[refs #818] add system role

app/controllers/admin/users_controller.rb

@@ -51,7 +51,7 @@ class Admin::UsersController < Admin::BaseController
     sort_dir = params[:sSortDir_0]=="asc" ? 'asc' : 'desc'
     order = "#{colName[sort_col.to_i]} #{sort_dir}"
 
-    @users = @users.paginate(:page => (params[:iDisplayStart].to_i/params[:iDisplayLength].to_i).to_i + 1, :per_page => params[:iDisplayLength])
+    @users = @users.opened.paginate(:page => (params[:iDisplayStart].to_i/params[:iDisplayLength].to_i).to_i + 1, :per_page => params[:iDisplayLength])
     @total_users = @users.count
     if !params[:sSearch].blank? && search = "%#{params[:sSearch]}%"
       @users = @users.where('users.name ILIKE ? or users.uname ILIKE ? or users.email ILIKE ?', search, search, search)

app/controllers/users/base_controller.rb

@@ -7,7 +7,7 @@ class Users::BaseController < ApplicationController
 
   def find_user
     if user_id = params[:uname] || params[:user_id] || params[:id]
-      @user = User.find_by_insensitive_uname! user_id
+      @user = User.opened.find_by_insensitive_uname! user_id
     end
   end
 end

app/models/group.rb

@@ -47,6 +47,10 @@ class Group < Avatar
     Relation.remove_member(member, self)
   end
 
+  def system?
+    false
+  end
+
   protected
 
   def add_owner_to_members

app/models/user.rb

@@ -1,6 +1,7 @@
 # -*- encoding : utf-8 -*-
 class User < Avatar
   ROLES = ['', 'admin', 'banned', 'tester']
+  EXTENDED_ROLES = ROLES | ['system']
   LANGUAGES_FOR_SELECT = [['Russian', 'ru'], ['English', 'en']]
   LANGUAGES = LANGUAGES_FOR_SELECT.map(&:last)
 
@@ -31,7 +32,7 @@ class User < Avatar
 
   validates :uname, :presence => true, :uniqueness => {:case_sensitive => false}, :format => {:with => /\A[a-z0-9_]+\z/}, :reserved_name => true
   validate { errors.add(:uname, :taken) if Group.by_uname(uname).present? }
-  validates :role, :inclusion => {:in => ROLES}, :allow_blank => true
+  validates :role, :inclusion => {:in => EXTENDED_ROLES}, :allow_blank => true
   validates :language, :inclusion => {:in => LANGUAGES}, :allow_blank => true
 
   attr_accessible :email, :password, :password_confirmation, :current_password, :remember_me, :login, :name, :uname, :language,
@@ -39,7 +40,7 @@ class User < Avatar
   attr_readonly :uname
   attr_accessor :login
 
-  scope :opened, where('1=1')
+  scope :opened, where('users.role != \'system\'')
   scope :banned, where(:role => 'banned')
   scope :admin, where(:role => 'admin')
   scope :tester, where(:role => 'tester')
@@ -49,7 +50,7 @@ class User < Avatar
     where "#{table_name}.id IN (?)", item.members.map(&:id).uniq
   }
 
-  after_create lambda { self.create_notifier }
+  after_create lambda { self.create_notifier unless self.system? }
   before_create :ensure_authentication_token
 
   include Modules::Models::PersonalRepository
@@ -71,6 +72,10 @@ class User < Avatar
     role == 'tester'
   end
 
+  def system?
+    role == 'system'
+  end
+
   def access_locked?
     role == 'banned'
   end

db/seeds.rb

@@ -5,7 +5,7 @@ ARCHES.each do |arch|
 end
 
 user = User.new uname: 'rosa_system', email: 'rosa_system@rosalinux.ru', password: SecureRandom.base64
-user.confirmed_at = Time.now.utc; user.save
+user.confirmed_at, user.role = Time.now.utc, 'system'; user.save
 
 user = User.new uname: 'iso_worker_1', email: 'iso_worker_1@rosalinux.ru', password: SecureRandom.base64
-user.confirmed_at = Time.now.utc; user.save
+user.confirmed_at, user.role = Time.now.utc, 'system'; user.save

lib/api_defender.rb

@@ -67,6 +67,6 @@ class ApiDefender < Rack::Throttle::Hourly
   end
 
   def system_user? request
-    authorized?(request) && %w(rosa_system iso_worker_1).include?(@user.try :uname)
+    authorized?(request) && @user.system?
   end
 end

lib/modules/models/personal_repository.rb

@@ -5,7 +5,7 @@ module Modules
       extend ActiveSupport::Concern
 
       included do
-        after_create :create_personal_repository
+        after_create :create_personal_repository, :unless => :system?
       end
 
       def create_personal_repository