remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690

author: elijah <elijah@riseup.net> 2016-01-31 14:43:19 -0800
committer: elijah <elijah@riseup.net> 2016-01-31 15:10:10 -0800
commit: e7e16318d056dbd9ec272085487cce6039627b09 (patch)
tree: 6ff86c1ae638da1ad620924037ccd41f9418b4b8 /app/models/identity.rb
parent: 16fb1c2bf33ca418a6db06217e286964077a730f (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/app/models/identity.rb b/app/models/identity.rb
index 9dc9c7a..e4162c8 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -1,3 +1,11 @@
+#
+# NOTE: there is some confusing terminology between User and Identity:
+# If a user is disabled, the user still exists but has been marked as disabled
+# and this condition can be easily reversed. If an identity is disabled, then
+# it loses any association with the user and exists only to reserve that username
+# and prevent anyone else from registering it.
+#
+
 class Identity < CouchRest::Model::Base
   include LoginFormatValidation
 
@@ -59,6 +67,16 @@ class Identity < CouchRest::Model::Base
     end
   end
 
+  # if an identity is disabled, it loses contact
+  # with its former user. but sometimes we want to keep the association
+  # and remove the fingerprints that allow the user to send email.
+  def self.remove_cert_fingerprints_for(user)
+    Identity.by_user_id.key(user.id).each do |identity|
+      identity.write_attribute(:cert_fingerprints, {})
+      identity.save
+    end
+  end
+
   def self.destroy_all_for(user)
     Identity.by_user_id.key(user.id).each do |identity|
       identity.destroy
author	elijah <elijah@riseup.net>	2016-01-31 14:43:19 -0800
committer	elijah <elijah@riseup.net>	2016-01-31 15:10:10 -0800
commit	e7e16318d056dbd9ec272085487cce6039627b09 (patch)
tree	6ff86c1ae638da1ad620924037ccd41f9418b4b8 /app/models/identity.rb
parent	16fb1c2bf33ca418a6db06217e286964077a730f (diff)