From 15411d76fa472daca9543c05e6c94f231ad6ef69 Mon Sep 17 00:00:00 2001
From: Zachary Chai <zachary.chai@blindsidenetworks.com>
Date: Tue, 1 Nov 2016 12:03:00 -0400
Subject: [PATCH] only allow room owner to perform recording actions

---
 .../javascripts/channels/recording_update.js  |  9 ++++----
 app/assets/javascripts/landing.js             | 22 ++++++++++++-------
 app/controllers/bbb_controller.rb             |  6 ++---
 app/jobs/recording_updates_job.rb             |  1 +
 app/views/bbb/recordings.jbuilder             |  1 +
 5 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/app/assets/javascripts/channels/recording_update.js b/app/assets/javascripts/channels/recording_update.js
index a2cb32e7..aae65063 100644
--- a/app/assets/javascripts/channels/recording_update.js
+++ b/app/assets/javascripts/channels/recording_update.js
@@ -7,11 +7,10 @@
     },
     {
       received: function(data) {
-        var btn = $("#recordings").find(".recording-update:disabled");
-        btn.data('published', data.published);
-        btn.find('i').removeClass(getPublishClass(!data.published));
-        btn.find('i').addClass(getPublishClass(data.published));
-        btn.prop("disabled", false);
+        var table = $("#recordings").DataTable();
+        var rowData = table.row("#"+data.record_id).data();
+        rowData.published = data.published
+        table.row("#"+data.record_id).data(rowData).draw();
       }
     });
   };
diff --git a/app/assets/javascripts/landing.js b/app/assets/javascripts/landing.js
index ce8ee132..86bab1b1 100644
--- a/app/assets/javascripts/landing.js
+++ b/app/assets/javascripts/landing.js
@@ -98,8 +98,10 @@
           render: function(data, type, row) {
             if (type === 'display') {
               var str = "";
-              for(let i in data) {
-                str += '<a href="'+data[i].url+'">'+data[i].type+'</a> ';
+              if (row.published) {
+                for(let i in data) {
+                  str += '<a href="'+data[i].url+'">'+data[i].type+'</a> ';
+                }
               }
               return str;
             }
@@ -125,10 +127,11 @@
     });
 
     $('#recordings').on('click', '.recording-update', function(event) {
-      var room = $(this).data('room');
-      var id = $(this).data('id');
-      var published = $(this).data('published');
-      $(this).prop("disabled", true);
+      var btn = $(this);
+      var room = btn.data('room');
+      var id = btn.data('id');
+      var published = btn.data('published');
+      btn.prop("disabled", true);
       $.ajax({
         method: 'PATCH',
         url: '/rooms/'+room+'/recordings/'+id,
@@ -136,7 +139,7 @@
       }).done(function(data) {
 
       }).fail(function(data) {
-        $(this).prop("disabled", false);
+        btn.prop("disabled", false);
       });
     });
 
@@ -147,7 +150,7 @@
         method: 'DELETE',
         url: '/rooms/'+room+'/recordings/'+id
       }).done(function() {
-        $('tr[id="'+id+'"]').remove();
+        recordingsTable.api().row("#"+id).remove().draw();
       });
     });
 
@@ -160,6 +163,9 @@
     }
     table = recordingsTable.api();
     $.get("/rooms/"+window.location.pathname.split('/').pop()+"/recordings", function(data) {
+      if (!data.is_owner) {
+        table.column(-1).visible( false );
+      }
       var i;
       for (i = 0; i < data.recordings.length; i++) {
         var totalMinutes = Math.round((new Date(data.recordings[i].end_time) - new Date(data.recordings[i].start_time)) / 1000 / 60);
diff --git a/app/controllers/bbb_controller.rb b/app/controllers/bbb_controller.rb
index aa140966..bc65542e 100644
--- a/app/controllers/bbb_controller.rb
+++ b/app/controllers/bbb_controller.rb
@@ -38,12 +38,12 @@ class BbbController < ApplicationController
 
   # GET /rooms/:id/recordings
   def recordings
-    user = User.find_by username: params[:id]
-    if !user
+    @user = User.find_by username: params[:id]
+    if !@user
       render head(:not_found) && return
     end
 
-    bbb_res = bbb_get_recordings user.username
+    bbb_res = bbb_get_recordings @user.username
     render_bbb_response bbb_res, bbb_res[:recordings]
   end
 
diff --git a/app/jobs/recording_updates_job.rb b/app/jobs/recording_updates_job.rb
index 866e729d..7d884756 100644
--- a/app/jobs/recording_updates_job.rb
+++ b/app/jobs/recording_updates_job.rb
@@ -11,6 +11,7 @@ class RecordingUpdatesJob < ApplicationJob
       bbb_res = bbb_get_recordings(nil, record_id)
       if bbb_res[:recordings].first[:published].to_s == published
         ActionCable.server.broadcast "#{room}_recording_updates_channel",
+          record_id: record_id,
           published: bbb_res[:recordings].first[:published]
         break
       end
diff --git a/app/views/bbb/recordings.jbuilder b/app/views/bbb/recordings.jbuilder
index 63d617ca..23781b77 100644
--- a/app/views/bbb/recordings.jbuilder
+++ b/app/views/bbb/recordings.jbuilder
@@ -1,5 +1,6 @@
 json.partial! 'bbb', messageKey: @messageKey, message: @message, status: @status
 unless @response.blank?
+  json.is_owner current_user == @user
   json.recordings do
     unless @response.is_a? Array
       @response = [@response]