From 09ac92747bfbda80a54e44b22576d29d9dfc63c3 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@cepheide.org>
Date: Tue, 6 Oct 2020 00:26:44 +0200
Subject: Extract Role check to a background job

When using SSO, the Discourse sends a list of the user groups.
We take the opportunity to update Agency information for the user.
This is performed as a background job, as it involves networked
requests to the Discourse, e.g., to verify group ownership...
---
 app/jobs/agency_watcher_job.rb | 54 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 app/jobs/agency_watcher_job.rb

(limited to 'app/jobs')

diff --git a/app/jobs/agency_watcher_job.rb b/app/jobs/agency_watcher_job.rb
new file mode 100644
index 0000000..5cc0256
--- /dev/null
+++ b/app/jobs/agency_watcher_job.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# = AgencyWatcherJob
+#
+# This job performs checks on existing records for the given user and group
+# names and updates Agencies accordingly.
+#
+# @param user (User) currently logged in user
+# @param groups (Array) a list of group names
+#
+class AgencyWatcherJob < ApplicationJob
+  queue_as :default
+
+  def perform(user, groups)
+    # Check groups against user agents
+    existing_agents = Agent.where(name: groups)
+    existing_agent_names = existing_agents.map(&:name)
+
+    groups.each do |g|
+      # Only work with existing agents
+      next unless existing_agent_names.include?(g)
+
+      a = existing_agents.select { |a| a.name = g }.first
+
+      Rails.logger.debug("AgencyWatcher checking roles for %s in %s" % [user.username, g])
+      # Check if user is a group owner
+      r = a.agencies.find_or_create_by(user: user)
+      if !r.leader? && is_group_owner?(g, user.username)
+        Rails.logger.debug("AgencyWatcher: grant leader to %s in %s" % [user.username, g])
+        # Grant leader
+        r.grant(:leader)
+      elsif r.roles == 0
+        # No role: grant editor
+        Rails.logger.debug("AgencyWatcher: grant editor to %s in %s" % [user.username, g])
+        r.grant(:observer)
+      else
+        # No change
+        Rails.logger.debug("AgencyWatcher: %s's roles in %s are %s" % [user.username, g, r.bitfield_values(:roles)])
+      end
+    end
+  end
+
+  private
+
+  # Connect to Discourse and check whether current user is a group owner
+  def is_group_owner?(group, username)
+    c = ::DiscourseApi::Client.new('https://talk.incommon.cc')
+    c.api_key = Rails.application.credentials.talk_api_key
+    c.api_username = username
+
+    group = c.group(group)
+    group['group']['is_group_owner'] == true
+  end
+end
-- 
cgit v1.2.3