-
Notifications
You must be signed in to change notification settings - Fork 2
/
user.rb
107 lines (95 loc) · 4.7 KB
/
user.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
require 'digest/sha1'
class User < ActiveRecord::Base
include Authentication
include Authentication::ByPassword
include Authentication::ByCookieToken
include Authorization::AasmRoles
# associations
has_many :questions, :dependent => :destroy
has_many :items, :dependent => :destroy
has_many :voters, :dependent => :destroy
has_many :prompts, :through => :questions, :dependent => :destroy
validates_length_of :login, :within => 3..100
validates_uniqueness_of :login
validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message
validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
validates_length_of :name, :maximum => 100
validates_presence_of :email
validates_length_of :email, :within => 6..100 #r@a.wk
validates_uniqueness_of :email
validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message
# HACK HACK HACK -- how to do attr_accessible from here?
# prevents a user from submitting a crafted form that bypasses activation
# anything else you want your user to change should be added here.
attr_accessible :login, :email, :name, :password, :password_confirmation
# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
#
# uff. this is really an authorization, not authentication routine.
# We really need a Dispatch Chain here or something.
# This will also let us return a human error message.
#
def self.authenticate(email_login, password)
return nil if email_login.blank? || password.blank?
# need to get the salt, for legacy support check login before email
u = find_in_state(:first, :active, :conditions => { :login => email_login }) ||
find_in_state(:first, :admin, :conditions => { :login => email_login }) ||
find_in_state(:first, :active, :conditions => { :email => email_login }) ||
find_in_state(:first, :admin, :conditions => { :email => email_login })
u && u.authenticated?(password) ? u : nil
end
def login=(value)
write_attribute :login, (value ? value.downcase : nil)
end
def email=(value)
write_attribute :email, (value ? value.downcase : nil)
end
# Delete all the user's items and their connections to stats, votes, prompts.
# Delete all stats, items_questions, prompt_requests, and prompts for the
# user's questions.
def destroy_items
item_ids_str = item_ids.join(',')
prompt_ids_str = prompt_ids.join(',')
question_ids_str = question_ids.join(',')
Vote.delete_all("prompt_id IN (#{prompt_ids_str})") unless prompt_ids_str.empty?
unless item_ids_str.empty?
ActiveRecord::Base.connection.execute("DELETE FROM items_stats WHERE item_id IN (#{item_ids_str})")
ActiveRecord::Base.connection.execute("DELETE FROM items_votes WHERE item_id IN (#{item_ids_str})")
ActiveRecord::Base.connection.execute("DELETE FROM items_prompts WHERE item_id IN (#{item_ids_str})")
end
Item.delete_all("user_id=#{id}")
unless question_ids_str.empty?
Stat.delete_all("question_id IN (#{question_ids_str})")
ItemsQuestion.delete_all("question_id IN (#{question_ids_str})")
PromptRequest.delete_all("question_id IN (#{question_ids_str})")
Prompt.delete_all("question_id IN (#{question_ids_str})")
end
end
# Delete all data connected to the user.
def destroy_data
item_ids_str = item_ids.join(',')
prompt_ids_str = prompt_ids.join(',')
question_ids_str = question_ids.join(',')
voter_ids_str = voter_ids.join(',')
Vote.delete_all("prompt_id IN (#{prompt_ids_str})") unless prompt_ids_str.empty?
unless item_ids_str.empty?
ActiveRecord::Base.connection.execute("DELETE FROM items_stats WHERE item_id IN (#{item_ids_str})")
ActiveRecord::Base.connection.execute("DELETE FROM items_votes WHERE item_id IN (#{item_ids_str})")
ActiveRecord::Base.connection.execute("DELETE FROM items_prompts WHERE item_id IN (#{item_ids_str})")
end
Item.delete_all("user_id=#{id}")
unless question_ids_str.empty?
Stat.delete_all("question_id IN (#{question_ids_str})")
ItemsQuestion.delete_all("question_id IN (#{question_ids_str})")
PromptRequest.delete_all("question_id IN (#{question_ids_str})")
Prompt.delete_all("question_id IN (#{question_ids_str})")
end
Question.delete_all("user_id=#{id}")
Feature.delete_all("voter_id IN (#{voter_ids_str})") unless voter_ids_str.empty?
Voter.delete_all("user_id=#{id}")
end
protected
def make_activation_code
self.deleted_at = nil
self.activation_code = self.class.make_token
end
end