lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-128: Added the ability to manage rooms (#848)

Browse Source 
* Added the ability to manage rooms

* Small fixes

* Fixed travis complaints

* Fixed issues with role permissions

* Fixed issue with delete room

* Fixed rubocop and added testcases
This commit is contained in:
Ahmad Farhat
2020-01-09 11:05:17 -05:00
committed by farhatahmad
parent 984e5cc085
commit 09de6b6739
20 changed files with 394 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/assets/javascripts/room.js
View File

@@ -49,7 +49,9 @@ $(document).on('turbolinks:load', function(){
$("#create-room-block").click(function(){
showCreateRoom(this)
})
}
if (controller == "rooms" && action == "show" || controller == "admins" && action == "server_rooms"){
// Display and update all fields related to creating a room in the createRoomModal
$(".update-room").click(function(){
showUpdateRoom(this)
@@ -88,9 +90,9 @@ function showCreateRoom(target) {
function showUpdateRoom(target) {
var modal = $(target)
var room_block_uid = modal.closest("#room-block").data("room-uid")
$("#create-room-name").val(modal.closest("tbody").find("#room-name h4").text())
$("#createRoomModal form").attr("action", room_block_uid + "/update_settings")
var update_path = modal.closest("#room-block").data("path")
$("#create-room-name").val(modal.closest("#room-block").find("#room-name-text").text())
$("#createRoomModal form").attr("action", update_path)
//show all elements & their children with a update-only class
$(".update-only").each(function() {

3
app/assets/javascripts/search.js
View File

@@ -23,7 +23,8 @@ $(document).on('turbolinks:load', function(){
(controller == "rooms" && action == "update") ||
(controller == "rooms" && action == "join") ||
(controller == "users" && action == "recordings") ||
(controller == "admins" && action == "server_recordings")) {
(controller == "admins" && action == "server_recordings") ||
(controller == "admins" && action == "server_rooms")) {
// Submit search if the user hits enter
$("#search-input").keypress(function(key) {
if (key.which == 13) {

3
app/assets/javascripts/sort.js
View File

@@ -52,15 +52,12 @@ $(document).on('turbolinks:load', function(){
// Modify the ui for the tables
var configure_order = function(header_elem){
if(header_elem.data('order') === 'asc'){ // asc
header_elem.text(header_elem.data("header") + " ↓");
header_elem.data('order', 'desc');
}
else if(header_elem.data('order') === 'desc'){ // desc
header_elem.text(header_elem.data("header"));
header_elem.data('order', 'none');
}
else{ // none
header_elem.text(header_elem.data("header") + " ↑");
header_elem.data('order', 'asc');
}
}

23
app/controllers/admins_controller.rb
View File

@@ -61,6 +61,23 @@ class AdminsController < ApplicationController
@pagy, @recordings = pagy_array(recs)
end
# GET /admins/rooms
def server_rooms
@search = params[:search] || ""
@order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
@order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
server_rooms = if Rails.configuration.loadbalanced_configuration
Room.includes(:owner).where(users: { provider: @user_domain })
.admins_search(@search)
.admins_order(@order_column, @order_direction)
else
Room.all.admins_search(@search).admins_order(@order_column, @order_direction)
end
@pagy, @rooms = pagy_array(server_rooms)
end
# MANAGE USERS
# GET /admins/edit/:user_uid
@@ -283,4 +300,10 @@ class AdminsController < ApplicationController
invite
end
# Get the room status to display in the Server Rooms table
def room_is_running(id)
room_running?(id)
end
helper_method :room_is_running
end

3
app/controllers/concerns/rolify.rb
View File

@@ -141,7 +141,8 @@ module Rolify
role_params = params.require(:role).permit(:name)
permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :colour)
:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users,
:can_manage_rooms_recordings, :colour)
permission_params.transform_values! do |v|
if v == "0"

24
app/controllers/rooms_controller.rb
View File

@@ -25,7 +25,7 @@ class RoomsController < ApplicationController
before_action :validate_verified_email, except: [:show, :join],
unless: -> { !Rails.configuration.enable_email_verification }
before_action :find_room, except: [:create, :join_specific_room]
before_action :verify_room_ownership, only: [:destroy, :start, :update_settings]
before_action :verify_room_ownership_or_admin, only: [:start, :update_settings, :destroy]
before_action :verify_room_owner_verified, only: [:show, :join],
unless: -> { !Rails.configuration.enable_email_verification }
before_action :verify_user_not_admin, only: [:show]
@@ -112,10 +112,16 @@ class RoomsController < ApplicationController
# DELETE /:room_uid
def destroy
begin
# Don't delete the users home room.
@room.destroy if @room.owned_by?(current_user) && @room != current_user.main_room
redirect_to current_user.main_room
raise I18n.t("room.delete.home_room") if @room == @room.owner.main_room
@room.destroy
rescue => e
flash[:alert] = I18n.t("room.delete.fail", error: e)
else
flash[:success] = I18n.t("room.delete.success")
end
redirect_back fallback_location: current_user.main_room
end
# POST /room/join
@@ -162,7 +168,7 @@ class RoomsController < ApplicationController
begin
options = params[:room].nil? ? params : params[:room]
raise "Room name can't be blank" if options[:name].blank?
raise "Unauthorized Request" if !@room.owned_by?(current_user) || @room == current_user.main_room
raise "Unauthorized Request" if @room == current_user.main_room
# Update the rooms values
room_settings_string = create_room_settings_string(options)
@@ -179,7 +185,7 @@ class RoomsController < ApplicationController
flash[:alert] = I18n.t("room.update_settings_error")
end
redirect_to room_path
redirect_back fallback_location: room_path(@room)
end
# GET /:room_uid/logout
@@ -222,9 +228,9 @@ class RoomsController < ApplicationController
@room = Room.find_by!(uid: params[:room_uid])
end
# Ensure the user is logged into the room they are accessing.
def verify_room_ownership
return redirect_to root_path unless @room.owned_by?(current_user)
# Ensure the user either owns the room or is an admin of the room owner
def verify_room_ownership_or_admin
return redirect_to root_path if !@room.owned_by?(current_user) && !current_user&.admin_of?(@room.owner)
end
def validate_accepted_terms

8
app/models/ability.rb
View File

@@ -27,7 +27,7 @@ class Ability
else
highest_role = user.highest_priority_role
if highest_role.get_permission("can_edit_site_settings")
can [:index, :site_settings, :server_recordings, :update_settings, :coloring, :registration_method], :admin
can [:index, :site_settings, :update_settings, :coloring, :registration_method], :admin
end
if highest_role.get_permission("can_edit_roles")
@@ -39,8 +39,12 @@ class Ability
:approve, :invite, :reset, :undelete], :admin
end
if highest_role.get_permission("can_manage_rooms_recordings")
can [:index, :server_recordings, :server_rooms], :admin
end
if !highest_role.get_permission("can_edit_site_settings") && !highest_role.get_permission("can_edit_roles") &&
!highest_role.get_permission("can_manage_users")
!highest_role.get_permission("can_manage_users") && !highest_role.get_permission("can_manage_rooms_recordings")
cannot :manage, AdminsController
end
end

1
app/models/role.rb
View File

@@ -68,6 +68,7 @@ class Role < ApplicationRecord
update_permission("can_edit_site_settings", permissions[:can_edit_site_settings].to_s)
update_permission("can_edit_roles", permissions[:can_edit_roles].to_s)
update_permission("can_manage_users", permissions[:can_manage_users].to_s)
update_permission("can_manage_rooms_recordings", permissions[:can_manage_rooms_recordings].to_s)
end
# Updates the value of the permission and enables it

28
app/models/room.rb
View File

@@ -27,6 +27,34 @@ class Room < ApplicationRecord
belongs_to :owner, class_name: 'User', foreign_key: :user_id
def self.admins_search(string)
active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
# Postgres requires created_at to be cast to a string
created_at_query = if active_database == "postgresql"
"created_at::text"
else
"created_at"
end
search_query = "rooms.name LIKE :search OR rooms.uid LIKE :search OR users.email LIKE :search" \
" OR users.#{created_at_query} LIKE :search"
search_param = "%#{string}%"
joins(:owner).where(search_query, search: search_param)
end
def self.admins_order(column, direction)
# Include the owner of the table
table = joins(:owner)
if table.column_names.include?(column) || column == "users.name"
return table.order(Arel.sql("#{column} #{direction}"))
end
table
end
# Determines if a user owns a room.
def owned_by?(user)
return false if user.nil?

7
app/views/admins/components/_menu_buttons.html.erb
View File

@@ -22,8 +22,11 @@
<% end %>
<% end %>
<% if highest_role.get_permission("can_edit_site_settings") || highest_role.name == "super_admin" %>
<%= link_to admin_rooms_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "server_rooms"}" do %>
<span class="icon mr-4"><i class="fas fa-binoculars"></i></span><%= t("administrator.rooms.title") %>
<% end %>
<%= link_to admin_recordings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "server_recordings"}" do %>
<span class="icon mr-4"><i class="fas fa-video"></i></i></span><%= t("administrator.recordings.title") %>
<span class="icon mr-4"><i class="fas fa-video"></i></span><%= t("administrator.recordings.title") %>
<% end %>
<%= link_to admin_site_settings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "site_settings"}" do %>
<span class="icon mr-4"><i class="fas fa-cogs"></i></span><%= t("administrator.site_settings.title") %>
@@ -31,7 +34,7 @@
<% end %>
<% if highest_role.get_permission("can_edit_roles") || highest_role.name == "super_admin" %>
<%= link_to admin_roles_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "roles"}" do %>
<span class="icon mr-4"><i class="fas fa-user-tag"></i></i></span><%= t("administrator.roles.title") %>
<span class="icon mr-4"><i class="fas fa-user-tag"></i></span><%= t("administrator.roles.title") %>
<% end %>
<% end %>
</div>

23
app/views/admins/components/_roles.html.erb
View File

@@ -53,14 +53,14 @@
<%= f.check_box :can_create_rooms, checked: @selected_role.get_permission("can_create_rooms"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_create_rooms") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_promoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.promote_email")%></span>
<%= f.check_box :send_promoted_email, checked: @selected_role.get_permission("send_promoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_promoted_email") %>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_users") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_users")%></span>
<%= f.check_box :can_manage_users, checked: @selected_role.get_permission("can_manage_users"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_users") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_demoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.demote_email")%></span>
<%= f.check_box :send_demoted_email, checked: @selected_role.get_permission("send_demoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_demoted_email") %>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_rooms_recordings") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_rooms_recordings")%></span>
<%= f.check_box :can_manage_rooms_recordings, checked: @selected_role.get_permission("can_manage_rooms_recordings"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_rooms_recordings") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_edit_site_settings") %>">
@@ -73,9 +73,14 @@
<%= f.check_box :can_edit_roles, checked: @selected_role.get_permission("can_edit_roles"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_edit_roles") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_users") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_users")%></span>
<%= f.check_box :can_manage_users, checked: @selected_role.get_permission("can_manage_users"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_users") %>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_promoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.promote_email")%></span>
<%= f.check_box :send_promoted_email, checked: @selected_role.get_permission("send_promoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_promoted_email") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("send_demoted_email") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.demote_email")%></span>
<%= f.check_box :send_demoted_email, checked: @selected_role.get_permission("send_demoted_email"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("send_demoted_email") %>
<span class="custom-switch-indicator float-right"></span>
</label>

65
app/views/admins/components/_rooms.html.erb Normal file
View File

@@ -0,0 +1,65 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="row">
<div class="col-12">
<div class="table-responsive">
<table id="rooms-table" class="table table-hover table-outline table-vcenter text-nowrap card-table">
<thead>
<tr>
<th data-header="name" data-order="<%= @order_column == "name" ? @order_direction : "none" %>">
<%= t("administrator.users.table.name") %>
<% if @order_column == "name" && @order_direction == "desc" %>
<% elsif @order_column == "name" && @order_direction == "asc" %>
<% end %>
</th>
<th data-header="users.name" data-order="<%= @order_column == "users.name" ? @order_direction : "none" %>">
<%= t("room.owner") %>
<% if @order_column == "users.name" && @order_direction == "desc" %>
<% elsif @order_column == "users.name" && @order_direction == "asc" %>
<% end %>
</th>
<th data-header="uid" data-order="<%= @order_column == "uid" ? @order_direction : "none" %>">
<%= t("administrator.rooms.table.id") %>
<% if @order_column == "uid" && @order_direction == "desc" %>
<% elsif @order_column == "uid" && @order_direction == "asc" %>
<% end %>
</th>
<th>
<%= t("administrator.rooms.table.status") %>
</th>
<th class="text-center"><i class="icon-settings"></i></th>
</tr>
</thead>
<tbody id="rooms-table">
<% @rooms.each do |room| %>
<%= render "admins/components/server_room_row", room: room %>
<% end %>
</tbody>
</table>
<% if !@rooms.empty?%>
<div class="float-right mr-4 mt-4">
<%== pagy_bootstrap_nav(@pagy) %>
</div>
<% end %>
</div>
</div>
</div>

62
app/views/admins/components/_server_room_row.html.erb Normal file
View File

@@ -0,0 +1,62 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<tr id="room-block" data-path="<%= update_settings_path(room) %>" data-room-settings=<%= room.room_settings %> data-room-access-code="<%= room.access_code %>">
<td>
<div id="room-title" class="form-inline edit_hover_class">
<text id="room-name-text">
<%= room.name %>
</text>
</div>
<div class="small text-muted">
<%= [t("administrator.users.table.created"), ": ", room.created_at].join %>
</div>
</td>
<td class="text-left">
<%= room.owner.name %>
</td>
<td class="text-left">
<%= room.uid %>
</td>
<td class="text-left">
<% running = room_is_running(room.bbb_id) %>
<% if running %>
<%= t("administrator.rooms.running") %>
<% else %>
<%= t("administrator.rooms.not_running") %>
<% end %>
</td>
<td class="text-center">
<div class="item-action dropdown">
<a href="javascript:void(0)" data-toggle="dropdown" class="icon">
<i class="fas fa-ellipsis-v px-4"></i>
</a>
<div class="dropdown-menu dropdown-menu-right">
<%= link_to room_path(room), class: "dropdown-item" do %>
<i class="dropdown-icon far fa-eye"></i> <%= t("administrator.rooms.view") %>
<% end %>
<%= button_to start_room_path(room), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-door-open"></i> <%= running ? t("room.join") : t("room.start") %>
<% end %>
<a href="" data-toggle="modal" data-target="#createRoomModal" class="update-room dropdown-item">
<i class="dropdown-icon fas fa-cog"></i> <%= t("room.settings") %>
</a>
<a href="" data-toggle="modal" data-target="#deleteRoomModal" data-path="<%= room_path(room) %>" data-name="<%= room.name %>" class="delete-room dropdown-item">
<i class="dropdown-icon far fa-trash-alt"></i> <%= t("delete") %>
</a>
</div>
</div>
</td>
</tr>

30
app/views/admins/server_rooms.html.erb Normal file
View File

@@ -0,0 +1,30 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="container pt-6">
<%= render "shared/components/subtitle", subtitle: t("administrator.title"), search: false %>
<div class="row">
<div class="col-lg-3 mb-4">
<%= render "admins/components/menu_buttons" %>
</div>
<div id="server_recordings" class="col-lg-9">
<%= render "admins/components/setting_view", setting_id: "rooms", setting_title: t("administrator.rooms.title"), search: true %>
</div>
</div>
</div>
<%= render "shared/modals/delete_room_modal" %>
<%= render "shared/modals/create_room_modal" %>

6
app/views/rooms/components/_room_block.html.erb
View File

@@ -13,7 +13,7 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div id="<%= if room == current_user.main_room then 'home_room_block' else 'room-block' end %>" data-room-uid="<%= room.uid %>" data-room-settings=<%= room.room_settings %> data-room-access-code="<%= room.access_code %>" class="card">
<div id="<%= if room == current_user.main_room then 'home_room_block' else 'room-block' end %>" data-path="<%= update_settings_path(room) %>" data-room-settings=<%= room.room_settings %> data-room-access-code="<%= room.access_code %>" class="card">
<div class="card-body p-1">
<table class="table table-hover table-vcenter text-wrap table-no-border">
<tbody class="no-border-top">
@@ -29,9 +29,9 @@
<td>
<div id="room-name">
<% if room == current_user.main_room %>
<h4 contenteditable="false" class="m-0 force-text-normal" ><%= t("home_room") %></h4>
<h4 id="room-name-text" contenteditable="false" class="m-0 force-text-normal" ><%= t("home_room") %></h4>
<% else %>
<h4 contenteditable="false" class="m-0 force-text-normal" ><%= room.name %></h4>
<h4 id="room-name-text" contenteditable="false" class="m-0 force-text-normal" ><%= room.name %></h4>
<% end %>
</div>
<div id="room-name-editable" style="display: none">

13
config/locales/en.yml
View File

@@ -93,6 +93,7 @@ en:
invalid_create: There was a problem creating a new role. Please check the role values and try again
invalid_order: There was a problem updating the priority of the role. Please check the values and try again
invalid_update: There was a problem updating the permissions of the role. Please check the values and try again
manage_rooms_recordings: Allow users with this role to manage server rooms and recordings
name: Role Name
new_role: Create a new role
role_has_users: This role is assigned to %{user_count} accounts. Please remove all accounts from this role before deleting it.
@@ -106,6 +107,14 @@ en:
colour:
title: Role Colour
info: Set the colour that will be associated with the role
rooms:
title: Server Rooms
table:
id: ID
not_running: Not Running
running: Running
status: Status
view: View
title: Organization Settings
users:
invite: Invite User
@@ -418,6 +427,10 @@ en:
create_room: Create a Room
create_room_error: There was an error creating the room
create_room_success: Room created successfully
delete:
home_room: Can't delete user's Home Room
success: Room deleted successfully
fail: Failed to delete room (%{error})
enter_the_access_code: Enter the room's access code
invalid_provider: You have entered an invalid url. Please check the url and try again.
invited: You have been invited to join

1
config/routes.rb
View File

@@ -38,6 +38,7 @@ Rails.application.routes.draw do
scope '/admins' do
# Panel Tabs
get '/rooms', to: 'admins#server_rooms', as: :admin_rooms
get '/recordings', to: 'admins#server_recordings', as: :admin_recordings
get '/site_settings', to: 'admins#site_settings', as: :admin_site_settings
get '/roles', to: 'admins#roles', as: :admin_roles

28
db/migrate/20191023172511_add_manage_room_recordings_to_permissions.rb Normal file
View File

@@ -0,0 +1,28 @@
# frozen_string_literal: true
class MigrationProduct < ActiveRecord::Base
self.table_name = :roles
end
class SubMigrationProduct < ActiveRecord::Base
self.table_name = :role_permissions
end
class AddManageRoomRecordingsToPermissions < ActiveRecord::Migration[5.2]
def change
reversible do |dir|
dir.up do
MigrationProduct.all.each do |role|
SubMigrationProduct.create(role_id: role.id, name: "can_manage_rooms_recordings",
value: SubMigrationProduct.find_by(role_id: role.id, name: "can_manage_users").value, enabled: true)
end
end
dir.down do
MigrationProduct.all.each do |role|
SubMigrationProduct.find_by(role_id: role.id, name: "can_manage_rooms_recordings").destroy
end
end
end
end
end

2
db/schema.rb
View File

@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2019_08_28_153347) do
ActiveRecord::Schema.define(version: 2019_10_23_172511) do
create_table "features", force: :cascade do |t|
t.integer "setting_id"

89
spec/controllers/rooms_controller_spec.rb
View File

@@ -342,6 +342,45 @@ describe RoomsController, type: :controller do
delete :destroy, params: { room_uid: @user.main_room }
end.to change { Room.count }.by(0)
end
it "allows admin to delete room" do
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
expect do
delete :destroy, params: { room_uid: @secondary_room }
end.to change { Room.count }.by(-1)
expect(response).to redirect_to(@admin.main_room)
end
it "does not allow admin to delete a users home room" do
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
expect do
delete :destroy, params: { room_uid: @user.main_room }
end.to change { Room.count }.by(0)
expect(flash[:alert]).to be_present
expect(response).to redirect_to(@admin.main_room)
end
it "does not allow an admin from a different context to delete room" do
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
expect do
delete :destroy, params: { room_uid: @secondary_room }
end.to change { Room.count }.by(0)
expect(response).to redirect_to(root_path)
end
end
describe "POST #start" do
@@ -374,6 +413,27 @@ describe RoomsController, type: :controller do
expect(response).to redirect_to(root_path)
end
it "redirects to join path if admin" do
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
post :start, params: { room_uid: @user.main_room }
expect(response).to redirect_to(join_path(@user.main_room, @admin.name, { user_is_moderator: true }, @admin.uid))
end
it "redirects to root path if not admin of current user" do
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
post :start, params: { room_uid: @user.main_room }
expect(response).to redirect_to(root_path)
end
end
describe "POST #update_settings" do
@@ -413,6 +473,35 @@ describe RoomsController, type: :controller do
expect(response).to redirect_to(@secondary_room)
end
it "allows admin to update room settings" do
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
room_params = { "mute_on_join": "1", "name": @secondary_room.name }
formatted_room_params = "{\"muteOnStart\":true,\"requireModeratorApproval\":false," \
"\"anyoneCanStart\":false,\"joinModerator\":false}" # JSON string format
expect { post :update_settings, params: { room_uid: @secondary_room.uid, room: room_params } }
.to change { @secondary_room.reload.room_settings }
.from(@secondary_room.room_settings).to(formatted_room_params)
expect(response).to redirect_to(@secondary_room)
end
it "does not allow admins from a different context to update room settings" do
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
@admin = create(:user)
@admin.add_role :admin
@request.session[:user_id] = @admin.id
room_params = { "mute_on_join": "1", "name": @secondary_room.name }
expect { post :update_settings, params: { room_uid: @secondary_room.uid, room: room_params } }
.not_to change { @secondary_room.reload.room_settings }
expect(response).to redirect_to(root_path)
end
end
describe "GET #logout" do