diff options
author | hellekin <hellekin@cepheide.org> | 2021-02-02 23:13:58 +0100 |
---|---|---|
committer | hellekin <hellekin@cepheide.org> | 2021-02-02 23:13:58 +0100 |
commit | b5739232a535f89b48b54ee52ea7d9bb59f8a46f (patch) | |
tree | 189ce7ebf48371b29def0fddc7c2e41e7cfa38bd | |
parent | 8e404c4f3cf7880681b6f4cdf3c378e084ad54d2 (diff) | |
download | incommon-map-b5739232a535f89b48b54ee52ea7d9bb59f8a46f.tar.gz |
Introduce an Anonymous Agent
Since we moved away from Roles it's important to maintain a
default Agent that is distinct from the previous default
IN COMMON Agent.
Previously, a user without a proper group would be granted the
`observer` role in the default Agent, enough to create new
resources.
Now, we consider anonymous users to be part of the Anonymous
Agent, which also brings the possibility for them to edit yet
to be accepted Resources.
-rw-r--r-- | app/controllers/application_controller.rb | 6 | ||||
-rw-r--r-- | app/helpers/agents_helper.rb | 20 | ||||
-rw-r--r-- | app/jobs/agency_watcher_job.rb | 60 | ||||
-rw-r--r-- | db/seeds.rb | 3 |
4 files changed, 27 insertions, 62 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5299f54..1eff1a9 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,14 +10,18 @@ class ApplicationController < ActionController::Base protected include ApplicationHelper + include AgentsHelper + # Set current agent globally def current_agent - @current_agent = Agent.find_by(name: session[:current_agent] || current_user.presence&.agents&.first&.name || 'incommon') + @current_agent = Agent.find_by(name: current_agent_name) end helper_method :current_agent + # Set current user globally def current_user @current_user ||= User.find_by(external_id: session[:current_user]) if session[:current_user].present? end helper_method :current_user + end diff --git a/app/helpers/agents_helper.rb b/app/helpers/agents_helper.rb index bbaeeca..3ecfd73 100644 --- a/app/helpers/agents_helper.rb +++ b/app/helpers/agents_helper.rb @@ -3,4 +3,24 @@ # SPDX-License-Identifier: AGPL-3.0-or-later module AgentsHelper + DEFAULT_AGENT_UUID = "154cd5a4-3341-4c5f-8dd3-805c976c2a26".freeze + DEFAULT_AGENT_NAME = 'Anonymous'.freeze + + protected + + # Return the name of the current agent from context + def current_agent_name + session[:current_agent] || current_user.presence&.agents&.first&.name || default_agent_name + end + + # Default Agent for users coming from unknown sources + # This agent uses a different database for writing resources + def default_agent + @default_agent ||= Agent.find_by(uuid: DEFAULT_AGENT_UUID) # Anonymous + end + + # Return the name of the default + def default_agent_name + DEFAULT_AGENT_NAME + end end diff --git a/app/jobs/agency_watcher_job.rb b/app/jobs/agency_watcher_job.rb deleted file mode 100644 index 23266e8..0000000 --- a/app/jobs/agency_watcher_job.rb +++ /dev/null @@ -1,60 +0,0 @@ -# SPDX-FileCopyrightText: 2020 IN COMMON Collective <collective@incommon.cc> -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -# frozen_string_literal: true - -# = AgencyWatcherJob -# -# This job performs checks on existing records for the given user and group -# names and updates Agencies accordingly. -# -# @param user (User) currently logged in user -# @param groups (Array) a list of group names -# -class AgencyWatcherJob < ApplicationJob - queue_as :default - - def perform(user, groups) - # Check groups against user agents - existing_agents = Agent.where(name: groups) - existing_agent_names = existing_agents.map(&:name) - - groups.each do |g| - # Only work with existing agents - next unless existing_agent_names.include?(g) - - a = existing_agents.select { |a| a.name = g }.first - - Rails.logger.debug("AgencyWatcher checking roles for %s in %s" % [user.username, g]) - # Check if user is a group owner - r = a.agencies.find_or_create_by(user: user) - if !r.leader? && is_group_owner?(g, user.username) - Rails.logger.debug("AgencyWatcher: grant leader to %s in %s" % [user.username, g]) - # Grant leader - r.grant(:leader) - # Grant maintainer - r.grant(:maintainer) - elsif r.roles == 0 - # No role: grant editor - Rails.logger.debug("AgencyWatcher: grant editor to %s in %s" % [user.username, g]) - r.grant(:observer) - else - # No change - Rails.logger.debug("AgencyWatcher: %s's roles in %s are %s" % [user.username, g, r.bitfield_values(:roles)]) - end - end - end - - private - - # Connect to Discourse and check whether current user is a group owner - def is_group_owner?(group, username) - c = ::DiscourseApi::Client.new('https://talk.incommon.cc') - c.api_key = Rails.application.credentials.talk_api_key - c.api_username = username - - group = c.group(group) - group['group']['is_group_owner'] == true - end -end diff --git a/db/seeds.rb b/db/seeds.rb index 60cebe2..76773e9 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -11,7 +11,8 @@ 'Dewey': '6347f151-6782-437c-8bae-55730672a76f', 'PS': '3211da93-69fb-4d9b-825c-6ab51784fd18', 'incommon': '262ea4f5-186d-483b-8414-025f23b65eb4', - 'ConcertES': '066e5968-03c3-4c15-bd5b-f73a10b5e9f1' + 'ConcertES': '066e5968-03c3-4c15-bd5b-f73a10b5e9f1', + 'Anonymous': '154cd5a4-3341-4c5f-8dd3-805c976c2a26' }.each do |agent_name, uuid| Agent.find_or_create_by(name: agent_name, uuid: uuid) end |