Thread.current[:api_client_ip_address]
end
- # Does the current API client authorization include any of ok_scopes?
- def current_api_client_auth_has_scope(ok_scopes)
- auth_scopes = current_api_client_authorization.andand.scopes || []
- unless auth_scopes.index('all') or (auth_scopes & ok_scopes).any?
- logger.warn "Insufficient auth scope: need #{ok_scopes}, #{current_api_client_authorization.inspect} has #{auth_scopes}"
- return false
- end
- true
- end
-
def system_user_uuid
[Server::Application.config.uuid_prefix,
User.uuid_prefix,
'000000000000000'].join('-')
end
+ def anonymous_group_uuid
+ [Server::Application.config.uuid_prefix,
+ Group.uuid_prefix,
+ 'anonymouspublic'].join('-')
+ end
+
+ def anonymous_user_uuid
+ [Server::Application.config.uuid_prefix,
+ User.uuid_prefix,
+ 'anonymouspublic'].join('-')
+ end
+
def system_user
if not $system_user
real_current_user = Thread.current[:user]
- Thread.current[:user] = User.new(is_admin: true, is_active: true)
+ Thread.current[:user] = User.new(is_admin: true,
+ is_active: true,
+ uuid: system_user_uuid)
$system_user = User.where('uuid=?', system_user_uuid).first
if !$system_user
$system_user = User.new(uuid: system_user_uuid,
if block_given?
user_was = Thread.current[:user]
Thread.current[:user] = system_user
- ret = yield
- Thread.current[:user] = user_was
- ret
+ begin
+ yield
+ ensure
+ Thread.current[:user] = user_was
+ end
else
Thread.current[:user] = system_user
end
end
+
+ def anonymous_group
+ if not $anonymous_group
+ act_as_system_user do
+ ActiveRecord::Base.transaction do
+ $anonymous_group = Group.
+ where(uuid: anonymous_group_uuid).first_or_create do |g|
+ g.update_attributes(name: "Anonymous group",
+ description: "Anonymous group")
+ end
+ end
+ end
+ end
+ $anonymous_group
+ end
+
+ def anonymous_user
+ if not $anonymous_user
+ act_as_system_user do
+ $anonymous_user = User.where('uuid=?', anonymous_user_uuid).first
+ if !$anonymous_user
+ $anonymous_user = User.new(uuid: anonymous_user_uuid,
+ is_active: false,
+ is_admin: false,
+ email: 'anonymouspublic',
+ first_name: 'anonymouspublic',
+ last_name: 'anonymouspublic')
+ $anonymous_user.save!
+ $anonymous_user.reload
+ end
+
+ group_perms = Link.where(tail_uuid: anonymous_user_uuid,
+ head_uuid: anonymous_group_uuid,
+ link_class: 'permission',
+ name: 'can_read')
+
+ if !group_perms.any?
+ group_perm = Link.create!(tail_uuid: anonymous_user_uuid,
+ head_uuid: anonymous_group_uuid,
+ link_class: 'permission',
+ name: 'can_read')
+ end
+ end
+ end
+ $anonymous_user
+ end
+
end