1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
class User < ActiveRecord::Base
hobo_user_model # Don't put anything above this
fields do
name :string, :required, :unique
email_address :email_address, :login => true
role Role, :default => 'user', :limit => 20
timestamps
end
has_many :votes, :foreign_key => 'owner_id',
:dependent => :destroy, :order => 'created_at DESC'
# This gives admin rights to the first sign-up.
# Just remove it if you don't want that
before_create do |user|
if !Rails.env.test? && count == 0
user.role = :admin
else
user.role = :user
end
end
# --- Signup lifecycle --- #
lifecycle do
state :active, :default => true
create :signup, :available_to => "Guest",
:params => [:name, :email_address, :password, :password_confirmation, :role],
:become => :active
transition :request_password_reset, { :active => :active }, :new_key => true do
UserMailer.deliver_forgot_password(self, lifecycle.key)
end
transition :reset_password, { :active => :active }, :available_to => :key_holder,
:params => [ :password, :password_confirmation ]
end
# --- Permissions --- #
def create_permitted?
false
end
def update_permitted?
acting_user.administrator? ||
(acting_user == self && only_changed?(:email_address, :crypted_password,
:current_password, :password, :password_confirmation))
# Note: crypted_password has attr_protected so although it is permitted to change, it cannot be changed
# directly from a form submission.
end
def destroy_permitted?
acting_user.administrator?
end
def view_permitted?(field)
true
end
def administrator?
role.to_sym == :admin
end
end
|
GitWeb
