- # Caller can move into/out of trash by setting/clearing is_trashed
- # -- however, if the caller also changes trash_at, then any changes
- # to is_trashed are ignored.
- def sync_trash_state
- if is_trashed_changed? && !trash_at_changed?
- if is_trashed
- self.trash_at = @validation_timestamp
- else
- self.trash_at = nil
- self.delete_at = nil
- end
- end
- self.is_trashed = trash_at && trash_at <= @validation_timestamp || false
- true
- end
-
- def default_trash_interval
- if trash_at_changed? && !delete_at_changed?
- # If trash_at is updated without touching delete_at,
- # automatically update delete_at to a sensible value.
- if trash_at.nil?
- self.delete_at = nil
- else
- self.delete_at = trash_at + Rails.configuration.default_trash_lifetime.seconds
- end
- elsif !trash_at || !delete_at || trash_at > delete_at
- # Not trash, or bogus arguments? Just validate in
- # validate_trash_and_delete_timing.
- elsif delete_at_changed? && delete_at >= trash_at
- # Fix delete_at if needed, so it's not earlier than the expiry
- # time on any permission tokens that might have been given out.
-
- # In any case there are no signatures expiring after now+TTL.
- # Also, if the existing trash_at time has already passed, we
- # know we haven't given out any signatures since then.
- earliest_delete = [
- @validation_timestamp,
- trash_at_was,
- ].compact.min + Rails.configuration.blob_signature_ttl.seconds
-
- # The previous value of delete_at is also an upper bound on the
- # longest-lived permission token. For example, if TTL=14,
- # trash_at_was=now-7, delete_at_was=now+7, then it is safe to
- # set trash_at=now+6, delete_at=now+8.
- earliest_delete = [earliest_delete, delete_at_was].compact.min
-
- # If delete_at is too soon, use the earliest possible time.
- if delete_at < earliest_delete
- self.delete_at = earliest_delete