def is_invited
!!(self.is_active ||
Rails.configuration.new_users_are_active ||
- self.groups_i_can(:read).select { |x| x.match /-f+$/ }.first)
+ self.groups_i_can(:read).select { |x| x.match(/-f+$/) }.first)
end
def groups_i_can(verb)
true
end
- def self.invalidate_permissions_cache
+ def self.invalidate_permissions_cache(timestamp=nil)
if Rails.configuration.async_permissions_update
- connection.execute "NOTIFY invalidate_permissions_cache"
+ timestamp = DbCurrentTime::db_current_time.to_i if timestamp.nil?
+ connection.execute "NOTIFY invalidate_permissions_cache, '#{timestamp}'"
else
Rails.cache.delete_matched(/^groups_for_user_/)
end
end
+ # Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
+ # and perm_hash[:write] are true if this user can read and write
+ # objects owned by group_uuid.
+ #
+ # The permission graph is built by repeatedly enumerating all
+ # permission links reachable from self.uuid, and then calling
+ # search_permissions
def calculate_group_permissions
permissions_from = {}
todo = {self.uuid => true}
# Return a hash of {group_uuid: perm_hash} where perm_hash[:read]
# and perm_hash[:write] are true if this user can read and write
# objects owned by group_uuid.
- #
- # The permission graph is built by repeatedly enumerating all
- # permission links reachable from self.uuid, and then calling
- # search_permissions
def group_permissions
- Rails.cache.fetch "groups_for_user_#{self.uuid}" do
- calculate_group_permissions
+ r = Rails.cache.read "groups_for_user_#{self.uuid}"
+ if r.nil?
+ if Rails.configuration.async_permissions_update
+ while r.nil?
+ sleep(0.1)
+ r = Rails.cache.read "groups_for_user_#{self.uuid}"
+ end
+ else
+ r = calculate_group_permissions
+ end
end
+ r
end
def self.setup(user, openid_prefix, repo_name=nil, vm_uuid=nil)
# delete "All users" group read permissions for this user
group = Group.where(name: 'All users').select do |g|
- g[:uuid].match /-f+$/
+ g[:uuid].match(/-f+$/)
end.first
Link.destroy_all(tail_uuid: self.uuid,
head_uuid: group[:uuid],
self.save!
end
+ def set_initial_username(requested: false)
+ if !requested.is_a?(String) || requested.empty?
+ email_parts = email.partition("@")
+ local_parts = email_parts.first.partition("+")
+ if email_parts.any?(&:empty?)
+ return
+ elsif not local_parts.first.empty?
+ requested = local_parts.first
+ else
+ requested = email_parts.first
+ end
+ end
+ requested.sub!(/^[^A-Za-z]+/, "")
+ requested.gsub!(/[^A-Za-z0-9]/, "")
+ unless requested.empty?
+ self.username = find_usable_username_from(requested)
+ end
+ end
+
protected
def ensure_ownership_path_leads_to_user
self.class.
where("username like '#{pattern}'").
select(:username).
- order(username: :asc).
- find_each do |other_user|
+ order('username asc').
+ each do |other_user|
if other_user.username > next_username
break
elsif other_user.username == next_username
nil
end
- def set_initial_username
- email_parts = email.partition("@")
- local_parts = email_parts.first.partition("+")
- if email_parts.any?(&:empty?)
- return
- elsif not local_parts.first.empty?
- base_username = local_parts.first
- else
- base_username = email_parts.first
- end
- base_username.sub!(/^[^A-Za-z]+/, "")
- base_username.gsub!(/[^A-Za-z0-9]/, "")
- unless base_username.empty?
- self.username = find_usable_username_from(base_username)
- end
- end
-
def prevent_privilege_escalation
if current_user.andand.is_admin
return true
projects / arvados.git / blobdiff