Merge pull request #2994 from zendesk/gurney/default

Support setting a default user role for new users
zendesk · Oct 11, 2018 · ff752be · ff752be
2 parents 601ba4a + 41ba9c4
commit ff752be
Show file tree

Hide file tree

Showing 5 changed files with 166 additions and 148 deletions.
diff --git a/.env.example b/.env.example
@@ -14,6 +14,7 @@ GITHUB_TOKEN=
 # DEPLOY_TIMEOUT=3600 # optional, deploy timeout in seconds, defaults to 2 hours
 # RAILS_MIN_THREADS=5 #
 # RAILS_MAX_THREADS=10 #
+# DEFAULT_USER_ROLE=0 # optional, overrides default role assigned to new user. See app/models/role.rb for mappings
 
 ## Login with Github
 # Register a new OAuth application on https://github.com/settings/applications/new

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -11,27 +11,27 @@ def new
 
   def github
     return show_login_restriction unless role_id = github_authorization.role_id
-    login(role_id: role_id)
+    login(role_id: custom_role_or_default(role_id))
   end
 
   def google
     return show_login_restriction unless allowed_to_login
-    login(role_id: Role::VIEWER.id)
+    login(role_id: custom_role_or_default(Role::VIEWER.id))
   end
 
   def ldap
     return show_login_restriction unless allowed_to_login
-    login(role_id: Role::VIEWER.id)
+    login(role_id: custom_role_or_default(Role::VIEWER.id))
   end
 
   def gitlab
     return show_login_restriction unless allowed_to_login
-    login(role_id: Role::VIEWER.id)
+    login(role_id: custom_role_or_default(Role::VIEWER.id))
   end
 
   def bitbucket
     return show_login_restriction unless allowed_to_login
-    login(role_id: Role::VIEWER.id)
+    login(role_id: custom_role_or_default(Role::VIEWER.id))
   end
 
   def failure
@@ -98,7 +98,7 @@ def login(options = {})
       uid = auth_hash.uid
     end
 
-    user = User.create_or_update_from_hash(options.merge(
+    user = find_or_create_user_from_hash(options.merge(
       external_id: "#{strategy.name}-#{uid}",
       name: auth_hash.info.name,
       email: auth_hash.info.email
@@ -114,4 +114,15 @@ def login(options = {})
 
     redirect_to_origin_or_default
   end
+
+  def find_or_create_user_from_hash(hash)
+    # first user will be promoted to super admin
+    hash[:role_id] = Role::SUPER_ADMIN.id unless User.where.not(email: '[email protected]').exists?
+
+    User.create_with(hash).find_or_create_by(external_id: hash[:external_id].to_s)
+  end
+
+  def custom_role_or_default(default)
+    Integer(ENV.fetch('DEFAULT_USER_ROLE', default))
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -87,29 +87,6 @@ def administrated_projects
     scope
   end
 
-  def self.create_or_update_from_hash(hash)
-    user = User.where(external_id: hash[:external_id].to_s).first || User.new
-
-    # attributes are always a string hash
-    attributes = user.attributes.merge(hash.stringify_keys) do |attribute, old, new|
-      if attribute == 'role_id'
-        if !User.where.not(email: '[email protected]').exists?
-          Role::SUPER_ADMIN.id # first user will be promoted to super admin
-        elsif new && (user.new_record? || new >= old)
-          new # existing users can upgrade
-        else
-          old
-        end
-      else
-        old.presence || new
-      end
-    end
-
-    user.attributes = attributes
-    user.save
-    user
-  end
-
   def name
     super.presence || email
   end