SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

module SessionHelper
  def self.json_hash(user)
    collections, assets = default_collections(user)
    {
      session:     user.filter_unauthorized_attributes(user.filter_attributes(user.attributes)),
      models:      models(user),
      collections: collections,
      assets:      assets,
    }
  end

  def self.json_hash_error(error)
    {
      error:       error.message,
      models:      models,
      collections: {
        Locale.to_app_model     => Locale.where(active: true),
        PublicLink.to_app_model => PublicLink.all,
      }
    }
  end

  def self.default_collections(user)

    # auto population collections, store all here
    default_collection = {}
    assets = user.assets({})

    # load collections to deliver from external files
    dir = File.expand_path('..', __dir__)
    files = Dir.glob("#{dir}/lib/session_helper/collection_*.rb")
    files.each do |file|
      file =~ %r{/(session_helper/collection_.*)\.rb\z}
      class_name = $1.camelize
      next if !Object.const_defined?(class_name) && Rails.env.production?

      (default_collection, assets) = class_name.constantize.session(default_collection, assets, user)
    end

    [default_collection, assets]
  end

  def self.models(user = nil)
    return models_public if user.blank?

    ObjectManager.list_objects.each_with_object({}) do |object, models|
      attributes = ObjectManager::Object.new(object).attributes(user)
      models[object] = attributes
    end
  end

  def self.models_public
    allowed_user_attributes = %w[firstname lastname email password]

    user_attributes = ObjectManager::Object
      .new('User')
      .attributes(nil, skip_permission: true)
      .select { |attribute| allowed_user_attributes.include?(attribute[:name]) }

    {
      'User' => user_attributes,
    }
  end

  def self.cleanup_expired

    # delete temp. sessions
    ActiveRecord::SessionStore::Session
      .where(persistent: nil, updated_at: ...2.hours.ago)
      .delete_all

    # web sessions not updated the last x days
    ActiveRecord::SessionStore::Session
      .where(updated_at: ...60.days.ago)
      .delete_all
  end

  def self.get(id)
    ActiveRecord::SessionStore::Session.find_by(id: id)
  end

  def self.list(limit = 10_000)
    ActiveRecord::SessionStore::Session.reorder(updated_at: :desc).limit(limit)
  end

  def self.destroy(id)
    ActiveRecord::SessionStore::Session
      .find_by(id: id)
      &.destroy
  end
end