t.add :is_admin
t.add :is_invited
t.add :prefs
+ t.add :writable_by
end
ALL_PERMISSIONS = {read: true, write: true, manage: true}
end
if sufficient_perms
# Check permission links with head_uuid pointing directly at
- # the target object
+ # the target object. If target is a Group, this is redundant
+ # and will fail except [a] if permission caching is broken or
+ # [b] during a race condition, where a permission link has
+ # *just* been added.
if Link.where(link_class: 'permission',
name: sufficient_perms,
tail_uuid: groups_i_can(action) + [self.uuid],
head_uuid: target_uuid).any?
- return true
+ next
end
end
return false
end
def check_auto_admin
- if User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0 and Rails.configuration.auto_admin_user
- if self.email == Rails.configuration.auto_admin_user
+ if not self.uuid.end_with?('anonymouspublic') and
+ User.where("uuid not like '%-000000000000000'").where(:is_admin => true).count == 0
+ if (Rails.configuration.auto_admin_user and self.email == Rails.configuration.auto_admin_user) or
+ Rails.configuration.auto_admin_first_user
self.is_admin = true
self.is_active = true
end
def auto_setup_new_user
return true if !Rails.configuration.auto_setup_new_users
return true if !self.email
+ return true if self.uuid == system_user_uuid
+ return true if self.uuid == anonymous_user_uuid
if Rails.configuration.auto_setup_new_users_with_vm_uuid ||
Rails.configuration.auto_setup_new_users_with_repository