+ protected
+
+ def permission_to_update
+ # users must be able to update themselves (even if they are
+ # inactive) in order to create sessions
+ self == current_user or super
+ end
+
+ def permission_to_create
+ current_user.andand.is_admin or
+ (self == current_user and
+ self.is_active == Rails.configuration.new_users_are_active)
+ end
+
+ def check_auto_admin
+ if User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0 and not Rails.configuration.auto_admin_user.nil?
+ if current_user.email == Rails.configuration.auto_admin_user
+ self.is_admin = true
+ self.is_active = true
+ end
+ end
+ end
+
+ def prevent_privilege_escalation
+ if current_user.andand.is_admin
+ return true
+ end
+ if self.is_active_changed?
+ if self.is_active != self.is_active_was
+ logger.warn "User #{current_user.uuid} tried to change is_active from #{self.is_admin_was} to #{self.is_admin} for #{self.uuid}"
+ self.is_active = self.is_active_was
+ end
+ end
+ if self.is_admin_changed?
+ if self.is_admin != self.is_admin_was
+ logger.warn "User #{current_user.uuid} tried to change is_admin from #{self.is_admin_was} to #{self.is_admin} for #{self.uuid}"
+ self.is_admin = self.is_admin_was
+ end
+ end
+ true
+ end
+
+ def prevent_inactive_admin
+ if self.is_admin and not self.is_active
+ # There is no known use case for the strange set of permissions
+ # that would result from this change. It's safest to assume it's
+ # a mistake and disallow it outright.
+ raise "Admin users cannot be inactive"
+ end
+ true
+ end
+