class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :timeoutable and :omniauthable
devise :database_authenticatable, :recoverable, :rememberable, :validatable,
:trackable, :lockable, :two_factor_authenticatable
belongs_to :organisation
has_many :owned_case_logs, through: :organisation
has_many :managed_case_logs, through: :organisation
has_paper_trail ignore: %w[last_sign_in_at
current_sign_in_at
current_sign_in_ip
last_sign_in_ip
failed_attempts
unlock_token
locked_at
reset_password_token
reset_password_sent_at
remember_created_at
sign_in_count
updated_at]
has_one_time_password(encrypted: true)
ROLES = {
data_accessor: 0,
data_provider: 1,
data_coordinator: 2,
support: 99,
}.freeze
enum role: ROLES
def case_logs
if support?
CaseLog.all
else
CaseLog.for_organisation(organisation)
end
end
def completed_case_logs
case_logs.completed
end
def not_completed_case_logs
case_logs.not_completed
end
def is_key_contact?
is_key_contact
end
def is_key_contact!
update(is_key_contact: true)
end
def is_data_protection_officer?
is_dpo
end
def is_data_protection_officer!
update!(is_dpo: true)
end
MFA_TEMPLATE_ID = "6bdf5ee1-8e01-4be1-b1f9-747061d8a24c".freeze
RESET_PASSWORD_TEMPLATE_ID = "2c410c19-80a7-481c-a531-2bcb3264f8e6".freeze
SET_PASSWORD_TEMPLATE_ID = "257460a6-6616-4640-a3f9-17c3d73d9e91".freeze
def reset_password_notify_template
last_sign_in_at ? RESET_PASSWORD_TEMPLATE_ID : SET_PASSWORD_TEMPLATE_ID
end
def need_two_factor_authentication?(_request)
support?
end
def send_two_factor_authentication_code(code)
template_id = MFA_TEMPLATE_ID
personalisation = { otp: code }
DeviseNotifyMailer.new.send_email(email, template_id, personalisation)
end
def assignable_roles
return {} unless data_coordinator? || support?
return ROLES if support?
ROLES.except(:support)
end
end