Utilizamos cookies propias y de terceros para el correcto funcionamiento del sitio web, y si nos da su consentimiento, también utilizaremos cookies para recopilar datos de sus visitas para obtener estadísticas agregadas para mejorar nuestros servicios.

How to find User's authorizations in Decidim

Playing with the authorizations table

How to list the current authorizations in the authorizations table

irb(main)> Decidim::Authorization.select("distinct name")
=> #<ActiveRecord::Relation [#<Decidim::Authorization id: nil, name: "sms">, #<Decidim::Authorization id: nil, name: "census_authorization_handler">]>

Inspecting the metadata of Decidim Authorizations

Authorizations may have extra data stored in the metadata column. The following query shows the metadata associated with a given authorization:

irb(main):018:0> Decidim::Authorization.where(name: "census_authorization_handler").last.metadata
=> {"scope"=>"Eixample", "gender"=>"woman", "postal_code"=>"010101", "date_of_birth"=>"2000-01-01"}

Querying Decidim Authorizations by their metadata

The metadata column of the Decidim::Authorization table is a jsonb field. PostgreSQL jsonb fields can be queried using  PostgreSQL's syntax in the following ways:

Decidim::Authorization.where(name: "census_authorization_handler").where("metadata ->> 'date_of_birth' like '2000-01-01'").last.metadata

Decidim::Authorization.where(name: "census_authorization_handler").where("metadata->>'scope' = 'Eixample'").where("metadata->>'postal_code' = '010203'")

User's sensible information must be stored securely using encryptation.

Imagine there's the need to remove all authorizations related with a given participant. If the participant is identified by its "document_number" as the unique_id for her authorizations, then the query must use the encrypted version of the "document_number". This is an example:

document_number= "12345678A"
unique_id= Digest::MD5.hexdigest("#{document_number&.upcase}-#{Rails.application.secrets.secret_key_base}")
Decidim::Authorization.where(name: "census_authorization_handler").where(unique_id: unique_id)