card-mod-account 0.14.2 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adc87bf8c7fbcd353a929064f4f624b62c82d2bd832f14bc117f51932904d508
-  data.tar.gz: 8c6ec9b150b12be1d4d2d4af7cfc707aa75717dbac5410ceccf0ae723392469d
+  metadata.gz: 6746b209fb026dba9a6d3954907e85d8e2d7fe41d0f3b19e7abccbe564e75b19
+  data.tar.gz: 84fa785cfd4022c10b6b491aaacdfa352903f86c9a2f2e1379c352508b74df51
 SHA512:
-  metadata.gz: 4e310f6dd5ebe29872f2b8a851a853966b172ffd43c191f42ee95e1a80862f19bf39f1889d2bf0dc533e60550bec7bb929cf2e150c4bbeac5387c114d9cd4b6d
-  data.tar.gz: 6434b7b07a78fdba72e11dcb9e53e86e13f4b973fe1d059c30010989db062d4055f309791b0574c9139108715744bef1e4c765e660f5d5bc039adef0d36ba7e4
+  metadata.gz: 47734b784a923c88b2720564c86b55ef8c335f84beaf1d6ccb40e90b8fa786a45e0497d32f9f12f41c3f62778ca2d9f06426803f8754b0a911be451e2372904c
+  data.tar.gz: c50dbdc1ef16286cc8c80957fdf30e8ad7e5c6bf176838b87377bb086bcb20bf21d6e81fc9eb5abe9efd37fcd650541e2d31031c09e93c88a42db9605dc4cedb

data/assets/style/account.scss

@@ -0,0 +1,36 @@
+/*----------- (Account Request)--------------*/
+
+.invite-links {
+  padding: 10px;
+  margin-top: 10px;
+  text-align: center;
+  a {
+    font-weight: bold;
+    margin: 0 20px;
+  }
+}
+
+/*-- sign in page --*/
+
+#sign-in input#login_field,
+#sign-in input#password,
+#forgot-password input#email {
+  width: 50%;
+}
+
+#forgot-password {
+  margin-top: 40px;
+}
+
+.new-account-link {
+  text-align: center;
+}
+
+.form-group .signup-link {
+  display: inline;
+}
+
+// FIXME - decko should handle better
+#my-card-link {
+  padding-right: 0.6em;
+}

data/data/real.yml

@@ -0,0 +1,300 @@
+---
+# Cardtypes
+
+- :name: Role
+  :type: :cardtype
+  :codename: role
+  :fields:
+    :description: |-
+      Each [[user]] can be given roles to organize site permissions. 
+      [[http://decko.org/Role|Learn more about roles]].
+
+- :name: "*members"
+  :codename: members
+
+
+# Roles
+
+- :name: Anyone
+  :type: :role
+  :codename: anyone
+  :fields:
+    :description: |-
+      Everyone has this role, whether signed in or not. [[http://decko.org/account|more]]
+- :name: Anyone Signed In
+  :type: :role
+  :codename: anyone_signed_in
+  :fields:
+    :description: |-
+      Anyone who is signed in has this role. [[http://decko.org/account|more]]
+- :name: Administrator
+  :type: :role
+  :codename: administrator
+  :fields:
+    :description: |-
+      [[_left+:members|Administrators]] can create, read, update and delete any card.
+      [[http://decko.org/permissions|more]]
+    :members:
+      :fields:
+        :self:
+          :fields:
+            :update: Administrator
+- :name: Eagle
+  :type: :role
+  :codename: eagle
+  :fields:
+    :description: "[[Eagle+:members|Eagle users]] can add and edit content."
+- :name: Shark
+  :type: :role
+  :codename: shark
+  :fields:
+    :description: |-
+      [[_left+:members|Shark users]] can configure the deck and create structures.
+    :members:
+      :fields:
+        :self:
+          :fields:
+            :update: Administrator
+- :name: Help Desk
+  :type: :role
+  :codename: help_desk
+  :fields:
+    :description: |-
+      [[_left+*members|Help Desk users]] can manage accounts and edit help text.
+    :members:
+      :fields:
+        :self:
+          :fields:
+            :update: Administrator
+- :name: Anonymous
+  :codename: anonymous
+  :content: "<p>Edits made by people who are not signed in are credited to Anonymous.
+    [[http://decko.org/account|Learn more about accounts]].</p>"
+
+- :name:
+    - :role
+    - :members
+    - :type_plus_right
+    - :update
+  :content:
+    Help Desk
+
+- :name: "*account"
+  :codename: account
+  :fields:
+    :right:
+      :fields:
+        :create: Administrator
+        :read: Help Desk
+        :update: Help Desk
+        :delete: Help Desk
+  :content: |-
+    <div>When someone signs up, they create a [[Sign up]] card...</div>
+    <blockquote>
+    <div>{{Sign up|closed;title: Sign ups}}</div>
+    </blockquote>
+    <div>...that can be changed into a [[User]] card:</div>
+    <blockquote>
+    <div>{{User|title: Users; closed}}</div>
+    </blockquote>
+    <div>Some important [[http://decko.org/permissions|permissions]]:</div>
+    <div>
+    <ul>
+    <li>When [[Anyone]] can [[*create|create]] a [[Sign up]] card, links to sign up will appear.</li>
+    <li>When [[Anyone]] can [[*create|create]] a [[User]] card, each [[Sign up]] can be auto-approved with a verification email.</li>
+    <li>If permission to [[*create|create]] a [[User]] is restricted, someone with that permission must approve each [[Sign up]] by hand.</li>
+    </ul>
+    </div>
+    <h5>Related links</h5>
+    <ul>
+    <li><em>[[http://decko.org/account | Accounts docs]]</em></li>
+    <li><em>[[Cards with accounts]]</em></li>
+    <li><em>[[:account+:right+:by_name|Account cards]]</em></li>
+    </ul>
+
+# :account fields
+
+- :name: "*email"
+  :codename: email
+  :fields:
+    :right:
+      :fields:
+        :update: Help Desk
+        :delete: Help Desk
+        :read: Help Desk
+- :name: "*password"
+  :codename: password
+  :fields:
+    :right:
+      :fields:
+        :update: Help Desk
+        :delete: Help Desk
+        :read: Help Desk
+- :name: "*salt"
+  :codename: salt
+  :fields:
+    :right:
+      :fields:
+        :read: Help Desk
+- :name: "*status"
+  :codename: status
+  :fields:
+    :right:
+      :fields:
+        :update: Help Desk
+        :delete: Help Desk
+        :read: Help Desk
+
+- :name: "*account settings"
+  :codename: account_settings
+  :fields:
+    :right:
+      :fields:
+        :structure: |-
+          {{_left+:account|content}}
+          {{_left+:roles|title: Roles}}
+          {{_left+:follow|title: Notification choices}}
+
+- :name: Sign up
+  :type: :cardtype
+  :codename: signup
+  :fields:
+    :description: |-
+      [[Sign up]] cards represent not-yet-approved accounts. 
+      When approved, they become [[User]] cards. [[http://decko.org/account|more]]
+    :self:
+      :fields:
+        :structure: |-
+          <p>{{+:description|content}}</p>
+          <h2>{{_self|name}} Cards</h2>
+          <blockquote><p>{{+:type+:by_name|content}}</p></blockquote>
+    :type:
+      :fields:
+        :create: Anyone
+        :on_create: signup alert email
+    :account:
+      :fields:
+        :type_plus_right:
+          :fields:
+            :create: _left
+- :name:
+    - :user
+    - :account
+    - :type_plus_right
+    - :create
+  :content: _left
+
+- :name:
+    - :wagn_bot
+    - :account
+  :fields:
+    :email: no-reply@decko.org
+
+- :name: welcome email
+  :type: :email_template
+  :codename: welcome_email
+- :name: verification email
+  :type: :email_template
+  :codename: verification_email
+  :fields:
+    :from: Decko Bot
+    :subject: verification link for {{:title|core}}
+    :html_message: |-
+      <div style="text-align:center">
+        <h1>Thank you for signing up with {{:title|core}}!</h1>
+        <p>
+          Please <a href="{{_|verify_url}}">follow this link</a>
+          to verify this email address and activate your account.
+        </p>
+        <p><em>Link will remain valid for {{_|verify_days}} days.</em></p>
+      </div>
+    :text_message: |+
+      Thank you for signing up with {{:title|core}}!
+  
+      Please follow the link below to verify this email address and activate your account.
+  
+      {{_|verify_url}}
+      (Link will remain valid for {{_|verify_days}} days.)
+- :name: password reset email
+  :type: :email_template
+  :codename: password_reset_email
+  :fields:
+    :from: Decko Bot
+    :subject: reset password for {{:title|core}}
+    :text_message: "** Password reset for {{:title|core}} **\n\nSomeone – you, we hope –
+      asked to reset your password.  Please follow this link...\n\n  {{_|reset_password_url}}\n
+      \ \n...to update your account details.\n\n\n(Link will remain valid for {{_|reset_password_days}}
+      days.)\n\n"
+    :html_message: "<div style=\"text-align:center\">\n  
+      <h1>Password reset for {{:title|core}}</h1>\n
+      \ \n  <p>Someone – you, we hope – asked to reset your password.</p>\n  \n  <p>Please
+      <a href=\"{{_|reset_password_url}}\">follow this link</a> to update your account
+      details.</p>\n  \n  <p><em>Link will remain valid for {{_|reset_password_days}}
+      days.</em></p>\n</div>\n\n"
+- :name: signup alert email
+  :type: :email_template
+  :codename: signup_alert_email
+  :fields:
+    :from: _user
+    :subject: "{{_|name}} signed up for {{:title|core}}"
+    :text_message: |
+      {{_|name}} has signed up on {{:title|core}}.
+  
+      See {{_|name}}'s card: {{_|url}}
+  
+      -- the machines running {{:title|core}}
+    :html_message: |
+      <p>
+        {{_|name}}
+        has <a href="{{_|url}}">signed up</a>
+        on {{:title|core}}.
+      </p>
+  
+      <p><em>-- the machines running {{:title|core}}</em></p>
+
+
+- :name: "*signin"
+  :codename: signin
+  :conflict: :defer
+  :fields:
+    :self:
+      :fields:
+        :update: Anyone
+- :name: "*roles"
+  :codename: roles
+  :fields:
+    :right:
+      :fields:
+        :input_type: checkbox
+        :content_options:
+          :type: :search_type
+          :content: '{"type":"role", "not":{"codename":["in","anyone","anyone_signed_in"]}}'
+
+
+- :name: "*enabled roles"
+  :codename: enabled_roles
+- :name: "*account links"
+  :codename: account_links
+
+- :name: Cards with accounts
+  :type: :search_type
+  :codename: cards_with_account
+  :content: '{"right_plus": ":account"}'
+
+- :name: "*thanks"
+  :type: :setting
+  :codename: thanks
+- :name:
+    - :signup
+    - :type
+    - :thanks
+  :type: :phrase
+  :content: :signup_success
+
+- :name: Signup Success
+  :codename: signup_success
+  :content: |-
+    <div>
+      Thank you for signing up with {{:title|core}}. 
+      You should receive a response in your email.
+    </div>

data/db/migrate_core_cards/20220815112551_move_roles.rb

@@ -0,0 +1,47 @@
+# -*- encoding : utf-8 -*-
+
+class  MoveRoles < Cardio::Migration
+  def up
+    remove_member_structure_rule
+    change_existing_member_cards_to_lists
+    populate_member_lists_and_delete_role_lists
+  end
+
+  def remove_member_structure_rule
+    %i[members right structure].card&.delete!
+  end
+
+  def change_existing_member_cards_to_lists
+    Card.search(left: { type_id: Card::RoleID },
+                right_id: Card::MembersID) do |role_members|
+      role_members.update! type_id: Card::ListID
+    end
+  end
+
+  def populate_member_lists_and_delete_role_lists
+    Card.search(left: { type_id: Card::UserID },
+                right_id: Card::RolesID) do |user_roles|
+      role_names = role_names_from_user_roles_card user_roles.id
+      move_role_names user_roles.left.name, role_names if role_names.present?
+      user_roles.delete
+    end
+  end
+
+  def move_role_names user, role_names
+    role_names.each do |role_name|
+      next unless role_name.card&.type_code == :role
+
+      puts "Move #{user} to role #{role_name}"
+      Card.fetch(role_name, :members, new: {}).add_item! user
+    end
+  end
+
+  def role_names_from_user_roles_card id
+    query = "SELECT db_content FROM cards WHERE cards.id = #{id}"
+    content = ActiveRecord::Base.connection
+                                .exec_query(query)
+                                .rows&.first&.first
+    return unless content.present?
+    content.split "\n"
+  end
+end

data/locales/de.yml

@@ -104,7 +104,7 @@ de:
   account_password_missing: Passwort muss angegeben werden
   account_private_data: Private Daten
   account_reset_my_password: Passwort zurücksetzen
-  account_reset_password: PASSWORT ZURÜCKSETZEN
+  account_reset_password: Password Zurücksetzen
   account_search_email_duplicate: E-Mail-Duplikat? (%{content})
   account_sign_in: Anmelden
   account_sign_in_title: Anmelden

data/locales/en.yml

@@ -21,7 +21,7 @@ en:
   account_password_missing: password can't be blank
   account_private_data: Private data
   account_reset_my_password: Reset my password
-  account_reset_password: RESET PASSWORD
+  account_reset_password: Reset Password
   account_search_email_duplicate: email duplicate? (%{content})
   account_sign_in: Sign in
   account_sign_in_title: Sign In

data/set/abstract/account_field.rb

@@ -6,9 +6,7 @@ end
 
 # allow account owner to update account field content
 def ok_to_update
-  return true if own_account? && !name_changed? && !type_id_changed?
-
-  super
+  (own_account? && !name_changed? && !type_id_changed?) || super
 end
 
 # force inherit permission on create

data/set/abstract/accountable.rb

@@ -37,7 +37,7 @@ format :html do
       ["Email and Password", :account,
        { path: { slot: { hide: %i[help_link bridge_link] } } }],
       ["Roles", :roles,
-       { path:  { view: :content_with_edit_button } }],
+       { path:  { view: :content } }],
       ["Notifications", :follow],
       ["API", :account,
        { path: { view: :api_key,

data/set/all/account.rb

@@ -15,7 +15,7 @@ end
 def among? ok_ids
   ok_ids.any? do |ok_id|
     ok_id == AnyoneID ||
-      (ok_id == AnyoneWithRoleID && all_enabled_roles.size > 1) ||
+      # (ok_id == AnyoneWithRoleID && all_enabled_roles.size > 1) ||
       parties.member?(ok_id)
   end
 end
@@ -86,14 +86,11 @@ def enabled_roles_card
 end
 
 def fetch_roles
-  [AnyoneSignedInID] + role_ids_from_roles_trait
+  [AnyoneSignedInID] + role_ids_from_role_member_cards
 end
 
-def role_ids_from_roles_trait
-  Auth.as_bot do
-    role_trait = fetch :roles
-    role_trait ? role_trait.item_ids : []
-  end
+def role_ids_from_role_member_cards
+  Self::Role.role_ids id
 end
 
 event :generate_token do

data/set/right/account/events.rb

@@ -1,11 +1,11 @@
 #### ON CREATE
 
 event :set_default_salt, :prepare_to_validate, on: :create do
-  subfield(:salt).generate
+  field(:salt).generate
 end
 
 event :set_default_status, :prepare_to_validate, on: :create do
-  subfield :status, content: (accounted&.try(:default_account_status) || "active")
+  field :status, content: (accounted&.try(:default_account_status) || "active")
 end
 
 # ON UPDATE
@@ -47,7 +47,7 @@ end
 # NOTE: this only works in the context of an action.
 # if run independently, it will not activate an account
 event :activate_account do
-  subfield :status, content: "active"
+  field :status, content: "active"
   trigger_event! :send_welcome_email
 end
 

data/set/right/account/views.rb

@@ -50,7 +50,8 @@ format :html do
   end
 
   before :content_formgroups do
-    voo.edit_structure = [[:email, "email"], [:password, "password"]]
+    voo.edit_structure = [[:email, title: "email"],
+                          [:password, title: "password"]]
   end
 
   view :token_expiry do

data/set/right/account.rb

@@ -21,9 +21,7 @@ end
 
 # allow account owner to update account field content
 def ok_to_update
-  return true if own_account? && !name_changed? && !type_id_changed?
-
-  super
+  (own_account? && !name_changed? && !type_id_changed?) || super
 end
 
 def changes_visible? act

data/set/right/email.rb

@@ -2,6 +2,8 @@
 
 include_set Abstract::AccountField
 
+assign_type :phrase
+
 event :validate_email, :validate, on: :save do
   return unless content?
 
@@ -31,7 +33,7 @@ event :downcase_email, :prepare_to_validate, on: :save do
 end
 
 def email_required?
-  !left.system?
+  !left&.left&.codename == :wagn_bot
 end
 
 def ok_to_read

data/set/right/password.rb

@@ -1,5 +1,7 @@
 include_set Abstract::AccountField
 
+assign_type :phrase
+
 def history?
   false
 end

data/set/right/roles.rb

@@ -1,27 +1,9 @@
-event :validate_permission_to_assign_roles, :validate, on: :save do
-  return unless (fr = forbidden_roles).present?
+assign_type :search_type
 
-  errors.add :permission_denied,
-             "You don't have permission to assign the role#{'s' if fr.size > 1} "\
-             "#{fr.map(&:name).to_sentence}"   # LOCALIZE
+def virtual?
+  new?
 end
 
-def forbidden_roles
-  # restore old roles for permission check
-  with_old_role_permissions do |new_roles|
-    new_roles.reject do |card|
-      Card.fetch(card, "*members").ok? :update
-    end
-  end
-end
-
-def with_old_role_permissions
-  new_roles = item_cards
-  new_content = content
-  left.clear_roles
-  Auth.update_always_cache nil
-  self.content = db_content_before_act
-  yield new_roles
-ensure
-  self.content = new_content
+def cql_content
+  { member:  "_left" }
 end

data/set/right/salt.rb

@@ -1,5 +1,7 @@
 include_set Abstract::AccountField
 
+assign_type :phrase
+
 def generate
   self.content = Digest::SHA1.hexdigest "--#{Time.zone.now}--"
 end

data/set/right/status.rb

@@ -1,5 +1,7 @@
 include_set Abstract::AccountField
-include_set Abstract::Pointer
+include_set Abstract::List
+
+assign_type :phrase
 
 format :html do
   def input_type
@@ -8,7 +10,7 @@ format :html do
 end
 
 def option_names
-  %w[unapproved unverified active blocked system]
+  %w[unapproved unverified active blocked] # system
 end
 
 def ok_to_update

data/set/self/role.rb

@@ -0,0 +1,38 @@
+class << self
+  CACHE_KEY = "ROLEHASH".freeze
+
+  def load_rolehash
+    ::Card.cache.fetch(CACHE_KEY) do
+      generate_rolehash
+    end
+  end
+
+  def generate_rolehash
+    Auth.as_bot do
+      Card.search(left: { type_id: Card::RoleID }, right_id: Card::MembersID)
+          .each_with_object({}) do |member_card, hash|
+        hash[member_card.left_id] = ::Set.new member_card.item_ids
+      end
+    end
+  end
+
+  def update_rolehash role_id, member_ids
+    role_hash[role_id] = member_ids
+    ::Card.cache.write CACHE_KEY, role_hash
+  end
+
+  def clear_rolehash
+    @role_hash = nil
+  end
+
+  def role_hash
+    @role_hash ||= load_rolehash
+  end
+
+  def role_ids user_id
+    role_hash.each_with_object([]) do |(role_id, member_ids), all_role_ids|
+      next unless member_ids.include? user_id
+      all_role_ids << role_id
+    end
+  end
+end

data/set/self/signin.rb

@@ -8,7 +8,7 @@
 
 # authentication event
 event :signin, :validate, on: :update do
-  authenticate_or_abort subfield_content(:email), subfield_content(:password)
+  authenticate_or_abort field_content(:email), field_content(:password)
 end
 
 # abort after successful signin (do not save card)
@@ -30,8 +30,8 @@ event :send_reset_password_token, before: :signin, on: :update, trigger: :requir
   end
 end
 
-def email_from_subfield
-  @email_from_subfield ||= subfield_content(:email)
+def email_from_field
+  @email_from_field ||= field_content(:email)
 end
 
 def ok_to_read
@@ -76,7 +76,7 @@ def account_for email
 end
 
 def send_reset_password_email_or_fail
-  if (account = account_for email_from_subfield)&.active?
+  if (account = account_for email_from_field)&.active?
     send_reset_password_email account
   else
     reset_password_fail account
@@ -84,7 +84,7 @@ def send_reset_password_email_or_fail
 end
 
 def blank_email?
-  return false if email_from_subfield.present?
+  return false if email_from_field.present?
 
   error_on :email, :error_blank
 end
@@ -151,8 +151,12 @@ format :html do
   end
 
   view :signin_buttons do
+    class_up "button-form-group", "signin-buttons justify-content-between"
     button_formgroup do
-      [signin_button, signup_link, reset_password_link]
+      [
+        wrap_with("div", class: "pe-2") { [signin_button, signup_link] },
+        reset_password_link
+      ]
     end
   end
 
@@ -186,10 +190,9 @@ format :html do
   end
 
   def reset_password_link
-    link = link_to_view :edit, t(:account_reset_password),
-                        path: { slot: { hide: :bridge_link } }
-    # FIXME: inline styling
-    raw("<div style='float:right'>#{link}</div>")
+    link_to_view :edit, t(:account_reset_password),
+                 path: { slot: { hide: :bridge_link } },
+                 class: "btn btn-secondary btn-reset-password"
   end
 
   def edit_view_hidden

data/set/type/role.rb

@@ -1,3 +1,5 @@
+card_accessor :members
+
 def disabled?
   Auth.current&.fetch(:disabled_roles)&.item_ids&.include? id
 end
@@ -9,7 +11,7 @@ format :html do
 
   def role_checkbox
     name = card.disabled? ? "add_item" : "drop_item"
-    subformat(Auth.current.field(:disabled_roles, new: {})).card_form :update do
+    subformat(Auth.current.field(:disabled_roles)).card_form :update do
       [check_box_tag(name, card.id, !card.disabled?, class: "_edit-item"),
        render_link]
     end

data/set/type/signup/views.rb

@@ -3,7 +3,7 @@ format :html do
     Auth.signed_in? && card.can_approve?
   end
 
-  view :new do
+  view :new, cache: :never do
     voo.title = invitation? ? t(:account_invite) : t(:account_sign_up)
     super()
   end
@@ -12,7 +12,7 @@ format :html do
     [account_formgroups, (card.structure ? edit_slot : "")].join
   end
 
-  view :new_buttons do
+  view :new_buttons, cache: :never do
     button_formgroup do
       [standard_create_button, invite_button].compact
     end
@@ -24,7 +24,7 @@ format :html do
     button_tag "Send Invitation", situation: "primary"
   end
 
-  view :core, template: :haml do
+  view :core, template: :haml, cache: :never do
     @lines = [signup_line] + account_lines
     @body = process_content _render_raw
   end

data/set/type/signup.rb

@@ -1,5 +1,7 @@
 include_set Abstract::Accountable
 
+basket[:non_createable_types] << :signup
+
 require_field :account
 
 def default_account_status
@@ -26,7 +28,7 @@ event :approve_without_verification, :validate, on: :update, trigger: :required
   # TODO: if validated here, add trigger and activate in storage phase
   approvable do
     activate_accounted
-    subfield(:account).activate_account
+    field(:account).activate_account
   end
 end
 
@@ -36,8 +38,8 @@ event :act_as_current_for_integrate_stage, :integrate, on: :create do
 end
 
 def request_verification
-  acct = subfield :account
-  acct.subfield :status, content: "unverified"
+  acct = field :account
+  acct.field :status, content: "unverified"
   acct.trigger_event! :send_verification_email
 end
 

data/set/type/user/setup_help.haml

@@ -5,6 +5,6 @@
 
 
 - if Card.config.action_mailer.perform_deliveries == false
-  .bg-warning.p-3
+  .alert-warning.p-3
     WARNING: Email delivery is turned off.
     Change settings in config/application.rb to send sign up notifications.

data/set/type/user.rb

@@ -3,7 +3,9 @@ include_set Abstract::Accountable
 attr_accessor :email
 
 format :html do
-  view :setup, unknown: true, perms: ->(_fmt) { Auth.needs_setup? } do
+  delegate :needs_setup?, to: Card::Auth
+
+  view :setup, unknown: true, perms: :needs_setup? do
     with_nest_mode :edit do
       voo.title = "Your deck is ready to go!" # LOCALIZE
       voo.show! :help
@@ -41,6 +43,7 @@ format :html do
   end
 end
 
+# FIXME. use trigger
 def setup?
   Card::Env.params[:setup]
 end
@@ -54,8 +57,10 @@ event :setup_as_bot, before: :check_permissions, on: :create, when: :setup? do
 end
 
 event :setup_first_user, :prepare_to_store, on: :create, when: :setup? do
-  subcard "signup alert email+*to", content: name
-  subfield :roles, content: roles_for_first_user
+  subcard %i[signup_alert_email to].cardname, content: name
+  roles_for_first_user.each do |role|
+    subcard [role, :members], content: name
+  end
 end
 
 def roles_for_first_user

data/set/type_plus_right/role/members.rb

@@ -0,0 +1,5 @@
+assign_type :list
+
+event :update_role_cache, :finalize do
+  Self::Role.update_rolehash(left.id, item_ids)
+end

data/set/type_plus_right/user/email.rb

@@ -1,3 +1,7 @@
+def virtual?
+  new?
+end
+
 # supports legacy references to <User>+*email
 # (standard representation is now <User>+*account+*email)
 view :raw do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: card-mod-account
 version: !ruby/object:Gem::Version
-  version: 0.14.2
+  version: 0.15.0
 platform: ruby
 authors:
 - Ethan McCutchen
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-08 00:00:00.000000000 Z
+date: 2023-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: card
@@ -18,56 +18,84 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.104.2
+        version: 1.105.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.104.2
+        version: 1.105.0
 - !ruby/object:Gem::Dependency
   name: card-mod-email
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
 - !ruby/object:Gem::Dependency
   name: card-mod-permissions
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
 - !ruby/object:Gem::Dependency
   name: card-mod-list
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.14.2
+        version: 0.15.0
+- !ruby/object:Gem::Dependency
+  name: card-mod-integrate
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+- !ruby/object:Gem::Dependency
+  name: card-mod-edit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.15.0
 description: ''
 email:
 - info@decko.org
@@ -76,6 +104,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - README.md
+- assets/style/account.scss
+- data/real.yml
+- db/migrate_core_cards/20220815112551_move_roles.rb
 - locales/de.yml
 - locales/en.yml
 - set/abstract/account_field.rb
@@ -89,6 +120,7 @@ files:
 - set/right/roles.rb
 - set/right/salt.rb
 - set/right/status.rb
+- set/self/role.rb
 - set/self/signin.rb
 - set/type/role.rb
 - set/type/signup.rb
@@ -96,6 +128,7 @@ files:
 - set/type/signup/views.rb
 - set/type/user.rb
 - set/type/user/setup_help.haml
+- set/type_plus_right/role/members.rb
 - set/type_plus_right/user/email.rb
 homepage: https://decko.org
 licenses:
@@ -107,6 +140,7 @@ metadata:
   wiki_uri: https://decko.org
   documentation_url: http://docs.decko.org/
   card-mod: account
+  card-mod-group: gem-defaults
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -122,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.3.11
 signing_key:
 specification_version: 4
 summary: Email-based account handling for decko cards