Class: LcpRuby::User

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
app/models/lcp_ruby/user.rb

Instance Method Summary collapse

Instance Method Details

#email_required?Boolean

Returns:

  • (Boolean) 


66
67
68
69
 
# File 'app/models/lcp_ruby/user.rb', line 66

def email_required?
  return false if has_attribute?(:provider) && provider.present?
  super
end

#lcp_roleObject

Compatible with PermissionEvaluator role resolution. The DB stores lcp_role as a JSON array; this ensures it’s always an Array.



33
34
35
 
# File 'app/models/lcp_ruby/user.rb', line 33

def lcp_role
  Array(super)
end

#lock_strategy_enabled?(strategy) ⇒ Boolean

Devise Lockable — delegate max attempts to configuration. Returns 0 when lockable is disabled (Devise treats 0 as unlimited).

Returns:

  • (Boolean) 


49
50
51
52
 
# File 'app/models/lcp_ruby/user.rb', line 49

def lock_strategy_enabled?(strategy)
  return false if LcpRuby.configuration.auth_lock_after_attempts.to_i <= 0
  super
end

#password_required?Boolean

OIDC-provisioned users authenticate against an external IdP, so Devise’s :validatable password presence/length checks must be skipped. Detected by the presence of a ‘provider` value (non-NULL only for OIDC users — Devise users have provider IS NULL).

Guards on ‘has_attribute?` so that legacy host-app schemas without the OIDC migration applied still work — the OIDC override is a no-op there.

Returns:

  • (Boolean) 


61
62
63
64
 
# File 'app/models/lcp_ruby/user.rb', line 61

def password_required?
  return false if has_attribute?(:provider) && provider.present?
  super
end

#profileObject

Extension point for custom profile fields stored in profile_data JSON.



38
39
40
 
# File 'app/models/lcp_ruby/user.rb', line 38

def profile
  (profile_data || {}).with_indifferent_access
end

#timeout_inObject

Devise Timeoutable — delegate timeout duration to configuration.



43
44
45
 
# File 'app/models/lcp_ruby/user.rb', line 43

def timeout_in
  LcpRuby.configuration.auth_session_timeout
end