protected
def permission_to_update
- return false unless current_user
+ if !current_user
+ logger.warn "Anonymous user tried to update #{self.class.to_s} #{self.uuid_was}"
+ return false
+ end
+ if self.uuid_changed?
+ logger.warn "User #{current_user.uuid} tried to change uuid of #{self.class.to_s} #{self.uuid_was} to #{self.uuid}"
+ return false
+ end
return true if current_user.is_admin
if self.owner_changed? and
self.owner_was != current_user.uuid and
def self.included(base)
base.extend(ClassMethods)
- base.validates_presence_of :uuid, :if => :respond_to_uuid?
- base.validates_uniqueness_of :uuid, :if => :respond_to_uuid?
- base.before_validation :assign_uuid
+ base.before_create :assign_uuid
end
module ClassMethods
def assign_uuid
return true if !self.respond_to_uuid?
- self.uuid ||= [Server::Application.config.uuid_prefix,
- self.class.uuid_prefix,
- rand(2**256).to_s(36)[-15..-1]].
+ self.uuid = [Server::Application.config.uuid_prefix,
+ self.class.uuid_prefix,
+ rand(2**256).to_s(36)[-15..-1]].
join '-'
end
end