tighten up automatic uuid assignment

diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb
index c26ac7e0baa2e82bc277a153e504d653ce148d9f..411296c127a25764ae3f931793ffd384678df112 100644 (file)
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -31,7 +31,14 @@ class OrvosModel < ActiveRecord::Base
   protected
 
   def permission_to_update
-    return false unless current_user
+    if !current_user
+      logger.warn "Anonymous user tried to update #{self.class.to_s} #{self.uuid_was}"
+      return false
+    end
+    if self.uuid_changed?
+      logger.warn "User #{current_user.uuid} tried to change uuid of #{self.class.to_s} #{self.uuid_was} to #{self.uuid}"
+      return false
+    end
     return true if current_user.is_admin
     if self.owner_changed? and
         self.owner_was != current_user.uuid and

diff --git a/lib/assign_uuid.rb b/lib/assign_uuid.rb
index 6d8bd294f2c59b8158f64c1c5b01fe106320cb2f..ba761e12e770b2aa02df7700269d84b114d5d5e6 100644 (file)
--- a/lib/assign_uuid.rb
+++ b/lib/assign_uuid.rb
@@ -2,9 +2,7 @@ module AssignUuid
 
   def self.included(base)
     base.extend(ClassMethods)
-    base.validates_presence_of :uuid, :if => :respond_to_uuid?
-    base.validates_uniqueness_of :uuid, :if => :respond_to_uuid?
-    base.before_validation :assign_uuid
+    base.before_create :assign_uuid
   end
 
   module ClassMethods
@@ -21,9 +19,9 @@ module AssignUuid
 
   def assign_uuid
     return true if !self.respond_to_uuid?
-    self.uuid ||= [Server::Application.config.uuid_prefix,
-                   self.class.uuid_prefix,
-                   rand(2**256).to_s(36)[-15..-1]].
+    self.uuid = [Server::Application.config.uuid_prefix,
+                 self.class.uuid_prefix,
+                 rand(2**256).to_s(36)[-15..-1]].
       join '-'
   end
 end