login(login, password)
+login = login.to_s
+password = password.to_s
 # Make sure no one can sign in with an empty password
-return nil if password.to_s.empty?
+return nil if password.empty?
 user = find_by_login(login)
 if user
 # user is already in local database
 return nil if !user.active?
 if user.auth_source
 raise text
 end
 # Returns the user who matches the given autologin +key+ or nil
 def self.try_to_autologin(key)
-tokens = Token.find_all_by_action_and_value('autologin', key)
+tokens = Token.find_all_by_action_and_value('autologin', key.to_s)
 # Make sure there's only 1 token that matches the key
 if tokens.size == 1
 token = tokens.first
 if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
 token.user.update_attribute(:last_login_on, Time.now)
 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
 end
 # Does the backend storage allow this user to change their password?
 def change_password_allowed?
-return true if auth_source_id.blank?
+return true if auth_source.nil?
 return auth_source.allow_password_changes?
 end
 # Generate and set a random password.  Useful for automated user creation
 # Based on Token#generate_token_value
 self.pref[:comments_sorting] == 'desc'
 end
 # Return user's RSS key (a 40 chars long string), used to access feeds
 def rss_key
-token = self.rss_token || Token.create(:user => self, :action => 'feeds')
+if rss_token.nil?
-token.value
+create_rss_token(:action => 'feeds')
+end
+rss_token.value
 end
 # Return user's API key (a 40 chars long string), used to access the API
 def api_key
-token = self.api_token || self.create_api_token(:action => 'api')
+if api_token.nil?
-token.value
+create_api_token(:action => 'api')
+end
+api_token.value
 end
 # Return an array of project ids for which the user has explicitly turned mail notifications on
 def notified_projects_ids
 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
 end
 # Find a user account by matching the exact login and then a case-insensitive
 # version.  Exact matches will be given priority.
 def self.find_by_login(login)
-# force string comparison to be case sensitive on MySQL
-type_cast = (ActiveRecord::Base.connection.adapter_name == 'MySQL') ? 'BINARY' : ''
 # First look for an exact match
-user = first(:conditions => ["#{type_cast} login = ?", login])
+user = where(:login => login).all.detect {|u| u.login == login}
-# Fail over to case-insensitive if none was found
+unless user
-user ||= first(:conditions => ["#{type_cast} LOWER(login) = ?", login.to_s.downcase])
+# Fail over to case-insensitive if none was found
+user = where("LOWER(login) = ?", login.to_s.downcase).first
+end
+user
 end
 def self.find_by_rss_key(key)
-token = Token.find_by_value(key)
+token = Token.find_by_action_and_value('feeds', key.to_s)
 token && token.user.active? ? token.user : nil
 end
 def self.find_by_api_key(key)
-token = Token.find_by_action_and_value('api', key)
+token = Token.find_by_action_and_value('api', key.to_s)
 token && token.user.active? ? token.user : nil
 end
 # Makes find_by_mail case-insensitive
 def self.find_by_mail(mail)
-find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
+where("LOWER(mail) = ?", mail.to_s.downcase).first
 end
 # Returns true if the default admin account can no longer be used
 def self.default_admin_account_changed?
 !User.active.find_by_login("admin").try(:check_password?, "admin")
 end
 def to_s
 name
+end
+CSS_CLASS_BY_STATUS = {
+STATUS_ANONYMOUS  => 'anon',
+STATUS_ACTIVE     => 'active',
+STATUS_REGISTERED => 'registered',
+STATUS_LOCKED     => 'locked'
+}
+def css_classes
+"user #{CSS_CLASS_BY_STATUS[status]}"
 end
 # Returns the current day according to user's time zone
 def today
 if time_zone.nil?
 else
 Time.now.in_time_zone(time_zone).to_date
 end
 end
+# Returns the day of +time+ according to user's time zone
+def time_to_date(time)
+if time_zone.nil?
+time.to_date
+else
+time.in_time_zone(time_zone).to_date
+end
+end
 def logged?
 true
 end
 def anonymous?
 # Return user's roles for project
 def roles_for_project(project)
 roles = []
 # No role on archived projects
-return roles unless project && project.active?
+return roles if project.nil? || project.archived?
 if logged?
 # Find project membership
 membership = memberships.detect {|m| m.project_id == project.id}
 if membership
 roles = membership.roles
 # Returns a hash of user's projects grouped by roles
 def projects_by_role
 return @projects_by_role if @projects_by_role
-@projects_by_role = Hash.new {|h,k| h[k]=[]}
+@projects_by_role = Hash.new([])
 memberships.each do |membership|
-membership.roles.each do |role|
+if membership.project
-@projects_by_role[role] << membership.project if membership.project
+membership.roles.each do |role|
+@projects_by_role[role] = [] unless @projects_by_role.key?(role)
+@projects_by_role[role] << membership.project
+end
 end
 end
 @projects_by_role.each do |role, projects|
 projects.uniq!
 end
 # * an array of projects : returns true if user is allowed on every project
 # * nil with options[:global] set : check if user has at least one role allowed for this action,
 #   or falls back to Non Member / Anonymous permissions depending if the user is logged
 def allowed_to?(action, context, options={}, &block)
 if context && context.is_a?(Project)
-# No action allowed on archived projects
-return false unless context.active?
-# No action allowed on disabled modules
 return false unless context.allows_to?(action)
 # Admin users are authorized for anything else
 return true if admin?
 roles = roles_for_project(context)
 return false unless roles
-roles.detect {|role|
+roles.any? {|role|
 (context.is_public? || role.member?) &&
 role.allowed_to?(action) &&
 (block_given? ? yield(role, self) : true)
 }
 elsif context && context.is_a?(Array)
-# Authorize if user is authorized on every element of the array
+if context.empty?
-context.map do |project|
+false
-allowed_to?(action, project, options, &block)
+else
-end.inject do |memo,allowed|
+# Authorize if user is authorized on every element of the array
-memo && allowed
+context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&)
 end
 elsif options[:global]
 # Admin users are always authorized
 return true if admin?
 # authorize if user has at least one role that has this permission
 roles = memberships.collect {|m| m.roles}.flatten.uniq
 roles << (self.logged? ? Role.non_member : Role.anonymous)
-roles.detect {|role|
+roles.any? {|role|
 role.allowed_to?(action) &&
 (block_given? ? yield(role, self) : true)
 }
 else
 false
 # Is the user allowed to do the specified action on any project?
 # See allowed_to? for the actions and valid options.
 def allowed_to_globally?(action, options, &block)
 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
+end
+# Returns true if the user is allowed to delete his own account
+def own_account_deletable?
+Setting.unsubscribe? &&
+(!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?)
 end
 safe_attributes 'login',
 'firstname',
 'lastname',
 case mail_notification
 when 'all'
 true
 when 'selected'
 # user receives notifications for created/assigned issues on unselected projects
-if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to))
+if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
 true
 else
 false
 end
 when 'none'
 false
 when 'only_my_events'
-if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to))
+if object.is_a?(Issue) && (object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
 true
 else
 false
 end
 when 'only_assigned'
-if object.is_a?(Issue) && is_or_belongs_to?(object.assigned_to)
+if object.is_a?(Issue) && (is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was))
 true
 else
 false
 end
 when 'only_owner'
 end
 # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
 # one anonymous user per database.
 def self.anonymous
-anonymous_user = AnonymousUser.find(:first)
+anonymous_user = AnonymousUser.first
 if anonymous_user.nil?
 anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
 raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
 end
 anonymous_user
 # Salts all existing unsalted passwords
 # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
 # This method is used in the SaltPasswords migration and is to be kept as is
 def self.salt_unsalted_passwords!
 transaction do
-User.find_each(:conditions => "salt IS NULL OR salt = ''") do |user|
+User.where("salt IS NULL OR salt = ''").find_each do |user|
 next if user.hashed_password.blank?
 salt = User.generate_salt
 hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
-User.update_all("salt = '#{salt}', hashed_password = '#{hashed_password}'", ["id = ?", user.id] )
+User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password)
 end
 end
 end
 protected
 JournalDetail.update_all ['old_value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]
 JournalDetail.update_all ['value = ?', substitute.id.to_s], ["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]
 Message.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
 News.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
 # Remove private queries and keep public ones
-Query.delete_all ['user_id = ? AND is_public = ?', id, false]
+::Query.delete_all ['user_id = ? AND is_public = ?', id, false]
-Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
+::Query.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
 TimeEntry.update_all ['user_id = ?', substitute.id], ['user_id = ?', id]
 Token.delete_all ['user_id = ?', id]
 Watcher.delete_all ['user_id = ?', id]
 WikiContent.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
 WikiContent::Version.update_all ['author_id = ?', substitute.id], ['author_id = ?', id]
 Digest::SHA1.hexdigest(clear_password || "")
 end
 # Returns a 128bits random salt as a hex string (32 chars long)
 def self.generate_salt
-ActiveSupport::SecureRandom.hex(16)
+Redmine::Utils.random_hex(16)
 end
 end
 class AnonymousUser < User
+validate :validate_anonymous_uniqueness, :on => :create
-def validate_on_create
+def validate_anonymous_uniqueness
 # There should be only one AnonymousUser in the database
 errors.add :base, 'An anonymous user already exists.' if AnonymousUser.find(:first)
 end
 def available_custom_fields
 def name(*args); I18n.t(:label_user_anonymous) end
 def mail; nil end
 def time_zone; nil end
 def rss_key; nil end
+def pref
+UserPreference.new(:user => self)
+end
 # Anonymous user can not be destroyed
 def destroy
 false
 end
 end

Mercurial > hg > soundsoftware-site

comparison app/models/user.rb @ 1338:25603efa57b5