user.username_changed? and
(not user.username_was.nil?)
}
- after_destroy :clear_permissions
+ before_destroy :clear_permissions
+ after_destroy :check_permissions
has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
has_many :repositories, foreign_key: :owner_uuid, primary_key: :uuid
def before_ownership_change
if owner_uuid_changed? and !self.owner_uuid_was.nil?
MaterializedPermission.where(user_uuid: owner_uuid_was, target_uuid: uuid).delete_all
- update_permissions self.owner_uuid_was, self.uuid, 0, false
+ update_permissions self.owner_uuid_was, self.uuid, 0
end
end
end
def clear_permissions
+ update_permissions self.owner_uuid, self.uuid, 0
MaterializedPermission.where("user_uuid = ? or target_uuid = ?", uuid, uuid).delete_all
end
- def recompute_permissions
- ActiveRecord::Base.connection.exec_delete("DELETE FROM #{PERMISSION_VIEW} where user_uuid=$1",
- "User.recompute_permissions.delete_user_uuid",
- [[nil, uuid]])
- ActiveRecord::Base.connection.exec_insert %{
-INSERT INTO #{PERMISSION_VIEW}
-select $1::varchar, g.target_uuid, g.val, g.traverse_owned
-from search_permission_graph($1::varchar, 3) as g
-},
- "User.recompute_permissions.insert",
- [[nil, uuid]]
+ def check_permissions
+ check_permissions_against_full_refresh
end
# Return a hash of {user_uuid: group_perms}
raise "user does not exist" if !new_user
raise "cannot merge to an already merged user" if new_user.redirect_to_user_uuid
+ self.clear_permissions
+
# If 'self' is a remote user, don't transfer authorizations
# (i.e. ability to access the account) to the new user, because
# that gives the remote site the ability to access the 'new'
if redirect_to_new_user
update_attributes!(redirect_to_user_uuid: new_user.uuid, username: nil)
end
- self.recompute_permissions
- new_user.recompute_permissions
+ update_permissions self.owner_uuid, self.uuid, 3, false
+ update_permissions new_user.owner_uuid, new_user.uuid, 3
end
end