How to find User's authorizations in Decidim

How to list the current authorizations in the authorizations table

irb(main)> Decidim::Authorization.select("distinct name")
=> #<ActiveRecord::Relation [#<Decidim::Authorization id: nil, name: "sms">, #<Decidim::Authorization id: nil, name: "census_authorization_handler">]>

Inspecting the metadata of Decidim Authorizations

Authorizations may have extra data stored in the metadata column. The following query shows the metadata associated with a given authorization:

irb(main):018:0> Decidim::Authorization.where(name: "census_authorization_handler").last.metadata
=> {"scope"=>"Sants-Montjuïc", "gender"=>"man", "postal_code"=>"010203", "date_of_birth"=>"2000-11-12"}

Querying Decidim Authorizations by their metadata

The metadata column of the Decidim::Authorization table is a jsonb field. PostgreSQL jsonb fields can be queried using  PostgreSQL's syntax in the following ways:

Decidim::Authorization.where(name: "census_authorization_handler").where("metadata ->> 'date_of_birth' like '16-12-2000'").last.metadata

Decidim::Authorization.where(name: "census_authorization_handler").where("metadata->>'scope' = 'Eixample'").where("metadata->>'postal_code' = '010203'")

User's sensible information must be stored securely using encryptation.

Imagine there's the need to remove all authorizations related with a given participant. If the participant is identified by its "document_number" as the unique_id for her authorizations, then the query must use the encrypted version of the "document_number". This is an example:

document_number= "12345678A"
unique_id= Digest::MD5.hexdigest("#{document_number&.upcase}-#{Rails.application.secrets.secret_key_base}")
Decidim::Authorization.where(name: "census_authorization_handler").where(unique_id: unique_id)