How to find User's authorizations in Decidim
Playing with the authorizations table
How to list the current authorizations in the authorizations table
irb(main)> Decidim::Authorization.select("distinct name")
=> #<ActiveRecord::Relation [#<Decidim::Authorization id: nil, name: "sms">, #<Decidim::Authorization id: nil, name: "census_authorization_handler">]>
Inspecting the metadata of Decidim Authorizations
Authorizations may have extra data stored in the metadata column. The following query shows the metadata associated with a given authorization:
irb(main):018:0> Decidim::Authorization.where(name: "census_authorization_handler").last.metadata
=> {"scope"=>"Eixample", "gender"=>"woman", "postal_code"=>"010101", "date_of_birth"=>"2000-01-01"}
Querying Decidim Authorizations by their metadata
The metadata column of the Decidim::Authorization table is a jsonb field. PostgreSQL jsonb fields can be queried using PostgreSQL's syntax in the following ways:
Decidim::Authorization.where(name: "census_authorization_handler").where("metadata ->> 'date_of_birth' like '2000-01-01'").last.metadata
Decidim::Authorization.where(name: "census_authorization_handler").where("metadata->>'scope' = 'Eixample'").where("metadata->>'postal_code' = '010203'")
User's sensible information must be stored securely using encryptation.
Imagine there's the need to remove all authorizations related with a given participant. If the participant is identified by its "document_number" as the unique_id for her authorizations, then the query must use the encrypted version of the "document_number". This is an example:
document_number= "12345678A"
unique_id= Digest::MD5.hexdigest("#{document_number&.upcase}-#{Rails.application.secrets.secret_key_base}")
Decidim::Authorization.where(name: "census_authorization_handler").where(unique_id: unique_id)