diff options
author | elijah <elijah@riseup.net> | 2016-01-31 14:43:19 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-01-31 15:10:10 -0800 |
commit | e7e16318d056dbd9ec272085487cce6039627b09 (patch) | |
tree | 6ff86c1ae638da1ad620924037ccd41f9418b4b8 /app/models | |
parent | 16fb1c2bf33ca418a6db06217e286964077a730f (diff) |
remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/account.rb | 11 | ||||
-rw-r--r-- | app/models/anonymous_user.rb | 5 | ||||
-rw-r--r-- | app/models/identity.rb | 18 |
3 files changed, 33 insertions, 1 deletions
diff --git a/app/models/account.rb b/app/models/account.rb index a5cd833..46e5446 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -69,6 +69,17 @@ class Account @user.destroy end + # when a user is disable, all their data and associations remain + # in place, but the user should not be able to send email or + # create new authentication certificates. + def disable + if @user && !@user.tmp? + @user.enabled = false + @user.save + Identity.remove_cert_fingerprints_for(@user) + end + end + protected def update_login(login) diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb index 73e95e5..5745316 100644 --- a/app/models/anonymous_user.rb +++ b/app/models/anonymous_user.rb @@ -12,7 +12,7 @@ class AnonymousUser < Object def id nil end - + def has_payment_info? false end @@ -37,4 +37,7 @@ class AnonymousUser < Object true end + def enabled? + false + end end diff --git a/app/models/identity.rb b/app/models/identity.rb index 9dc9c7a..e4162c8 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -1,3 +1,11 @@ +# +# NOTE: there is some confusing terminology between User and Identity: +# If a user is disabled, the user still exists but has been marked as disabled +# and this condition can be easily reversed. If an identity is disabled, then +# it loses any association with the user and exists only to reserve that username +# and prevent anyone else from registering it. +# + class Identity < CouchRest::Model::Base include LoginFormatValidation @@ -59,6 +67,16 @@ class Identity < CouchRest::Model::Base end end + # if an identity is disabled, it loses contact + # with its former user. but sometimes we want to keep the association + # and remove the fingerprints that allow the user to send email. + def self.remove_cert_fingerprints_for(user) + Identity.by_user_id.key(user.id).each do |identity| + identity.write_attribute(:cert_fingerprints, {}) + identity.save + end + end + def self.destroy_all_for(user) Identity.by_user_id.key(user.id).each do |identity| identity.destroy |