From 09ac92747bfbda80a54e44b22576d29d9dfc63c3 Mon Sep 17 00:00:00 2001 From: hellekin Date: Tue, 6 Oct 2020 00:26:44 +0200 Subject: Extract Role check to a background job When using SSO, the Discourse sends a list of the user groups. We take the opportunity to update Agency information for the user. This is performed as a background job, as it involves networked requests to the Discourse, e.g., to verify group ownership... --- app/controllers/welcome_controller.rb | 12 ++------ app/jobs/agency_watcher_job.rb | 54 +++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 9 deletions(-) create mode 100644 app/jobs/agency_watcher_job.rb diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index ae24138..0ca7af4 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -53,16 +53,10 @@ class WelcomeController < ApplicationController raise end # Update user agents - # TODO: do it as a background job, it has nothing to do here. - @sso.user_info[:groups].split(',').each do |g| - a = Agent.find_by_name(g) - if a - # TODO: call Discourse and make :leader if group owner - # TODO: do not create the record if it exists - a.agencies.create(user: u, roles: 2) # make new user an editor - Rails.logger.info('User has Agent %s' % g) - end + if @current_user.present? + AgencyWatcherJob.perform_later(@current_user, @sso.user_info[:groups].split(',')) end + # Save User ID in session session[:current_user] = @current_user[:external_id] end diff --git a/app/jobs/agency_watcher_job.rb b/app/jobs/agency_watcher_job.rb new file mode 100644 index 0000000..5cc0256 --- /dev/null +++ b/app/jobs/agency_watcher_job.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +# = AgencyWatcherJob +# +# This job performs checks on existing records for the given user and group +# names and updates Agencies accordingly. +# +# @param user (User) currently logged in user +# @param groups (Array) a list of group names +# +class AgencyWatcherJob < ApplicationJob + queue_as :default + + def perform(user, groups) + # Check groups against user agents + existing_agents = Agent.where(name: groups) + existing_agent_names = existing_agents.map(&:name) + + groups.each do |g| + # Only work with existing agents + next unless existing_agent_names.include?(g) + + a = existing_agents.select { |a| a.name = g }.first + + Rails.logger.debug("AgencyWatcher checking roles for %s in %s" % [user.username, g]) + # Check if user is a group owner + r = a.agencies.find_or_create_by(user: user) + if !r.leader? && is_group_owner?(g, user.username) + Rails.logger.debug("AgencyWatcher: grant leader to %s in %s" % [user.username, g]) + # Grant leader + r.grant(:leader) + elsif r.roles == 0 + # No role: grant editor + Rails.logger.debug("AgencyWatcher: grant editor to %s in %s" % [user.username, g]) + r.grant(:observer) + else + # No change + Rails.logger.debug("AgencyWatcher: %s's roles in %s are %s" % [user.username, g, r.bitfield_values(:roles)]) + end + end + end + + private + + # Connect to Discourse and check whether current user is a group owner + def is_group_owner?(group, username) + c = ::DiscourseApi::Client.new('https://talk.incommon.cc') + c.api_key = Rails.application.credentials.talk_api_key + c.api_username = username + + group = c.group(group) + group['group']['is_group_owner'] == true + end +end -- cgit v1.2.3