validate :identity_url_nil_if_empty
before_update :prevent_privilege_escalation
before_update :prevent_inactive_admin
+ before_update :prevent_nonadmin_system_root
before_update :verify_repositories_empty, :if => Proc.new {
username.nil? and username_changed?
}
# delete user signatures, login, repo, and vm perms, and mark as inactive
def unsetup
+ if self.uuid == system_user_uuid
+ raise "System root user cannot be deactivated"
+ end
+
# delete oid_login_perms for this user
#
# note: these permission links are obsolete, they have no effect
true
end
+ def prevent_nonadmin_system_root
+ if self.uuid == system_user_uuid and self.is_admin_changed? and !self.is_admin
+ raise "System root user cannot be non-admin"
+ end
+ true
+ end
+
def search_permissions(start, graph, merged={}, upstream_mask=nil, upstream_path={})
nextpaths = graph[start]
return merged if !nextpaths