Class: LcpRuby::User

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
app/models/lcp_ruby/user.rb

Instance Method Summary collapse

Instance Method Details

#email_required?Boolean

Returns:

  • (Boolean) 


56
57
58
59
 
# File 'app/models/lcp_ruby/user.rb', line 56

def email_required?
  return false if has_attribute?(:provider) && provider.present?
  super
end

#lcp_roleObject

Compatible with PermissionEvaluator role resolution. The DB stores lcp_role as a JSON array; this ensures it’s always an Array.



23
24
25
 
# File 'app/models/lcp_ruby/user.rb', line 23

def lcp_role
  Array(super)
end

#lock_strategy_enabled?(strategy) ⇒ Boolean

Devise Lockable — delegate max attempts to configuration. Returns 0 when lockable is disabled (Devise treats 0 as unlimited).

Returns:

  • (Boolean) 


39
40
41
42
 
# File 'app/models/lcp_ruby/user.rb', line 39

def lock_strategy_enabled?(strategy)
  return false if LcpRuby.configuration.auth_lock_after_attempts.to_i <= 0
  super
end

#password_required?Boolean

OIDC-provisioned users authenticate against an external IdP, so Devise’s :validatable password presence/length checks must be skipped. Detected by the presence of a ‘provider` value (non-NULL only for OIDC users — Devise users have provider IS NULL).

Guards on ‘has_attribute?` so that legacy host-app schemas without the OIDC migration applied still work — the OIDC override is a no-op there.

Returns:

  • (Boolean) 


51
52
53
54
 
# File 'app/models/lcp_ruby/user.rb', line 51

def password_required?
  return false if has_attribute?(:provider) && provider.present?
  super
end

#profileObject

Extension point for custom profile fields stored in profile_data JSON.



28
29
30
 
# File 'app/models/lcp_ruby/user.rb', line 28

def profile
  (profile_data || {}).with_indifferent_access
end

#timeout_inObject

Devise Timeoutable — delegate timeout duration to configuration.



33
34
35
 
# File 'app/models/lcp_ruby/user.rb', line 33

def timeout_in
  LcpRuby.configuration.auth_session_timeout
end