|
@@ -37,6 +37,7 @@
|
|
# sign_in_token_sent_at :datetime
|
|
# sign_in_token_sent_at :datetime
|
|
# webauthn_id :string
|
|
# webauthn_id :string
|
|
# sign_up_ip :inet
|
|
# sign_up_ip :inet
|
|
|
|
+# role_id :bigint(8)
|
|
#
|
|
#
|
|
|
|
|
|
class User < ApplicationRecord
|
|
class User < ApplicationRecord
|
|
@@ -50,7 +51,6 @@ class User < ApplicationRecord
|
|
)
|
|
)
|
|
|
|
|
|
include Settings::Extend
|
|
include Settings::Extend
|
|
- include UserRoles
|
|
|
|
include Redisable
|
|
include Redisable
|
|
include LanguagesHelper
|
|
include LanguagesHelper
|
|
|
|
|
|
@@ -79,6 +79,7 @@ class User < ApplicationRecord
|
|
belongs_to :account, inverse_of: :user
|
|
belongs_to :account, inverse_of: :user
|
|
belongs_to :invite, counter_cache: :uses, optional: true
|
|
belongs_to :invite, counter_cache: :uses, optional: true
|
|
belongs_to :created_by_application, class_name: 'Doorkeeper::Application', optional: true
|
|
belongs_to :created_by_application, class_name: 'Doorkeeper::Application', optional: true
|
|
|
|
+ belongs_to :role, class_name: 'UserRole', optional: true
|
|
accepts_nested_attributes_for :account
|
|
accepts_nested_attributes_for :account
|
|
|
|
|
|
has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
|
|
has_many :applications, class_name: 'Doorkeeper::Application', as: :owner
|
|
@@ -103,6 +104,7 @@ class User < ApplicationRecord
|
|
validates_with RegistrationFormTimeValidator, on: :create
|
|
validates_with RegistrationFormTimeValidator, on: :create
|
|
validates :website, absence: true, on: :create
|
|
validates :website, absence: true, on: :create
|
|
validates :confirm_password, absence: true, on: :create
|
|
validates :confirm_password, absence: true, on: :create
|
|
|
|
+ validate :validate_role_elevation
|
|
|
|
|
|
scope :recent, -> { order(id: :desc) }
|
|
scope :recent, -> { order(id: :desc) }
|
|
scope :pending, -> { where(approved: false) }
|
|
scope :pending, -> { where(approved: false) }
|
|
@@ -117,6 +119,7 @@ class User < ApplicationRecord
|
|
scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
|
|
scope :emailable, -> { confirmed.enabled.joins(:account).merge(Account.searchable) }
|
|
|
|
|
|
before_validation :sanitize_languages
|
|
before_validation :sanitize_languages
|
|
|
|
+ before_validation :sanitize_role
|
|
before_create :set_approved
|
|
before_create :set_approved
|
|
after_commit :send_pending_devise_notifications
|
|
after_commit :send_pending_devise_notifications
|
|
after_create_commit :trigger_webhooks
|
|
after_create_commit :trigger_webhooks
|
|
@@ -135,8 +138,28 @@ class User < ApplicationRecord
|
|
:disable_swiping, :always_send_emails,
|
|
:disable_swiping, :always_send_emails,
|
|
to: :settings, prefix: :setting, allow_nil: false
|
|
to: :settings, prefix: :setting, allow_nil: false
|
|
|
|
|
|
|
|
+ delegate :can?, to: :role
|
|
|
|
+
|
|
attr_reader :invite_code
|
|
attr_reader :invite_code
|
|
- attr_writer :external, :bypass_invite_request_check
|
|
|
|
|
|
+ attr_writer :external, :bypass_invite_request_check, :current_account
|
|
|
|
+
|
|
|
|
+ def self.those_who_can(*any_of_privileges)
|
|
|
|
+ matching_role_ids = UserRole.that_can(*any_of_privileges).map(&:id)
|
|
|
|
+
|
|
|
|
+ if matching_role_ids.empty?
|
|
|
|
+ none
|
|
|
|
+ else
|
|
|
|
+ where(role_id: matching_role_ids)
|
|
|
|
+ end
|
|
|
|
+ end
|
|
|
|
+
|
|
|
|
+ def role
|
|
|
|
+ if role_id.nil?
|
|
|
|
+ UserRole.everyone
|
|
|
|
+ else
|
|
|
|
+ super
|
|
|
|
+ end
|
|
|
|
+ end
|
|
|
|
|
|
def confirmed?
|
|
def confirmed?
|
|
confirmed_at.present?
|
|
confirmed_at.present?
|
|
@@ -441,6 +464,11 @@ class User < ApplicationRecord
|
|
self.chosen_languages = nil if chosen_languages.empty?
|
|
self.chosen_languages = nil if chosen_languages.empty?
|
|
end
|
|
end
|
|
|
|
|
|
|
|
+ def sanitize_role
|
|
|
|
+ return if role.nil?
|
|
|
|
+ self.role = nil if role.everyone?
|
|
|
|
+ end
|
|
|
|
+
|
|
def prepare_new_user!
|
|
def prepare_new_user!
|
|
BootstrapTimelineWorker.perform_async(account_id)
|
|
BootstrapTimelineWorker.perform_async(account_id)
|
|
ActivityTracker.increment('activity:accounts:local')
|
|
ActivityTracker.increment('activity:accounts:local')
|
|
@@ -453,7 +481,7 @@ class User < ApplicationRecord
|
|
end
|
|
end
|
|
|
|
|
|
def notify_staff_about_pending_account!
|
|
def notify_staff_about_pending_account!
|
|
- User.staff.includes(:account).find_each do |u|
|
|
|
|
|
|
+ User.those_who_can(:manage_users).includes(:account).find_each do |u|
|
|
next unless u.allows_pending_account_emails?
|
|
next unless u.allows_pending_account_emails?
|
|
AdminMailer.new_pending_account(u.account, self).deliver_later
|
|
AdminMailer.new_pending_account(u.account, self).deliver_later
|
|
end
|
|
end
|
|
@@ -471,6 +499,10 @@ class User < ApplicationRecord
|
|
email_changed? && !external? && !(Rails.env.test? || Rails.env.development?)
|
|
email_changed? && !external? && !(Rails.env.test? || Rails.env.development?)
|
|
end
|
|
end
|
|
|
|
|
|
|
|
+ def validate_role_elevation
|
|
|
|
+ errors.add(:role_id, :elevated) if defined?(@current_account) && role&.overrides?(@current_account&.user_role)
|
|
|
|
+ end
|
|
|
|
+
|
|
def invite_text_required?
|
|
def invite_text_required?
|
|
Setting.require_invite_text && !invited? && !external? && !bypass_invite_request_check?
|
|
Setting.require_invite_text && !invited? && !external? && !bypass_invite_request_check?
|
|
end
|
|
end
|