before_create :check_auto_admin
after_create :add_system_group_permission_link
after_create :send_admin_notifications
+ after_update :send_profile_created_notification
+
has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
# delete user signatures, login, repo, and vm perms, and mark as inactive
def unsetup
# delete oid_login_perms for this user
- oid_login_perms = Link.where(tail_uuid: self.email,
- link_class: 'permission',
- name: 'can_login')
- oid_login_perms.each do |perm|
- Link.delete perm
- end
+ Link.destroy_all(tail_uuid: self.email,
+ link_class: 'permission',
+ name: 'can_login')
# delete repo_perms for this user
- repo_perms = Link.where(tail_uuid: self.uuid,
- link_class: 'permission',
- name: 'can_write')
- repo_perms.each do |perm|
- Link.delete perm
- end
+ Link.destroy_all(tail_uuid: self.uuid,
+ link_class: 'permission',
+ name: 'can_manage')
# delete vm_login_perms for this user
- vm_login_perms = Link.where(tail_uuid: self.uuid,
- link_class: 'permission',
- name: 'can_login')
- vm_login_perms.each do |perm|
- Link.delete perm
- end
+ Link.destroy_all(tail_uuid: self.uuid,
+ link_class: 'permission',
+ name: 'can_login')
# delete "All users' group read permissions for this user
group = Group.where(name: 'All users').select do |g|
g[:uuid].match /-f+$/
end.first
- group_perms = Link.where(tail_uuid: self.uuid,
- head_uuid: group[:uuid],
- link_class: 'permission',
- name: 'can_read')
- group_perms.each do |perm|
- Link.delete perm
- end
+ Link.destroy_all(tail_uuid: self.uuid,
+ head_uuid: group[:uuid],
+ link_class: 'permission',
+ name: 'can_read')
# delete any signatures by this user
- signed_uuids = Link.where(link_class: 'signature',
- tail_uuid: self.uuid)
- signed_uuids.each do |sign|
- Link.delete sign
- end
+ Link.destroy_all(link_class: 'signature',
+ tail_uuid: self.uuid)
# mark the user as inactive
self.is_active = false
self.save!
end
- # update current user profile
- def profile updated_profile
- user_profile = self.prefs['profile']
- user_profile ||= {}
- updated_profile.each do |entry|
- if entry[0].starts_with? 'profile_'
- user_profile[entry[0].partition('_').last] = entry[1]
- end
- end
- self.prefs['profile'] = user_profile
- self.save!
- end
-
protected
def ensure_ownership_path_leads_to_user
repo_perms = Link.where(tail_uuid: self.uuid,
head_uuid: repo[:uuid],
link_class: 'permission',
- name: 'can_write')
+ name: 'can_manage')
if repo_perms.any?
logger.warn "User already has repository access " +
repo_perms.collect { |p| p[:uuid] }.inspect
repo_perm = Link.create(tail_uuid: self.uuid,
head_uuid: repo[:uuid],
link_class: 'permission',
- name: 'can_write')
+ name: 'can_manage')
logger.info { "repo permission: " + repo_perm[:uuid] }
return repo_perm
end
AdminNotifier.new_inactive_user(self).deliver
end
end
+
+ # Send notification if the user saved profile for the first time
+ def send_profile_created_notification
+ if self.prefs_changed?
+ if self.prefs_was.andand.empty? || !self.prefs_was.andand['profile']
+ profile_notification_address = Rails.configuration.user_profile_notification_address
+ ProfileNotifier.profile_created(self, profile_notification_address).deliver if profile_notification_address
+ end
+ end
+ end
+
end
projects / arvados.git / blobdiff