consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
088837720abf4a4d5ddb73fd1f28d12357dce38d
nairobi/app/models/user.rb
Javi Martín 6d30e2d34e Don't display public activity by default when requiring consent 
Just as we mentioned in the previous commit, there are places where we
aren't sure whether explicit consent is strictly required. So, when the
"require consent" setting is enabled, we're taking the safe approach.
This means that, in this case, we're only displaying a user's activity
if they've given explicit consent.
2025-10-09 10:56:21 +02:00

464 lines
14 KiB
Ruby
Raw Blame History

class User < ApplicationRecord
include Verification
attribute :registering_from_web, default: false
%i[newsletter email_digest email_on_direct_message public_activity recommended_debates
recommended_proposals].each do |field|
attribute field, :boolean, default: -> { !Setting["feature.gdpr.require_consent_for_notifications"] }
end
devise :database_authenticatable, :registerable, :confirmable, :recoverable, :rememberable,
:trackable, :validatable, :omniauthable, :password_expirable, :secure_validatable,
authentication_keys: [:login]
devise :lockable if Rails.application.config.devise_lockable
acts_as_voter
acts_as_paranoid column: :hidden_at
include ActsAsParanoidAliases
include Graphqlable
has_one :administrator
has_one :moderator
has_one :valuator
has_one :manager
has_one :sdg_manager, class_name: "SDG::Manager", dependent: :destroy
has_one :poll_officer, class_name: "Poll::Officer"
has_one :organization
has_one :lock
has_many :flags
has_many :identities, dependent: :destroy
has_many :debates, -> { with_hidden }, foreign_key: :author_id, inverse_of: :author
has_many :proposals, -> { with_hidden }, foreign_key: :author_id, inverse_of: :author
has_many :activities
has_many :budget_investments, -> { with_hidden },
class_name: "Budget::Investment",
foreign_key: :author_id,
inverse_of: :author
has_many :comments, -> { with_hidden }, inverse_of: :user
has_many :failed_census_calls
has_many :notifications
has_many :direct_messages_sent,
class_name: "DirectMessage",
foreign_key: :sender_id,
inverse_of: :sender
has_many :direct_messages_received,
class_name: "DirectMessage",
foreign_key: :receiver_id,
inverse_of: :receiver
has_many :legislation_answers, class_name: "Legislation::Answer", dependent: :destroy, inverse_of: :user
has_many :follows
has_many :legislation_annotations,
class_name: "Legislation::Annotation",
foreign_key: :author_id,
inverse_of: :author
has_many :legislation_proposals,
class_name: "Legislation::Proposal",
foreign_key: :author_id,
inverse_of: :author
has_many :legislation_questions,
class_name: "Legislation::Question",
foreign_key: :author_id,
inverse_of: :author
has_many :polls, foreign_key: :author_id, inverse_of: :author
has_many :poll_answers,
class_name: "Poll::Answer",
foreign_key: :author_id,
inverse_of: :author
has_many :poll_partial_results,
class_name: "Poll::PartialResult",
foreign_key: :author_id,
inverse_of: :author
has_many :poll_questions,
class_name: "Poll::Question",
foreign_key: :author_id,
inverse_of: :author
has_many :poll_recounts,
class_name: "Poll::Recount",
foreign_key: :author_id,
inverse_of: :author
has_many :related_contents, foreign_key: :author_id, inverse_of: :author, dependent: nil
has_many :topics, foreign_key: :author_id, inverse_of: :author
belongs_to :geozone
validates :username, presence: true, if: :username_required?
validates :username, uniqueness: { scope: :registering_with_oauth }, if: :username_required?
validates :document_number, uniqueness: { scope: :document_type }, allow_nil: true
validate :validate_username_length
validates :official_level, inclusion: { in: 0..5 }
validates :terms_of_service, acceptance: { allow_nil: false }, on: :create
validates_associated :organization, message: false
accepts_nested_attributes_for :organization, update_only: true
attr_accessor :skip_password_validation, :login
scope :administrators, -> { joins(:administrator) }
scope :moderators, -> { joins(:moderator) }
scope :organizations, -> { joins(:organization) }
scope :sdg_managers, -> { joins(:sdg_manager) }
scope :officials, -> { where(official_level: 1..) }
scope :male, -> { where(gender: "male") }
scope :female, -> { where(gender: "female") }
scope :newsletter, -> { where(newsletter: true) }
scope :for_render, -> { includes(:organization) }
scope :by_document, ->(document_type, document_number) do
where(document_type: document_type, document_number: document_number)
end
scope :email_digest, -> { where(email_digest: true) }
scope :erased, -> { where.not(erased_at: nil) }
scope :active, -> { excluding(erased) }
scope :public_for_api, -> { all }
scope :by_authors, ->(author_ids) { where(id: author_ids) }
scope :by_comments, ->(commentables) do
joins(:comments).where("comments.commentable": commentables).distinct
end
scope :by_username_email_or_document_number, ->(search_string) do
search = "%#{search_string.strip}%"
where("username ILIKE ? OR email ILIKE ? OR document_number ILIKE ?", search, search, search)
end
scope :between_ages, ->(from, to, at_time: Time.current) do
start_date = at_time - (to + 1).years + 1.day
end_date = at_time - from.years
where(date_of_birth: start_date.beginning_of_day..end_date.end_of_day)
end
before_validation :clean_document_number
# Get the existing user by email if the provider gives us a verified email.
def self.first_or_initialize_for_oauth(auth)
oauth_email = auth.info.email
oauth_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified
oauth_email_confirmed = oauth_email.present? && oauth_verified
oauth_user = User.find_by(email: oauth_email) if oauth_email_confirmed
oauth_user || User.new(
username: auth.info.name || auth.uid,
email: oauth_email,
oauth_email: oauth_email,
password: Devise.friendly_token[0, 20],
terms_of_service: "1",
confirmed_at: oauth_email_confirmed ? DateTime.current : nil
)
end
def name
organization? ? organization.name : username
end
def comment_flags(comments)
comment_flags = flags.for_comments(comments)
comment_flags.each_with_object({}) { |f, h| h[f.flaggable_id] = true }
end
def voted_in_group?(group)
votes.where(votable: Budget::Investment.where(group: group)).exists?
end
def headings_voted_within_group(group)
Budget::Heading.where(id: voted_investments.by_group(group).pluck(:heading_id))
end
def voted_investments
Budget::Investment.where(id: votes.where(votable: Budget::Investment.all).pluck(:votable_id))
end
def administrator?
administrator.present?
end
def moderator?
moderator.present?
end
def valuator?
valuator.present?
end
def manager?
manager.present?
end
def sdg_manager?
sdg_manager.present?
end
def poll_officer?
poll_officer.present?
end
def organization?
organization.present?
end
def verified_organization?
organization&.verified?
end
def official?
official_level && official_level > 0
end
def add_official_position!(position, level)
return if position.blank? || level.blank?
update! official_position: position, official_level: level.to_i
end
def remove_official_position!
update! official_position: nil, official_level: 0
end
def has_official_email?
domain = Setting["email_domain_for_officials"]
email.present? && ((email.end_with? "@#{domain}") || (email.end_with? ".#{domain}"))
end
def display_official_position_badge?
return true if official_level > 1
official_position_badge? && official_level == 1
end
def block
hide
Debate.hide_all debate_ids
Comment.hide_all comment_ids
Legislation::Proposal.hide_all legislation_proposal_ids
Proposal.hide_all proposal_ids
Budget::Investment.hide_all budget_investment_ids
ProposalNotification.hide_all ProposalNotification.where(author_id: id).ids
remove_roles
end
def full_restore
ActiveRecord::Base.transaction do
Debate.restore_all debates.where(hidden_at: hidden_at..)
Comment.restore_all comments.where(hidden_at: hidden_at..)
Legislation::Proposal.restore_all legislation_proposals.only_hidden.where(hidden_at: hidden_at..)
Proposal.restore_all proposals.where(hidden_at: hidden_at..)
Budget::Investment.restore_all budget_investments.where(hidden_at: hidden_at..)
ProposalNotification.restore_all(
ProposalNotification.only_hidden.where(hidden_at: hidden_at..).where(author_id: id)
)
restore
end
end
def erase(erase_reason = nil)
update!(
erased_at: Time.current,
erase_reason: erase_reason,
username: nil,
email: nil,
unconfirmed_email: nil,
phone_number: nil,
encrypted_password: "",
confirmation_token: nil,
reset_password_token: nil,
email_verification_token: nil,
confirmed_phone: nil,
unconfirmed_phone: nil
)
identities.destroy_all
remove_roles
end
def erased?
erased_at.present?
end
def remove_roles
administrator&.destroy!
valuator&.destroy!
moderator&.destroy!
manager&.destroy!
sdg_manager&.destroy!
end
def take_votes_if_erased_document(document_number, document_type)
erased_user = User.erased.find_by(document_number: document_number,
document_type: document_type)
if erased_user.present?
take_votes_from(erased_user)
erased_user.update!(document_number: nil, document_type: nil)
end
end
def take_votes_from(other_user)
return if other_user.blank?
Poll::Voter.where(user_id: other_user.id).find_each do |poll_voter|
transaction(requires_new: true) { poll_voter.update_column(:user_id, id) }
rescue ActiveRecord::RecordNotUnique
poll_voter.delete
end
Budget::Ballot.where(user_id: other_user.id).update_all(user_id: id)
Vote.where("voter_id = ? AND voter_type = ?", other_user.id, "User").update_all(voter_id: id)
data_log = "id: #{other_user.id} - #{Time.current.strftime("%Y-%m-%d %H:%M:%S")}"
update!(former_users_data_log: "#{former_users_data_log} | #{data_log}")
end
def locked?
Lock.find_or_create_by!(user: self).locked?
end
def self.search(term)
return none if term.blank?
search = term.strip
where("email = ? OR username ILIKE ?", search, "%#{search}%")
end
def self.username_max_length
@username_max_length ||= columns.find { |c| c.name == "username" }.limit || 60
end
def self.minimum_required_age
(Setting["min_age_to_participate"] || 16).to_i
end
def show_welcome_screen?
verification = Setting["feature.user.skip_verification"].present? || unverified?
sign_in_count == 1 && verification && !organization && !administrator?
end
def password_required?
return false if skip_password_validation
super
end
def username_required?
!organization? && !erased?
end
def email_required?
!erased? && (unverified? || registering_from_web)
end
def locale
self[:locale] || Setting.default_locale.to_s
end
def confirmation_required?
super && !registering_with_oauth
end
def send_oauth_confirmation_instructions
if oauth_email != email || confirmed_at.nil?
update(confirmed_at: nil)
send_confirmation_instructions
end
update(oauth_email: nil) if oauth_email.present?
end
def name_and_email
"#{name} (#{email})"
end
def age
Age.in_years(date_of_birth)
end
def save_requiring_finish_signup
begin
self.registering_with_oauth = true
save!(validate: false)
# Devise puts unique constraints for the email the db, so we must detect & handle that
rescue ActiveRecord::RecordNotUnique
self.email = nil
save!(validate: false)
end
true
end
def ability
@ability ||= Ability.new(self)
end
delegate :can?, :cannot?, to: :ability
def public_proposals
public_activity? ? proposals : proposals.none
end
def public_debates
public_activity? ? debates : debates.none
end
def public_comments
public_activity? ? comments : comments.none
end
# overwritting of Devise method to allow login using email OR username
def self.find_for_database_authentication(warden_conditions)
conditions = warden_conditions.dup
login = conditions.delete(:login)
where(conditions.to_hash).find_by(["lower(email) = ?", login.downcase]) ||
where(conditions.to_hash).find_by(["username = ?", login])
end
def self.find_by_manager_login(manager_login)
find_by(id: manager_login.split("_").last)
end
def interests
followables = follows.map(&:followable)
followables.compact.map { |followable| followable.tags.map(&:name) }.flatten.compact.uniq
end
def send_devise_notification(notification, *)
devise_mailer.send(notification, self, *).deliver_later
end
def add_subscriptions_token
update!(subscriptions_token: SecureRandom.base58(32)) if subscriptions_token.blank?
end
def self.password_complexity
if Tenant.current_secrets.dig(:security, :password_complexity)
{ digit: 1, lower: 1, symbol: 0, upper: 1 }
else
{ digit: 0, lower: 0, symbol: 0, upper: 0 }
end
end
def self.maximum_attempts
(Tenant.current_secrets.dig(:security, :lockable, :maximum_attempts) || 20).to_i
end
def self.unlock_in
(Tenant.current_secrets.dig(:security, :lockable, :unlock_in) || 1).to_f.hours
end
def to_param
"#{id}-#{slug}"
end
def slug
username.to_s.parameterize
end
private
def clean_document_number
return if document_number.blank?
self.document_number = document_number.gsub(/[^a-z0-9]+/i, "").upcase
end
def validate_username_length
validator = ActiveModel::Validations::LengthValidator.new(
attributes: :username,
maximum: User.username_max_length
)
validator.validate(self)
end
end
Reference in New Issue View Git Blame Copy Permalink