class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable, :database_authenticatable @@authentication_type = "#{Rails.application.config.chouette_authentication_settings[:type]}_authenticatable".to_sym cattr_reader :authentication_type devise :invitable, :registerable, :validatable, :lockable, :recoverable, :rememberable, :trackable, :async, authentication_type # FIXME https://github.com/nbudin/devise_cas_authenticatable/issues/53 # Work around :validatable, when database_authenticatable is diabled. attr_accessor :password unless authentication_type == :database_authenticatable # Setup accessible (or protected) attributes for your model # attr_accessible :email, :password, :current_password, :password_confirmation, :remember_me, :name, :organisation_attributes belongs_to :organisation accepts_nested_attributes_for :organisation validates :organisation, :presence => true validates :email, :presence => true, :uniqueness => true validates :name, :presence => true before_validation(:on => :create) do self.password ||= Devise.friendly_token.first(6) self.password_confirmation ||= self.password end after_destroy :check_destroy_organisation @@edit_offer_permissions = ['routes.create', 'routes.edit', 'routes.destroy', 'journey_patterns.create', 'journey_patterns.edit', 'journey_patterns.destroy', 'vehicle_journeys.create', 'vehicle_journeys.edit', 'vehicle_journeys.destroy', 'time_tables.create', 'time_tables.edit', 'time_tables.destroy', 'footnotes.edit', 'footnotes.create', 'footnotes.destroy', 'routing_constraint_zones.create', 'routing_constraint_zones.edit', 'routing_constraint_zones.destroy', 'referentials.create', 'referentials.edit', 'referentials.destroy', 'boiv:edit-offer', 'boiv:read-offer'] mattr_reader :edit_offer_permissions def self.all_permissions edit_offer_permissions end # Callback invoked by DeviseCasAuthenticable::Model#authernticate_with_cas_ticket def cas_extra_attributes=(extra_attributes) extra = extra_attributes.inject({}){|memo,(k,v)| memo[k.to_sym] = v; memo} self.name = extra[:full_name] self.email = extra[:email] self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope] # TODO: Discuss the following behavior in the light of how the portal's permissions will evolve # boiv:edit-offer does not imply boiv:read-offer, which needs to be provided specifically for any connection rights self.permissions = extra[:permissions].include?('boiv:edit-offer') ? @@edit_offer_permissions : [] end def self.portail_api_request conf = Rails.application.config.try(:stif_portail_api) raise 'Rails.application.config.stif_portail_api settings is not defined' unless conf conn = Faraday.new(:url => conf[:url]) do |c| c.headers['Authorization'] = %{Token token="#{conf[:key]}"} c.adapter Faraday.default_adapter end resp = conn.get '/api/v1/users' if resp.status == 200 JSON.parse resp.body else raise "Error on api request status : #{resp.status} => #{resp.body}" end end def self.portail_sync self.portail_api_request.each do |el| user = User.find_or_initialize_by(username: el['username']) user.name = "#{el['firstname']} #{el['lastname']}" user.email = el['email'] user.locked_at = el['locked_at'] user.organisation = Organisation.sync_update el['organization_code'], el['organization_name'], el['functional_scope'] user.synced_at = Time.now # TODO: Discuss the following behavior in the light of how the portal's permissions will evolve # boiv:edit-offer does not imply boiv:read-offer, which needs to be provided specifically for any connection rights user.permissions = el['permissions'].include?('boiv:edit-offer') ? @@edit_offer_permissions : [] user.save end end def has_permission?(permission) permissions && permissions.include?(permission) end private # remove organisation and referentials if last user of it def check_destroy_organisation if organisation.users.empty? organisation.destroy end end end