e51f0bfee7
Account incineration could leave orphaned records due to missing cascade declarations and async jobs failing when the account was already gone. Cascade fixes: - Add Account::Searchable concern to clean up Search::Query (delete_all) and Search::Record (destroy_all, respects SQLite FTS dependent: :destroy) - Add before_destroy in Account::Storage to delete storage entries - Suppress storage entry recording during incineration so attachment purge callbacks don't create entries or enqueue materialize jobs - Guard Access#clean_inaccessible_data_later with unless user.destroyed? to avoid enqueuing pointless jobs during user cascade Job tenancy: - Extract AccountTenanted concern from the global ActiveJob initializer into ApplicationJob (include) with targeted prepends for ActionMailer::MailDeliveryJob and Turbo broadcast jobs - Defer account resolution from deserialize to perform so that missing accounts raise DeserializationError inside the execution path where discard_on can handle it Tests: - Comprehensive incineration test covering 35 model types with before/after assertions and full enqueued job processing - Mailer deliver_later test verifying account context survives job serialization for multi-account users - Turbo broadcast test verifying account-scoped URLs in rendered partials
42 lines
1.2 KiB
Ruby
42 lines
1.2 KiB
Ruby
class Identity < ApplicationRecord
|
|
include Joinable, Transferable
|
|
|
|
has_passkeys name: :email_address, display_name: -> { Current.user&.name || email_address }
|
|
|
|
has_many :access_tokens, dependent: :destroy
|
|
has_many :magic_links, dependent: :destroy
|
|
has_many :sessions, dependent: :destroy
|
|
has_many :users, dependent: :nullify
|
|
has_many :accounts, through: :users
|
|
|
|
has_one_attached :avatar, dependent: :purge_later
|
|
|
|
before_destroy :deactivate_users, prepend: true
|
|
|
|
validates :email_address, format: { with: URI::MailTo::EMAIL_REGEXP }
|
|
normalizes :email_address, with: ->(value) { value.strip.downcase.presence }
|
|
|
|
def self.find_by_permissable_access_token(token, method:)
|
|
if (access_token = AccessToken.find_by(token: token)) && access_token.allows?(method)
|
|
access_token.identity
|
|
end
|
|
end
|
|
|
|
def send_magic_link(**attributes)
|
|
attributes[:purpose] = attributes.delete(:for) if attributes.key?(:for)
|
|
|
|
magic_links.create!(attributes).tap do |magic_link|
|
|
MagicLinkMailer.sign_in_instructions(magic_link).deliver_later
|
|
end
|
|
end
|
|
|
|
def users_with_active_accounts
|
|
users.joins(:account).merge(Account.active).includes(:account)
|
|
end
|
|
|
|
private
|
|
def deactivate_users
|
|
users.find_each(&:deactivate)
|
|
end
|
|
end
|