1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
class User < ActiveRecord::Base
hobo_devise_user_model :auth_methods => [:database_authenticable]
fields do
name :string, :required, :unique
irc_nick :string, :required, :unique
email :email_address, :login => true
administrator :boolean, :default => false
council_member :boolean, :default => false, :null => false
timestamps
end
# --- Signup lifecycle --- #
lifecycle do
state :active, :default => true
create :signup, :available_to => "Guest",
:params => [:name, :email, :irc_nick, :password, :password_confirmation],
:become => :active
transition :request_password_reset, { :active => :active }, :new_key => true do
UserMailer.forgot_password(self, lifecycle.key).deliver
end
transition :reset_password, { :active => :active }, :available_to => :key_holder,
:params => [ :password, :password_confirmation ]
end
# --- Permissions --- #
def create_permitted?
false
end
def update_permitted?
acting_user.administrator? ||
(acting_user == self && only_changed?(:email, :crypted_password,
:current_password, :password, :password_confirmation))
# Note: crypted_password has attr_protected so although it is permitted to change, it cannot be changed
# directly from a form submission.
end
def destroy_permitted?
acting_user.administrator?
end
def view_permitted?(field)
true
end
end
|