Class: User

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• User

Defined in:

app/models/user.rb

Direct Known Subclasses

ReadOnlyUser

Constant Summary

USER_REGISTRATION_LIST =

Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")

Instance Attribute Summary

• #mediaflux_session ⇒ Object

  Returns the value of attribute mediaflux_session.

Class Method Summary

• .from_cas(access_token) ⇒ Object
• .manager_users ⇒ Object

  Users that can be data managers.

• .mediaflux_roles(user:) ⇒ Object

  Returns the roles in Mediaflux for the user in the session.

• .serialize_from_session(key, _salt, _opts = {}) ⇒ Object
• .serialize_into_session(record) ⇒ Object

  Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise to calculate what information will be stored in the session and to serialize an object back from the session.

• .sponsor_users ⇒ Object

  Users that can be project sponsors.

• .update_user_roles(user:) ⇒ Object

  Updates the user’s roles (sys admin, developer) depending on the information on Mediaflux.

Instance Method Summary

• #clear_mediaflux_session(session) ⇒ Object
• #developer? ⇒ Boolean
• #display_name_only_safe ⇒ String

  Return the display name only (no uid) if it exists, otherwise return the uid.

• #display_name_safe ⇒ String

  Return the display name and uid if it exists, otherwise return the uid.

• #eligible_data_user? ⇒ Boolean

  Is this user eligible to be a data user in this environment?.

• #eligible_manager? ⇒ Boolean

  Is this user eligible to be a data manger in this environment?.

• #eligible_sponsor? ⇒ Boolean

  Is this user eligible to be a data sponsor in this environment?.

• #eligible_sysadmin? ⇒ Boolean

  Is this user eligible to be a sysadmin in this environment?.

• #eligible_to_create_new? ⇒ Boolean
• #initialize_name_values(extra_cas_info) ⇒ Object

  Initialize the name values from the CAS information.

• #latest_downloads(limit: 10) ⇒ Object

  Fetches the most recent download jobs for the user.

• #mediaflux_from_session(session) ⇒ Object
• #mediaflux_login(token, session) ⇒ Object
• #terminate_mediaflux_session ⇒ Object

Instance Attribute Details

#mediaflux_session ⇒ Object

Returns the value of attribute mediaflux_session.

# File 'app/models/user.rb', line 15

def mediaflux_session
  @mediaflux_session
end

Class Method Details

.from_cas(access_token) ⇒ Object

# File 'app/models/user.rb', line 17

def self.from_cas(access_token)
  user = User.find_by(provider: access_token.provider, uid: access_token.uid)
  if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded
    user.initialize_name_values(access_token.extra)
    user.save
  end
  user
end

.manager_users ⇒ Object

Users that can be data managers

# File 'app/models/user.rb', line 36

def self.manager_users
  if Rails.env.development? || Rails.env.staging?
    User.where(eligible_manager: true).or(User.where(developer: true))
  else
    User.where(eligible_manager: true)
  end
end

.mediaflux_roles(user:) ⇒ Object

Returns the roles in Mediaflux for the user in the session. This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.

# File 'app/models/user.rb', line 189

def self.mediaflux_roles(user:)
  raise "User.mediaflux_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

  request = Mediaflux::ActorSelfDescribeRequest.new(session_token: user.mediaflux_session)
  request.resolve
  request.roles
end

.serialize_from_session(key, _salt, _opts = {}) ⇒ Object

# File 'app/models/user.rb', line 163

def self.serialize_from_session(key, _salt, _opts = {})
  User.where(uid: key)&.first
end

.serialize_into_session(record) ⇒ Object

Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise to calculate what information will be stored in the session and to serialize an object back from the session.

By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes problems if we repopulate our User table and the IDs change. The implementation provided below uses the User.uid field (which is unique, does not change, and it’s required) as the value to store in the session to prevent this issue.

References:

https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
https://github.com/wardencommunity/warden/wiki/Setup

# File 'app/models/user.rb', line 157

def self.serialize_into_session(record)
  # The return value _must_ have at least two elements since the serialize_from_session() requires
  # two arguments (see below)
  [record.uid, ""]
end

.sponsor_users ⇒ Object

Users that can be project sponsors

# File 'app/models/user.rb', line 27

def self.sponsor_users
  if Rails.env.development? || Rails.env.staging?
    User.where(eligible_sponsor: true).or(User.where(developer: true))
  else
    User.where(eligible_sponsor: true)
  end
end

.update_user_roles(user:) ⇒ Object

Updates the user’s roles (sys admin, developer) depending on the information on Mediaflux. This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.

# File 'app/models/user.rb', line 177

def self.update_user_roles(user:)
  raise "User.update_user_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

  mediaflux_roles = mediaflux_roles(user:)
  update_developer_status(user:, mediaflux_roles:)
  update_sysadmin_status(user:, mediaflux_roles:)
rescue => ex
  Rails.logger.error("Error updating roles for user (id: #{user.id}) status, error: #{ex.message}")
end

Instance Method Details

#clear_mediaflux_session(session) ⇒ Object

# File 'app/models/user.rb', line 44

def clear_mediaflux_session(session)
  Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")
  @mediaflux_session = nil
  session[:mediaflux_session] = nil
end

#developer? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/user.rb', line 120

def developer?
  return true if developer
  super
end

#display_name_only_safe ⇒ String

Return the display name only (no uid) if it exists, otherwise return the uid

Returns:

• (String)

# File 'app/models/user.rb', line 101

def display_name_only_safe
  return uid if given_name.blank? && family_name.blank?
  [given_name, family_name].compact.join(" ")
end

#display_name_safe ⇒ String

Return the display name and uid if it exists, otherwise return the uid

Returns:

• (String)

# File 'app/models/user.rb', line 94

def display_name_safe
  return uid if given_name.blank? && family_name.blank?
  [given_name, family_name, "(#{uid})"].compact.join(" ")
end

#eligible_data_user? ⇒ Boolean

Is this user eligible to be a data user in this environment?

Returns:

• (Boolean)

# File 'app/models/user.rb', line 127

def eligible_data_user?
  return true if developer
  return true if !eligible_sponsor? && !eligible_manager
end

#eligible_manager? ⇒ Boolean

Is this user eligible to be a data manger in this environment?

Returns:

• (Boolean)

# File 'app/models/user.rb', line 115

def eligible_manager?
  return true if developer
  super
end

#eligible_sponsor? ⇒ Boolean

Is this user eligible to be a data sponsor in this environment?

Returns:

• (Boolean)

# File 'app/models/user.rb', line 108

def eligible_sponsor?
  return true if developer
  super
end

#eligible_sysadmin? ⇒ Boolean

Is this user eligible to be a sysadmin in this environment?

Returns:

• (Boolean)

# File 'app/models/user.rb', line 134

def eligible_sysadmin?
  (!Rails.env.production? && (developer || sysadmin)) || (Rails.env.production? && sysadmin)
end

#eligible_to_create_new? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/user.rb', line 138

def eligible_to_create_new?
  return true if eligible_sysadmin?

  !Rails.env.production? && (eligible_sponsor? && trainer?)
end

#initialize_name_values(extra_cas_info) ⇒ Object

Initialize the name values from the CAS information. Our name fields do not match their name fields, so we need to translate.

# File 'app/models/user.rb', line 86

def initialize_name_values(extra_cas_info)
  self.given_name = extra_cas_info.givenname
  self.family_name =  extra_cas_info.sn
  self.display_name = extra_cas_info.pudisplayname
end

#latest_downloads(limit: 10) ⇒ Object

Fetches the most recent download jobs for the user

# File 'app/models/user.rb', line 168

def latest_downloads(limit: 10)
  @latest_downloads ||= begin
                          downloads = UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)
                          downloads.map{|download| UserRequestPresenter.new(download)}
                        end
end

#mediaflux_from_session(session) ⇒ Object

# File 'app/models/user.rb', line 50

def mediaflux_from_session(session)
  logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"
  if session[:mediaflux_session].blank?
    logger.debug("!!!! Creating a new session !!! #{uid}")
    session[:mediaflux_session] = SystemUser.mediaflux_session
    session[:active_web_user] = false
  end
  @active_web_user = session[:active_web_user]
  @mediaflux_session = session[:mediaflux_session]
end

#mediaflux_login(token, session) ⇒ Object

# File 'app/models/user.rb', line 61

def mediaflux_login(token, session)
  logger.debug("mediaflux session created for #{uid}")
  logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")
  if logon_request.error?
    raise "Invalid Logon #{logon_request.response_error}"
  end
  @mediaflux_session = logon_request.session_token
  @active_web_user = true
  session[:mediaflux_session] = @mediaflux_session
  session[:active_web_user] = @active_web_user
  logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"

  User.update_user_roles(user: self)
end

#terminate_mediaflux_session ⇒ Object

# File 'app/models/user.rb', line 76

def terminate_mediaflux_session
  return if @mediaflux_session.nil? # nothing to terminate
  logger.debug "!!!! Terminating mediaflux session"

  Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body
  @mediaflux_session = nil
end