53 lines
1.5 KiB
Ruby
53 lines
1.5 KiB
Ruby
class User < ApplicationRecord
|
|
include AccessControlValidations
|
|
rolify
|
|
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
|
|
has_many :access_periods, dependent: :destroy
|
|
accepts_nested_attributes_for :access_periods, allow_destroy: true
|
|
after_create :assign_default_role
|
|
before_update :handle_access_revocation
|
|
|
|
validate :password_complexity
|
|
|
|
# Callback to update the admin attribute based on Rolify role
|
|
before_save :update_admin_attribute
|
|
|
|
# Override Devise method to consider access_revoked
|
|
def active_for_authentication?
|
|
super && !access_revoked && allowed_to_login?
|
|
end
|
|
|
|
def admin?
|
|
has_role?(:admin)
|
|
end
|
|
|
|
private
|
|
|
|
def assign_default_role
|
|
self.add_role(:user) unless self.has_any_role?
|
|
end
|
|
|
|
def password_complexity
|
|
return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
|
|
errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
|
|
end
|
|
|
|
def update_admin_attribute
|
|
self.admin = has_role?(:admin)
|
|
end
|
|
|
|
def allowed_to_login?
|
|
# Assuming 'suspended' is a role that should not log in
|
|
!has_role?(:suspended)
|
|
end
|
|
|
|
def handle_access_revocation
|
|
if access_revoked_changed? && access_revoked
|
|
access_periods.find_or_initialize_by(end_date: nil).update(end_date: Date.today)
|
|
elsif access_revoked_changed? && !access_revoked
|
|
access_periods.create(start_date: Date.today)
|
|
end
|
|
end
|
|
|
|
end
|