43 lines
1.6 KiB
Ruby
43 lines
1.6 KiB
Ruby
class Admin < ApplicationRecord
|
|
VALID_ROLES = %w[superadmin board board_assistants_team communications development_and_membership docs elections legal translation tag_wrangling support policy_and_abuse open_doors].freeze
|
|
|
|
serialize :roles, type: Array, coder: YAML, yaml: { permitted_classes: [String] }
|
|
|
|
devise :database_authenticatable,
|
|
:lockable,
|
|
:recoverable,
|
|
:validatable,
|
|
password_length: ArchiveConfig.ADMIN_PASSWORD_LENGTH_MIN..ArchiveConfig.ADMIN_PASSWORD_LENGTH_MAX,
|
|
reset_password_within: ArchiveConfig.DAYS_UNTIL_ADMIN_RESET_PASSWORD_LINK_EXPIRES.days,
|
|
lock_strategy: :none,
|
|
unlock_strategy: :none
|
|
devise :pwned_password unless Rails.env.test?
|
|
|
|
include BackwardsCompatiblePasswordDecryptor
|
|
|
|
has_many :log_items
|
|
has_many :invitations, as: :creator
|
|
has_many :wrangled_tags, class_name: 'Tag', as: :last_wrangler
|
|
|
|
validates :login,
|
|
presence: true,
|
|
uniqueness: true,
|
|
length: { in: ArchiveConfig.LOGIN_LENGTH_MIN..ArchiveConfig.LOGIN_LENGTH_MAX }
|
|
validates_presence_of :password_confirmation, if: :new_record?
|
|
validates_confirmation_of :password, if: :new_record?
|
|
|
|
validate :allowed_roles
|
|
def allowed_roles
|
|
return unless roles && (roles - VALID_ROLES).present?
|
|
|
|
errors.add(:roles, :invalid)
|
|
end
|
|
|
|
# For requesting admins set a new password before their first login. Uses same
|
|
# mechanism as password reset requests, but different email notification.
|
|
after_create :send_set_password_notification
|
|
def send_set_password_notification
|
|
token = set_reset_password_token
|
|
AdminMailer.set_password_notification(self, token).deliver
|
|
end
|
|
end
|