forked from External/greenlight
GRN2-xx: Switch the relation between users and roles to make queries cleaner and faster (#1299)
* First steps * Fixes in account creation flow * Fixed most testcases * more test fixes * Fixed more test cases * Passing tests and rubocop * Added rake task to remove rooms
This commit is contained in:
Ahmad Farhat
GitHub
parent
8f454cad0e
commit
467947f1b5
|
|
@ -18,61 +18,19 @@ $(document).on('turbolinks:load', function(){
|
|||
var controller = $("body").data('controller');
|
||||
var action = $("body").data('action');
|
||||
if ((controller == "admins" && action == "edit_user") || (controller == "users" && action == "edit")) {
|
||||
// Clear the role when the user clicks the x
|
||||
$(".clear-role").click(clearRole)
|
||||
// Hack to make it play nice with turbolinks
|
||||
if ($("#role-dropdown:visible").length == 0){
|
||||
$(window).trigger('load.bs.select.data-api')
|
||||
}
|
||||
|
||||
// When the user selects an item in the dropdown add the role to the user
|
||||
$("#role-select-dropdown").change(function(data){
|
||||
var dropdown = $("#role-select-dropdown");
|
||||
var select_role_id = dropdown.val();
|
||||
// Check to see if the role dropdown was set up
|
||||
if ($("#role-dropdown").length != 0){
|
||||
$("#role-dropdown").selectpicker('val', $("#user_role_id").val())
|
||||
}
|
||||
|
||||
if(select_role_id){
|
||||
// Disable the role in the dropdown
|
||||
var selected_role = dropdown.find('[value=\"' + select_role_id + '\"]');
|
||||
selected_role.prop("disabled", true)
|
||||
|
||||
// Add the role tag
|
||||
var tag_container = $("#role-tag-container");
|
||||
tag_container.append("<span id=\"user-role-tag_" + select_role_id + "\" style=\"background-color:" + selected_role.data("colour") + ";\" class=\"tag user-role-tag\">" +
|
||||
selected_role.text() + "<a data-role-id=\"" + select_role_id + "\" class=\"tag-addon clear-role\"><i data-role-id=\"" + select_role_id + "\" class=\"fas fa-times\"></i></a></span>");
|
||||
|
||||
// Update the role ids input that gets submited on user update
|
||||
var role_ids = $("#user_role_ids").val()
|
||||
role_ids += " " + select_role_id
|
||||
$("#user_role_ids").val(role_ids)
|
||||
|
||||
// Add the clear role function to the tag
|
||||
$("#user-role-tag_" + select_role_id).click(clearRole);
|
||||
|
||||
// Reset the dropdown
|
||||
dropdown.val(null)
|
||||
}
|
||||
// Update hidden field with new value
|
||||
$("#role-dropdown").on("changed.bs.select", function(){
|
||||
$("#user_role_id").val($("#role-dropdown").selectpicker('val'))
|
||||
})
|
||||
}
|
||||
})
|
||||
|
||||
// This function removes the specfied role from a user
|
||||
function clearRole(data){
|
||||
// Get the role id
|
||||
var role_id = $(data.target).data("role-id");
|
||||
var role_tag = $("#user-role-tag_" + role_id);
|
||||
|
||||
// Remove the role tag
|
||||
$(role_tag).remove()
|
||||
|
||||
// Update the role ids input
|
||||
var role_ids = $("#user_role_ids").val()
|
||||
var parsed_ids = role_ids.split(' ')
|
||||
|
||||
var index = parsed_ids.indexOf(role_id.toString());
|
||||
|
||||
if (index > -1) {
|
||||
parsed_ids.splice(index, 1);
|
||||
}
|
||||
|
||||
$("#user_role_ids").val(parsed_ids.join(' '))
|
||||
|
||||
// Enable the role in the role select dropdown
|
||||
var selected_role = $("#role-select-dropdown").find('[value=\"' + role_id + '\"]');
|
||||
selected_role.prop("disabled", false)
|
||||
}
|
||||
})
|
||||
|
|
@ -86,23 +86,21 @@ class AdminsController < ApplicationController
|
|||
|
||||
# POST /admins/ban/:user_uid
|
||||
def ban_user
|
||||
@user.roles = []
|
||||
@user.add_role :denied
|
||||
@user.set_role :denied
|
||||
|
||||
redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.banned") }
|
||||
end
|
||||
|
||||
# POST /admins/unban/:user_uid
|
||||
def unban_user
|
||||
@user.remove_role :denied
|
||||
@user.add_role :user
|
||||
@user.set_role :user
|
||||
|
||||
redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.unbanned") }
|
||||
end
|
||||
|
||||
# POST /admins/approve/:user_uid
|
||||
def approve
|
||||
@user.remove_role :pending
|
||||
@user.set_role :user
|
||||
|
||||
send_user_approved_email(@user)
|
||||
|
||||
|
|
@ -298,7 +296,7 @@ class AdminsController < ApplicationController
|
|||
flash[:alert] = I18n.t("administrator.roles.role_has_users", user_count: role.users.count)
|
||||
return redirect_to admin_roles_path(selected_role: role.id)
|
||||
elsif Role::RESERVED_ROLE_NAMES.include?(role) || role.provider != @user_domain ||
|
||||
role.priority <= current_user.highest_priority_role.priority
|
||||
role.priority <= current_user.role.priority
|
||||
return redirect_to admin_roles_path(selected_role: role.id)
|
||||
else
|
||||
role.role_permissions.delete_all
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
# Retrieves the current user.
|
||||
def current_user
|
||||
@current_user ||= User.includes(:roles, :main_room).find_by(id: session[:user_id])
|
||||
@current_user ||= User.includes(:role, :main_room).find_by(id: session[:user_id])
|
||||
|
||||
if Rails.configuration.loadbalanced_configuration
|
||||
if @current_user && !@current_user.has_role?(:super_admin) &&
|
||||
|
|
|
|||
|
|
@ -99,7 +99,6 @@ module Emailer
|
|||
def send_approval_user_signup_email(user)
|
||||
begin
|
||||
return unless Rails.configuration.enable_email_verification
|
||||
|
||||
admin_emails = admin_emails()
|
||||
UserMailer.approval_user_signup(user, admins_url(tab: "pending"),
|
||||
admin_emails, @settings).deliver_now unless admin_emails.empty?
|
||||
|
|
@ -129,12 +128,12 @@ module Emailer
|
|||
end
|
||||
|
||||
def admin_emails
|
||||
admins = User.all_users_with_roles.where(roles: { role_permissions: { name: "can_manage_users", value: "true" } })
|
||||
roles = Role.where(provider: @user_domain, role_permissions: { name: "can_manage_users", value: "true" })
|
||||
.pluck(:name)
|
||||
|
||||
if Rails.configuration.loadbalanced_configuration
|
||||
admins = admins.without_role(:super_admin)
|
||||
.where(provider: @user_domain)
|
||||
end
|
||||
admins = User.with_role(roles - ["super_admin"])
|
||||
|
||||
admins = admins.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
|
||||
|
||||
admins.collect(&:email).join(",")
|
||||
end
|
||||
|
|
|
|||
|
|
@ -25,29 +25,22 @@ module Populator
|
|||
|
||||
initial_user = case @tab
|
||||
when "active"
|
||||
User.includes(:roles).without_role(:pending).without_role(:denied)
|
||||
User.without_role([:pending, :denied])
|
||||
when "deleted"
|
||||
User.includes(:roles).deleted
|
||||
User.deleted
|
||||
else
|
||||
User.includes(:roles)
|
||||
User.all
|
||||
end
|
||||
|
||||
current_role = Role.find_by(name: @tab, provider: @user_domain) if @tab == "pending" || @tab == "denied"
|
||||
|
||||
initial_list = if current_user.has_role? :super_admin
|
||||
initial_user.where.not(id: current_user.id)
|
||||
else
|
||||
initial_user.without_role(:super_admin).where.not(id: current_user.id)
|
||||
end
|
||||
initial_list = initial_user.without_role(:super_admin) unless current_user.has_role? :super_admin
|
||||
|
||||
if Rails.configuration.loadbalanced_configuration
|
||||
initial_list.where(provider: @user_domain)
|
||||
.admins_search(@search, current_role)
|
||||
.admins_order(@order_column, @order_direction)
|
||||
else
|
||||
initial_list.admins_search(@search, current_role)
|
||||
.admins_order(@order_column, @order_direction)
|
||||
end
|
||||
initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
|
||||
|
||||
initial_list.where.not(id: current_user.id)
|
||||
.admins_search(@search, current_role)
|
||||
.admins_order(@order_column, @order_direction)
|
||||
end
|
||||
|
||||
# Returns a list of rooms that are in the same context of the current user
|
||||
|
|
@ -74,13 +67,12 @@ module Populator
|
|||
def shared_user_list
|
||||
roles_can_appear = []
|
||||
Role.where(provider: @user_domain).each do |role|
|
||||
roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.priority >= 0
|
||||
if role.get_permission("can_appear_in_share_list") && role.get_permission("can_create_rooms") && role.priority >= 0
|
||||
roles_can_appear << role.name
|
||||
end
|
||||
end
|
||||
|
||||
initial_list = User.where.not(uid: current_user.uid)
|
||||
.without_role(:pending)
|
||||
.without_role(:denied)
|
||||
.with_highest_priority_role(roles_can_appear)
|
||||
initial_list = User.where.not(uid: current_user.uid).with_role(roles_can_appear)
|
||||
|
||||
return initial_list unless Rails.configuration.loadbalanced_configuration
|
||||
initial_list.where(provider: @user_domain)
|
||||
|
|
@ -88,7 +80,7 @@ module Populator
|
|||
|
||||
# Returns a list of users that can merged into another user
|
||||
def merge_user_list
|
||||
initial_list = User.where.not(uid: current_user.uid).without_role(:super_admin)
|
||||
initial_list = User.without_role(:super_admin).where.not(uid: current_user.uid)
|
||||
|
||||
return initial_list unless Rails.configuration.loadbalanced_configuration
|
||||
initial_list.where(provider: @user_domain)
|
||||
|
|
|
|||
|
|
@ -46,60 +46,23 @@ module Rolify
|
|||
end
|
||||
|
||||
# Updates a user's roles
|
||||
def update_roles(roles)
|
||||
# Check that the user can manage users
|
||||
return true unless current_user.highest_priority_role.get_permission("can_manage_users")
|
||||
def update_roles(role_id)
|
||||
return true if role_id.blank?
|
||||
# Check to make sure user can edit roles
|
||||
return false unless current_user.role.get_permission("can_manage_users")
|
||||
|
||||
new_roles = roles.split(' ').map(&:to_i)
|
||||
old_roles = @user.roles.pluck(:id).uniq
|
||||
return true if @user.role_id == role_id
|
||||
|
||||
added_role_ids = new_roles - old_roles
|
||||
removed_role_ids = old_roles - new_roles
|
||||
new_role = Role.find_by(id: role_id, provider: @user_domain)
|
||||
# Return false if new role doesn't exist
|
||||
return false if new_role.nil?
|
||||
|
||||
added_roles = []
|
||||
removed_roles = []
|
||||
current_user_role = current_user.highest_priority_role
|
||||
|
||||
# Check that the user has the permissions to add all the new roles
|
||||
added_role_ids.each do |id|
|
||||
role = Role.find(id)
|
||||
|
||||
# Admins are able to add the admin role to other users. All other roles may only
|
||||
# add roles with a higher priority
|
||||
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
|
||||
role.provider == @user_domain
|
||||
added_roles << role
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
# Check that the user has the permissions to remove all the deleted roles
|
||||
removed_role_ids.each do |id|
|
||||
role = Role.find(id)
|
||||
|
||||
# Admins are able to remove the admin role from other users. All other roles may only
|
||||
# remove roles with a higher priority
|
||||
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
|
||||
role.provider == @user_domain
|
||||
removed_roles << role
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
return false if new_role.priority < current_user.role.priority
|
||||
|
||||
# Send promoted/demoted emails
|
||||
added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
|
||||
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
|
||||
send_user_promoted_email(@user, new_role) if new_role.get_permission("send_promoted_email")
|
||||
|
||||
# Update the roles
|
||||
@user.roles.delete(removed_roles)
|
||||
@user.roles << added_roles
|
||||
|
||||
# Make sure each user always has at least the user role
|
||||
@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
|
||||
|
||||
@user.save!
|
||||
@user.update_attribute(:role_id, role_id)
|
||||
end
|
||||
|
||||
# Updates a roles priority
|
||||
|
|
@ -107,7 +70,7 @@ module Rolify
|
|||
user_role = Role.find_by(name: "user", provider: @user_domain)
|
||||
admin_role = Role.find_by(name: "admin", provider: @user_domain)
|
||||
|
||||
current_user_role = current_user.highest_priority_role
|
||||
current_user_role = current_user.role
|
||||
|
||||
# Users aren't allowed to update the priority of the admin or user roles
|
||||
return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)
|
||||
|
|
@ -149,7 +112,7 @@ module Rolify
|
|||
|
||||
# Update Permissions
|
||||
def update_permissions(role)
|
||||
current_user_role = current_user.highest_priority_role
|
||||
current_user_role = current_user.role
|
||||
|
||||
# Checks that it is valid for the provider to update the role
|
||||
return false if role.priority <= current_user_role.priority || role.provider != @user_domain
|
||||
|
|
|
|||
|
|
@ -57,8 +57,6 @@ class RecordingsController < ApplicationController
|
|||
|
||||
# Ensure the user is logged into the room they are accessing.
|
||||
def verify_room_ownership
|
||||
if !@room.owned_by?(current_user) && !current_user&.highest_priority_role&.get_permission("can_manage_rooms_recordings")
|
||||
redirect_to root_path
|
||||
end
|
||||
redirect_to root_path if !@room.owned_by?(current_user) && !current_user&.role&.get_permission("can_manage_rooms_recordings")
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class RoomsController < ApplicationController
|
|||
|
||||
# If its the current user's room
|
||||
if current_user && (@room.owned_by?(current_user) || @shared_room)
|
||||
if current_user.highest_priority_role.get_permission("can_create_rooms")
|
||||
if current_user.role.get_permission("can_create_rooms")
|
||||
# User is allowed to have rooms
|
||||
@search, @order_column, @order_direction, recs =
|
||||
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
|
||||
|
|
|
|||
|
|
@ -218,7 +218,7 @@ class SessionsController < ApplicationController
|
|||
|
||||
# Add pending role if approval method and is a new user
|
||||
if approval_registration && !@user_exists
|
||||
user.add_role :pending
|
||||
user.set_role :pending
|
||||
|
||||
# Inform admins that a user signed up if emails are turned on
|
||||
send_approval_user_signup_email(user)
|
||||
|
|
@ -228,6 +228,8 @@ class SessionsController < ApplicationController
|
|||
|
||||
send_invite_user_signup_email(user) if invite_registration && !@user_exists
|
||||
|
||||
user.set_role :user unless @user_exists
|
||||
|
||||
login(user)
|
||||
|
||||
if @auth['provider'] == "twitter"
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class UsersController < ApplicationController
|
|||
|
||||
# Set user to pending and redirect if Approval Registration is set
|
||||
if approval_registration
|
||||
@user.add_role :pending
|
||||
@user.set_role :pending
|
||||
|
||||
return redirect_to root_path,
|
||||
flash: { success: I18n.t("registration.approval.signup") } unless Rails.configuration.enable_email_verification
|
||||
|
|
@ -56,7 +56,11 @@ class UsersController < ApplicationController
|
|||
send_registration_email
|
||||
|
||||
# Sign in automatically if email verification is disabled or if user is already verified.
|
||||
login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified
|
||||
if !Rails.configuration.enable_email_verification || @user.email_verified
|
||||
@user.set_role :user
|
||||
|
||||
login(@user) && return
|
||||
end
|
||||
|
||||
send_activation_email(@user, @user.create_activation_token)
|
||||
|
||||
|
|
@ -116,7 +120,7 @@ class UsersController < ApplicationController
|
|||
|
||||
user_locale(@user)
|
||||
|
||||
if update_roles(params[:user][:role_ids])
|
||||
if update_roles(params[:user][:role_id])
|
||||
return redirect_to redirect_path, flash: { success: I18n.t("info_update_success") }
|
||||
else
|
||||
flash[:alert] = I18n.t("administrator.roles.invalid_assignment")
|
||||
|
|
|
|||
|
|
@ -110,6 +110,6 @@ module AdminsHelper
|
|||
# Roles
|
||||
|
||||
def edit_disabled
|
||||
@edit_disabled ||= @selected_role.priority <= current_user.highest_priority_role.priority
|
||||
@edit_disabled ||= @selected_role.priority <= current_user.role.priority
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ module UsersHelper
|
|||
end
|
||||
|
||||
def disabled_roles(user)
|
||||
current_user_role = current_user.highest_priority_role
|
||||
current_user_role = current_user.role
|
||||
|
||||
# Admins are able to remove the admin role from other admins
|
||||
# For all other roles they can only add/remove roles with a higher priority
|
||||
|
|
@ -38,7 +38,7 @@ module UsersHelper
|
|||
.pluck(:id)
|
||||
end
|
||||
|
||||
user.roles.by_priority.pluck(:id) | disallowed_roles
|
||||
[user.role.id] + disallowed_roles
|
||||
end
|
||||
|
||||
# Returns language selection options for user edit
|
||||
|
|
@ -52,6 +52,11 @@ module UsersHelper
|
|||
language_opts.sort
|
||||
end
|
||||
|
||||
# Returns a list of roles that the user can have
|
||||
def role_options
|
||||
Role.editable_roles(@user_domain).where("priority >= ?", current_user.role.priority)
|
||||
end
|
||||
|
||||
# Parses markdown for rendering.
|
||||
def markdown(text)
|
||||
markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML,
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ class Ability
|
|||
elsif user.has_role? :super_admin
|
||||
can :manage, :all
|
||||
else
|
||||
highest_role = user.highest_priority_role
|
||||
highest_role = user.role
|
||||
if highest_role.get_permission("can_edit_site_settings")
|
||||
can [:site_settings, :room_configuration, :update_settings,
|
||||
:update_room_configuration, :coloring, :registration_method], :admin
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ module AuthValues
|
|||
role_provider = auth['provider'] == "bn_launcher" ? auth['info']['customer'] : "greenlight"
|
||||
roles.each do |role_name|
|
||||
role = Role.find_by(provider: role_provider, name: role_name)
|
||||
user.roles << role if !role.nil? && !user.has_role?(role_name)
|
||||
user.role = role if !role.nil? && !user.has_role?(role_name)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -17,10 +17,12 @@
|
|||
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
class Role < ApplicationRecord
|
||||
has_and_belongs_to_many :users, join_table: :users_roles
|
||||
has_and_belongs_to_many :users, join_table: :users_roles # Obsolete -- not used anymore
|
||||
has_many :role_permissions
|
||||
|
||||
default_scope { includes(:role_permissions).order(:priority) }
|
||||
has_many :users
|
||||
|
||||
default_scope { includes(:role_permissions).distinct.order(:priority) }
|
||||
scope :by_priority, -> { order(:priority) }
|
||||
scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) }
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,9 @@ class User < ApplicationRecord
|
|||
has_many :shared_access
|
||||
belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
|
||||
|
||||
has_and_belongs_to_many :roles, join_table: :users_roles
|
||||
has_and_belongs_to_many :roles, join_table: :users_roles # obsolete
|
||||
|
||||
belongs_to :role, required: false
|
||||
|
||||
validates :name, length: { maximum: 256 }, presence: true
|
||||
validates :provider, presence: true
|
||||
|
|
@ -92,14 +94,12 @@ class User < ApplicationRecord
|
|||
end
|
||||
|
||||
search_param = "%#{string}%"
|
||||
joins("LEFT OUTER JOIN users_roles ON users_roles.user_id = users.id LEFT OUTER JOIN roles " \
|
||||
"ON roles.id = users_roles.role_id").distinct
|
||||
.where(search_query, search: search_param, roles_search: role_search_param)
|
||||
where(search_query, search: search_param, roles_search: role_search_param)
|
||||
end
|
||||
|
||||
def self.admins_order(column, direction)
|
||||
# Arel.sql to avoid sql injection
|
||||
order(Arel.sql("#{column} #{direction}"))
|
||||
order(Arel.sql("users.#{column} #{direction}"))
|
||||
end
|
||||
|
||||
# Returns a list of rooms ordered by last session (with nil rooms last)
|
||||
|
|
@ -109,6 +109,7 @@ class User < ApplicationRecord
|
|||
|
||||
# Activates an account and initialize a users main room
|
||||
def activate
|
||||
set_role :user if role_id.nil?
|
||||
update_attributes(email_verified: true, activated_at: Time.zone.now, activation_digest: nil)
|
||||
end
|
||||
|
||||
|
|
@ -162,7 +163,7 @@ class User < ApplicationRecord
|
|||
end
|
||||
|
||||
def admin_of?(user, permission)
|
||||
has_correct_permission = highest_priority_role.get_permission(permission) && id != user.id
|
||||
has_correct_permission = role.get_permission(permission) && id != user.id
|
||||
|
||||
return has_correct_permission unless Rails.configuration.loadbalanced_configuration
|
||||
return id != user.id if has_role? :super_admin
|
||||
|
|
@ -170,70 +171,31 @@ class User < ApplicationRecord
|
|||
end
|
||||
|
||||
# role functions
|
||||
def highest_priority_role
|
||||
roles.min_by(&:priority)
|
||||
end
|
||||
def set_role(role) # rubocop:disable Naming/AccessorMethodName
|
||||
return if has_role?(role)
|
||||
|
||||
def add_role(role)
|
||||
unless has_role?(role)
|
||||
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
|
||||
new_role = Role.find_by(name: role, provider: role_provider)
|
||||
|
||||
new_role = Role.find_by(name: role, provider: role_provider)
|
||||
return if new_role.nil?
|
||||
|
||||
if new_role.nil?
|
||||
return if Role.duplicate_name(role, role_provider) || role.strip.empty?
|
||||
create_home_room if main_room.nil? && new_role.get_permission("can_create_rooms")
|
||||
|
||||
new_role = Role.create_new_role(role, role_provider)
|
||||
end
|
||||
update_attribute(:role, new_role)
|
||||
|
||||
roles << new_role
|
||||
|
||||
save!
|
||||
end
|
||||
end
|
||||
|
||||
def remove_role(role)
|
||||
if has_role?(role)
|
||||
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
|
||||
|
||||
roles.delete(Role.find_by(name: role, provider: role_provider))
|
||||
save!
|
||||
end
|
||||
new_role
|
||||
end
|
||||
|
||||
# This rule is disabled as the function name must be has_role?
|
||||
# rubocop:disable Naming/PredicateName
|
||||
def has_role?(role)
|
||||
# rubocop:enable Naming/PredicateName
|
||||
roles.each do |single_role|
|
||||
return true if single_role.name.eql? role.to_s
|
||||
end
|
||||
|
||||
false
|
||||
def has_role?(role_name) # rubocop:disable Naming/PredicateName
|
||||
role&.name == role_name.to_s
|
||||
end
|
||||
|
||||
def self.with_role(role)
|
||||
User.all_users_with_roles.where(roles: { name: role })
|
||||
User.includes(:role).where(roles: { name: role })
|
||||
end
|
||||
|
||||
def self.without_role(role)
|
||||
User.where.not(id: with_role(role).pluck(:id))
|
||||
end
|
||||
|
||||
def self.with_highest_priority_role(role)
|
||||
User.all_users_highest_priority_role.where(roles: { name: role })
|
||||
end
|
||||
|
||||
def self.all_users_with_roles
|
||||
User.joins("INNER JOIN users_roles ON users_roles.user_id = users.id INNER JOIN roles " \
|
||||
"ON roles.id = users_roles.role_id INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
|
||||
end
|
||||
|
||||
def self.all_users_highest_priority_role
|
||||
User.joins("INNER JOIN (SELECT user_id, min(roles.priority) as role_priority FROM users_roles " \
|
||||
"INNER JOIN roles ON users_roles.role_id = roles.id GROUP BY user_id) as a ON " \
|
||||
"a.user_id = users.id INNER JOIN roles ON roles.priority = a.role_priority " \
|
||||
" INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
|
||||
User.includes(:role).where.not(roles: { name: role })
|
||||
end
|
||||
|
||||
private
|
||||
|
|
@ -246,15 +208,13 @@ class User < ApplicationRecord
|
|||
def setup_user
|
||||
# Initializes a room for the user and assign a BigBlueButton user id.
|
||||
id = "gl-#{(0...12).map { rand(65..90).chr }.join.downcase}"
|
||||
room = Room.create!(owner: self, name: I18n.t("home_room"))
|
||||
|
||||
update_attributes(uid: id, main_room: room)
|
||||
update_attributes(uid: id)
|
||||
|
||||
# Initialize the user to use the default user role
|
||||
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
|
||||
|
||||
Role.create_default_roles(role_provider) if Role.where(provider: role_provider).count.zero?
|
||||
add_role(:user) if roles.blank?
|
||||
end
|
||||
|
||||
def check_if_email_can_be_blank
|
||||
|
|
@ -266,4 +226,13 @@ class User < ApplicationRecord
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def create_home_room
|
||||
room = Room.create!(owner: self, name: I18n.t("home_room"))
|
||||
update_attributes(main_room: room)
|
||||
end
|
||||
|
||||
def role_provider
|
||||
Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
%>
|
||||
|
||||
<div class="list-group list-group-transparent mb-0">
|
||||
<% highest_role = current_user.highest_priority_role %>
|
||||
<% highest_role = current_user.role %>
|
||||
<% highest_role.name %>
|
||||
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
|
||||
<%= link_to admins_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "index"}" do %>
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<% current_role = current_user.highest_priority_role%>
|
||||
<% current_role = current_user.role%>
|
||||
<div class="col-lg-3 mb-4">
|
||||
<div class="list-group list-group-transparent mb-0">
|
||||
<div id="rolesSelect" data-url="<%= admin_roles_order_path %>">
|
||||
|
|
|
|||
|
|
@ -13,21 +13,6 @@
|
|||
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
||||
%>
|
||||
|
||||
<%
|
||||
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
|
||||
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
|
||||
# This program is free software; you can redistribute it and/or modify it under the
|
||||
# terms of the GNU Lesser General Public License as published by the Free Software
|
||||
# Foundation; either version 3.0 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
|
||||
# You should have received a copy of the GNU Lesser General Public License along
|
||||
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
||||
%>
|
||||
|
||||
<% if @role.nil? %>
|
||||
<%= render "admins/components/manage_users_tags" %>
|
||||
<% else %>
|
||||
|
|
@ -89,11 +74,10 @@
|
|||
<td class="user-email"><%= user.email && user.email != "" ? user.email : user.username%></td>
|
||||
<td><%= user.provider %></td>
|
||||
<td class="text-center">
|
||||
<% roles = user.roles().pluck(:name) %>
|
||||
<%= render "admins/components/admins_role", role: user.highest_priority_role %>
|
||||
<%= render "admins/components/admins_role", role: user.role %>
|
||||
</td>
|
||||
<td>
|
||||
<% if !roles.include?("super_admin") %>
|
||||
<% if !user.has_role?("super_admin") %>
|
||||
<div class="item-action dropdown">
|
||||
<a href="javascript:void(0)" data-toggle="dropdown" class="icon">
|
||||
<i class="fas fa-ellipsis-v px-4"></i>
|
||||
|
|
@ -106,14 +90,14 @@
|
|||
<button class="delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid, permanent: "true") %>" data-toggle="modal" data-target="#deleteAccountModal">
|
||||
<i class="dropdown-icon fas fa-skull-crossbones"></i> <%= t("administrator.users.settings.perm_delete") %>
|
||||
</button>
|
||||
<% elsif roles.include?("denied") %>
|
||||
<% elsif user.has_role?("denied") %>
|
||||
<%= button_to admin_unban_path(user_uid: user.uid), class: "dropdown-item", "data-disable": "" do %>
|
||||
<i class="dropdown-icon fas fa-lock-open"></i> <%= t("administrator.users.settings.unban") %>
|
||||
<% end %>
|
||||
<button class= "delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid) %>" data-delete="temp-delete" data-toggle="modal" data-target="#deleteAccountModal">
|
||||
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
|
||||
</button>
|
||||
<% elsif roles.include?("pending") %>
|
||||
<% elsif user.has_role?("pending") %>
|
||||
<%= button_to admin_approve_path(user_uid: user.uid), class: "dropdown-item", "data-disable": "" do %>
|
||||
<i class="dropdown-icon far fa-check-circle"></i> <%= t("administrator.users.settings.approve") %>
|
||||
<% end %>
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
<i class="fas fa-home pr-1 "></i><span class="d-none d-sm-inline-block"><%= t("header.dropdown.home") %></span>
|
||||
<% end %>
|
||||
|
||||
<% if current_user.highest_priority_role.get_permission("can_create_rooms") %>
|
||||
<% if current_user.role.get_permission("can_create_rooms") %>
|
||||
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
|
||||
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
|
||||
<i class="fas fa-video pr-1"></i><span class="d-none d-sm-inline-block"><%= t("header.all_recordings") %></span>
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
<%= link_to edit_user_path(current_user), class: "dropdown-item" do %>
|
||||
<i class="dropdown-icon fas fa-id-card mr-3"></i><%= t("header.dropdown.settings") %>
|
||||
<% end %>
|
||||
<% highest_role = current_user.highest_priority_role %>
|
||||
<% highest_role = current_user.role %>
|
||||
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
|
||||
<%= link_to admins_path, class: "dropdown-item" do %>
|
||||
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
||||
%>
|
||||
|
||||
<%= form_for @user, url: update_user_path, method: :patch do |f| %>
|
||||
<%= form_for @user, url: update_user_path, method: :post do |f| %>
|
||||
<%= hidden_field_tag :setting, "account" %>
|
||||
<div class="form-group">
|
||||
<div class="row">
|
||||
|
|
@ -38,28 +38,21 @@
|
|||
<%= f.label t("settings.account.language"), class: "form-label" %>
|
||||
<%= f.select :language, language_options, {}, { class: "form-control custom-select" } %>
|
||||
|
||||
<% current_user_role = current_user.highest_priority_role %>
|
||||
<br>
|
||||
<br>
|
||||
<%= f.label t("settings.account.roles"), class: "form-label" %>
|
||||
<div id="role-tag-container" class="tags mb-1">
|
||||
<% @user.roles.by_priority.each do |role| %>
|
||||
<span id="<%= "user-role-tag_#{role.id}" %>" style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)};" %>" class="tag user-role-tag">
|
||||
<%= translated_role_name(role) %>
|
||||
<% if (current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
|
||||
<a data-role-id="<%= role.id %>" class="tag-addon clear-role">
|
||||
<i data-role-id="<%= role.id %>" class="fas fa-times"></i>
|
||||
</a>
|
||||
<% end %>
|
||||
</span>
|
||||
<% end %>
|
||||
</div>
|
||||
<% if current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin" %>
|
||||
<% provider = Rails.configuration.loadbalanced_configuration ? current_user.provider : "greenlight" %>
|
||||
<%= f.select :roles, Role.editable_roles(@user_domain).map{|role| [translated_role_name(role), role.id, {'data-colour' => role_colour(role)}]}.unshift(["", nil, {'data-colour' => nil}]), {disabled: disabled_roles(@user)}, { class: "form-control custom-select", id: "role-select-dropdown" } %>
|
||||
<% end %>
|
||||
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id).uniq %>
|
||||
<%= f.label t("settings.account.roles"), class: "form-label mt-5" %>
|
||||
|
||||
<% if current_user.role.get_permission("can_manage_users") %>
|
||||
<select id="role-dropdown" class="selectpicker show-tick" >
|
||||
<% role_options.each do |role| %>
|
||||
<option value="<%=role.id%>"><%= translated_role_name(role) %></option>
|
||||
<% end %>
|
||||
</select>
|
||||
|
||||
<%= f.hidden_field :role_id, id: "user_role_id", value: @user.role.id %>
|
||||
<% else %>
|
||||
<span style="<%= "background-color: #{role_colour(@user.role)};border-color: #{role_colour(@user.role)};" %>" class="tag custom-role-tag">
|
||||
<%= translated_role_name(@user.role) %>
|
||||
</span>
|
||||
<% end %>
|
||||
<%= f.label t("settings.account.image"), class: "form-label mt-5" %>
|
||||
<div class="row">
|
||||
<div class="col-2">
|
||||
|
|
|
|||
|
|
@ -534,7 +534,7 @@ en:
|
|||
provider: Provider
|
||||
image: Image
|
||||
image_url: Profile Image URL
|
||||
roles: User Roles
|
||||
roles: User Role
|
||||
subtitle: Update your Account Info
|
||||
title: Account Info
|
||||
delete:
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ Rails.application.routes.draw do
|
|||
get '/:user_uid/edit', to: 'users#edit', as: :edit_user
|
||||
get '/:user_uid/change_password', to: 'users#change_password', as: :change_password
|
||||
get '/:user_uid/delete_account', to: 'users#delete_account', as: :delete_account
|
||||
patch '/:user_uid/edit', to: 'users#update', as: :update_user
|
||||
post '/:user_uid/edit', to: 'users#update', as: :update_user
|
||||
delete '/:user_uid', to: 'users#destroy', as: :delete_user
|
||||
|
||||
# All user recordings
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ class RolifyCreateRoles < ActiveRecord::Migration[5.0]
|
|||
add_index(:users_roles, [:user_id, :role_id])
|
||||
|
||||
User.all.each do |user|
|
||||
user.add_role(:user) if user.roles.blank?
|
||||
user.set_role(:user) if user.roles.blank?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class MigrationProduct < ActiveRecord::Base
|
||||
self.table_name = :users
|
||||
end
|
||||
|
||||
class SubMigrationProduct < ActiveRecord::Base
|
||||
self.table_name = :roles
|
||||
end
|
||||
|
||||
class AddRoleIdToUsers < ActiveRecord::Migration[5.2]
|
||||
def change
|
||||
reversible do |dir|
|
||||
dir.up do
|
||||
add_reference :users, :role, index: true
|
||||
|
||||
MigrationProduct.where(role_id: nil).each do |user|
|
||||
highest_role = SubMigrationProduct.joins("INNER JOIN users_roles ON users_roles.role_id = roles.id")
|
||||
.where("users_roles.user_id = '#{user.id}'").min_by(&:priority).id
|
||||
user.update_attributes(role_id: highest_role) unless highest_role.nil?
|
||||
end
|
||||
end
|
||||
|
||||
dir.down do
|
||||
remove_reference :users, :role, index: true
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 2020_01_30_144841) do
|
||||
ActiveRecord::Schema.define(version: 2020_04_13_150518) do
|
||||
|
||||
create_table "features", force: :cascade do |t|
|
||||
t.integer "setting_id"
|
||||
|
|
@ -120,11 +120,13 @@ ActiveRecord::Schema.define(version: 2020_01_30_144841) do
|
|||
t.string "activation_digest"
|
||||
t.datetime "activated_at"
|
||||
t.boolean "deleted", default: false, null: false
|
||||
t.integer "role_id"
|
||||
t.index ["created_at"], name: "index_users_on_created_at"
|
||||
t.index ["deleted"], name: "index_users_on_deleted"
|
||||
t.index ["email"], name: "index_users_on_email"
|
||||
t.index ["password_digest"], name: "index_users_on_password_digest", unique: true
|
||||
t.index ["provider"], name: "index_users_on_provider"
|
||||
t.index ["role_id"], name: "index_users_on_role_id"
|
||||
t.index ["room_id"], name: "index_users_on_room_id"
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'bigbluebutton_api'
|
||||
|
||||
namespace :room do
|
||||
desc "Removes all rooms for users that can't create rooms"
|
||||
task :remove, [:include_used] => :environment do |_task, args|
|
||||
roles = Role.where(role_permissions: { name: "can_create_rooms", value: "false" }).pluck(:name)
|
||||
users = User.with_role(roles)
|
||||
users.each do |user|
|
||||
puts "Destroying #{user.uid} rooms"
|
||||
user.rooms.each do |room|
|
||||
if room.sessions.positive? && args[:include_used] != "true"
|
||||
puts "Skipping room #{room.uid}"
|
||||
next
|
||||
end
|
||||
|
||||
begin
|
||||
room.destroy(true)
|
||||
puts "Destroying room #{room.uid}"
|
||||
rescue => e
|
||||
puts "Failed to remove room #{room.uid} - #{e}"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -38,9 +38,9 @@ namespace :user do
|
|||
|
||||
if u[:role] == "super_admin"
|
||||
user.remove_role(:user)
|
||||
user.add_role(:super_admin)
|
||||
user.set_role(:super_admin)
|
||||
elsif u[:role] == "admin"
|
||||
user.add_role(:admin)
|
||||
user.set_role(:admin)
|
||||
end
|
||||
|
||||
puts "Account succesfully created."
|
||||
|
|
|
|||
|
|
@ -70,7 +70,8 @@ describe AccountActivationsController, type: :controller do
|
|||
it "redirects a pending user to root with a flash" do
|
||||
@user = create(:user, email_verified: false, provider: "greenlight")
|
||||
|
||||
@user.add_role :pending
|
||||
@user.set_role :pending
|
||||
@user.reload
|
||||
|
||||
get :edit, params: { token: @user.create_activation_token }
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ describe AdminsController, type: :controller do
|
|||
|
||||
@user = create(:user, provider: "provider1")
|
||||
@admin = create(:user, provider: "provider1")
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
end
|
||||
|
||||
describe "User Roles" do
|
||||
|
|
@ -78,7 +78,7 @@ describe AdminsController, type: :controller do
|
|||
context "POST #unban" do
|
||||
it "unbans the user from the application" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
@user.add_role :denied
|
||||
@user.set_role :denied
|
||||
|
||||
expect(@user.has_role?(:denied)).to eq(true)
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ describe AdminsController, type: :controller do
|
|||
it "approves a pending user" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@user.add_role :pending
|
||||
@user.set_role :pending
|
||||
|
||||
post :approve, params: { user_uid: @user.uid }
|
||||
|
||||
|
|
@ -167,7 +167,7 @@ describe AdminsController, type: :controller do
|
|||
it "sends the user an email telling them theyre approved" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@user.add_role :pending
|
||||
@user.set_role :pending
|
||||
params = { user_uid: @user.uid }
|
||||
expect { post :approve, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
end
|
||||
|
|
@ -245,7 +245,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_manage_users: true)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random manage user action test
|
||||
|
||||
|
|
@ -266,7 +266,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_manage_users: false)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random manage user action test
|
||||
|
||||
|
|
@ -450,7 +450,7 @@ describe AdminsController, type: :controller do
|
|||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@admin.add_role :super_admin
|
||||
@admin.set_role :super_admin
|
||||
@admin.update_attribute(:provider, "greenlight")
|
||||
@user2 = create(:user, provider: "provider1")
|
||||
@user3 = create(:user, provider: "provider1")
|
||||
|
|
@ -479,7 +479,7 @@ describe AdminsController, type: :controller do
|
|||
it "changes the log level" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@admin.add_role :super_admin
|
||||
@admin.set_role :super_admin
|
||||
|
||||
expect(Rails.logger.level).to eq(0)
|
||||
post :log_level, params: { value: 2 }
|
||||
|
|
@ -492,7 +492,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_edit_site_settings: true)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random edit site settings action test
|
||||
|
||||
|
|
@ -510,7 +510,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_manage_users: true)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random edit site settings action test
|
||||
|
||||
|
|
@ -610,7 +610,7 @@ describe AdminsController, type: :controller do
|
|||
new_role2 = Role.create_new_role("test2", "provider1")
|
||||
new_role2.update_permission("can_edit_roles", "true")
|
||||
|
||||
@user.roles << new_role2
|
||||
@user.role = new_role2
|
||||
@user.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
|
@ -657,7 +657,7 @@ describe AdminsController, type: :controller do
|
|||
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1")
|
||||
new_role2.update_permission("can_edit_roles", "true")
|
||||
|
||||
@user.roles << new_role2
|
||||
@user.role = new_role2
|
||||
@user.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
|
@ -743,7 +743,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_edit_roles: true)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random edit roles action test
|
||||
|
||||
|
|
@ -764,7 +764,7 @@ describe AdminsController, type: :controller do
|
|||
Role.create_new_role("test", "greenlight").update_all_role_permissions(can_manage_users: false)
|
||||
|
||||
@user2 = create(:user)
|
||||
@user2.add_role(:test)
|
||||
@user2.set_role(:test)
|
||||
|
||||
# Random edit roles action test
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ describe ApplicationController do
|
|||
end
|
||||
|
||||
it "redirects a banned user to a 401 and logs them out" do
|
||||
@user.add_role :denied
|
||||
@user.set_role :denied
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
get :index
|
||||
|
|
@ -53,7 +53,7 @@ describe ApplicationController do
|
|||
end
|
||||
|
||||
it "redirects a pending user to a 401 and logs them out" do
|
||||
@user.add_role :pending
|
||||
@user.set_role :pending
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
get :index
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ describe RoomsController, type: :controller do
|
|||
end
|
||||
|
||||
it "should render cant_create_rooms if user doesn't have permission to create rooms" do
|
||||
user_role = @user.highest_priority_role
|
||||
user_role = @user.role
|
||||
|
||||
user_role.update_permission("can_create_rooms", "false")
|
||||
user_role.save!
|
||||
|
|
@ -117,7 +117,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to admin if user is a super_admin" do
|
||||
@request.session[:user_id] = @owner.id
|
||||
@owner.add_role :super_admin
|
||||
@owner.set_role :super_admin
|
||||
|
||||
get :show, params: { room_uid: @owner.main_room, search: :none }
|
||||
|
||||
|
|
@ -140,7 +140,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to root if owner is pending" do
|
||||
@request.session[:user_id] = @owner.id
|
||||
@owner.add_role :pending
|
||||
@owner.set_role :pending
|
||||
|
||||
get :show, params: { room_uid: @owner.main_room, search: :none }
|
||||
|
||||
|
|
@ -149,7 +149,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to root if owner is banned" do
|
||||
@request.session[:user_id] = @owner.id
|
||||
@owner.add_role :denied
|
||||
@owner.set_role :denied
|
||||
|
||||
get :show, params: { room_uid: @owner.main_room, search: :none }
|
||||
|
||||
|
|
@ -406,7 +406,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to root if owner is pending" do
|
||||
@request.session[:user_id] = @owner.id
|
||||
@owner.add_role :pending
|
||||
@owner.set_role :pending
|
||||
|
||||
post :join, params: { room_uid: @room }
|
||||
|
||||
|
|
@ -415,7 +415,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to root if owner is banned" do
|
||||
@request.session[:user_id] = @owner.id
|
||||
@owner.add_role :denied
|
||||
@owner.set_role :denied
|
||||
|
||||
post :join, params: { room_uid: @room }
|
||||
|
||||
|
|
@ -456,7 +456,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "allows admin to delete room" do
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
expect do
|
||||
|
|
@ -468,7 +468,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "does not allow admin to delete a users home room" do
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
expect do
|
||||
|
|
@ -483,7 +483,7 @@ describe RoomsController, type: :controller do
|
|||
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
|
||||
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
expect do
|
||||
|
|
@ -527,7 +527,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "redirects to join path if admin" do
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :start, params: { room_uid: @user.main_room }
|
||||
|
|
@ -538,7 +538,7 @@ describe RoomsController, type: :controller do
|
|||
it "redirects to root path if not admin of current user" do
|
||||
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :start, params: { room_uid: @user.main_room }
|
||||
|
|
@ -587,7 +587,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "allows admin to update room settings" do
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
room_params = { "mute_on_join": "1", "name": @secondary_room.name }
|
||||
|
|
@ -603,7 +603,7 @@ describe RoomsController, type: :controller do
|
|||
it "does not allow admins from a different context to update room settings" do
|
||||
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
room_params = { "mute_on_join": "1", "name": @secondary_room.name }
|
||||
|
|
@ -743,7 +743,7 @@ describe RoomsController, type: :controller do
|
|||
|
||||
it "allows admins to update room access" do
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :shared_access, params: { room_uid: @room.uid, add: [@user1.uid] }
|
||||
|
|
@ -756,7 +756,7 @@ describe RoomsController, type: :controller do
|
|||
it "redirects to root path if not admin of current user" do
|
||||
allow_any_instance_of(User).to receive(:admin_of?).and_return(false)
|
||||
@admin = create(:user)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :shared_access, params: { room_uid: @room.uid, add: [] }
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ describe SessionsController, type: :controller do
|
|||
it "redirects to the admins page for admins" do
|
||||
user = create(:user, provider: "greenlight",
|
||||
password: "example", password_confirmation: 'example')
|
||||
user.add_role :super_admin
|
||||
user.set_role :super_admin
|
||||
|
||||
post :create, params: {
|
||||
session: {
|
||||
|
|
@ -235,7 +235,7 @@ describe SessionsController, type: :controller do
|
|||
end
|
||||
|
||||
it "should migrate old rooms from the twitter account to the new user" do
|
||||
twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
||||
|
||||
room = Room.new(name: "Test")
|
||||
|
|
@ -383,7 +383,7 @@ describe SessionsController, type: :controller do
|
|||
|
||||
it "should notify twitter users that twitter is deprecated" do
|
||||
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
||||
twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
||||
|
||||
request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:twitter]
|
||||
|
|
@ -394,7 +394,7 @@ describe SessionsController, type: :controller do
|
|||
end
|
||||
|
||||
it "should migrate rooms from the twitter account to the google account" do
|
||||
twitter_user = User.create(name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
twitter_user = create(:user, name: "Twitter User", email: "user@twitter.com", image: "example.png",
|
||||
username: "twitteruser", email_verified: true, provider: 'twitter', social_uid: "twitter-user")
|
||||
|
||||
room = Room.new(name: "Test")
|
||||
|
|
@ -419,7 +419,7 @@ describe SessionsController, type: :controller do
|
|||
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
||||
@user = create(:user, provider: "greenlight")
|
||||
@admin = create(:user, provider: "greenlight", email: "test@example.com")
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
end
|
||||
|
||||
it "should notify admin on new user signup with approve/reject registration" do
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ describe UsersController, type: :controller do
|
|||
controller.instance_variable_set(:@user_domain, "provider1")
|
||||
|
||||
user = create(:user, provider: "provider1")
|
||||
user.add_role :admin
|
||||
user.set_role :admin
|
||||
user2 = create(:user, provider: "provider1")
|
||||
|
||||
@request.session[:user_id] = user.id
|
||||
|
|
@ -174,7 +174,7 @@ describe UsersController, type: :controller do
|
|||
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
||||
@user = create(:user, provider: "greenlight")
|
||||
@admin = create(:user, provider: "greenlight", email: "test@example.com")
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
end
|
||||
|
||||
it "should notify admins that user signed up" do
|
||||
|
|
@ -232,7 +232,7 @@ describe UsersController, type: :controller do
|
|||
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
||||
@user = create(:user, provider: "greenlight")
|
||||
@admin = create(:user, provider: "greenlight", email: "test@example.com")
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
end
|
||||
|
||||
it "allows any user to sign up" do
|
||||
|
|
@ -278,13 +278,13 @@ describe UsersController, type: :controller do
|
|||
end
|
||||
end
|
||||
|
||||
describe "PATCH #update" do
|
||||
describe "POST #update" do
|
||||
it "properly updates user attributes" do
|
||||
user = create(:user)
|
||||
@request.session[:user_id] = user.id
|
||||
|
||||
params = random_valid_user_params
|
||||
patch :update, params: params.merge!(user_uid: user)
|
||||
post :update, params: params.merge!(user_uid: user)
|
||||
user.reload
|
||||
|
||||
expect(user.name).to eql(params[:user][:name])
|
||||
|
|
@ -297,7 +297,7 @@ describe UsersController, type: :controller do
|
|||
@user = create(:user)
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
patch :update, params: invalid_params.merge!(user_uid: @user)
|
||||
post :update, params: invalid_params.merge!(user_uid: @user)
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
|
|
@ -306,7 +306,7 @@ describe UsersController, type: :controller do
|
|||
user = create(:user)
|
||||
@request.session[:user_id] = user.id
|
||||
|
||||
user_role = user.highest_priority_role
|
||||
user_role = user.role
|
||||
|
||||
user_role.update_permission("can_manage_users", "true")
|
||||
|
||||
|
|
@ -315,30 +315,7 @@ describe UsersController, type: :controller do
|
|||
tmp_role = Role.create(name: "test", priority: -4, provider: "greenlight")
|
||||
|
||||
params = random_valid_user_params
|
||||
patch :update, params: params.merge!(user_uid: user, user: { role_ids: tmp_role.id.to_s })
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_assignment"))
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
it "should fail to update roles if a user tries to remove a role with a higher priority than their own" do
|
||||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
|
||||
@request.session[:user_id] = user.id
|
||||
|
||||
user_role = user.highest_priority_role
|
||||
|
||||
user_role.update_permission("can_manage_users", "true")
|
||||
|
||||
user_role.save!
|
||||
|
||||
params = random_valid_user_params
|
||||
patch :update, params: params.merge!(user_uid: admin, user: { role_ids: "" })
|
||||
|
||||
user.reload
|
||||
post :update, params: params.merge!(user_uid: user, user: { role_id: tmp_role.id.to_s })
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_assignment"))
|
||||
expect(response).to render_template(:edit)
|
||||
|
|
@ -350,53 +327,30 @@ describe UsersController, type: :controller do
|
|||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
admin.set_role :admin
|
||||
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
tmp_role1 = Role.create(name: "test1", priority: 2, provider: "greenlight")
|
||||
tmp_role1.update_permission("send_promoted_email", "true")
|
||||
tmp_role2 = Role.create(name: "test2", priority: 3, provider: "greenlight")
|
||||
|
||||
params = random_valid_user_params
|
||||
params = params.merge!(user_uid: user, user: { role_ids: "#{tmp_role1.id} #{tmp_role2.id}" })
|
||||
params = params.merge!(user_uid: user, user: { role_id: tmp_role1.id.to_s })
|
||||
|
||||
expect { patch :update, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
expect { post :update, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
|
||||
user.reload
|
||||
expect(user.roles.count).to eq(2)
|
||||
expect(user.highest_priority_role.name).to eq("test1")
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
|
||||
it "all users must at least have the user role" do
|
||||
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
||||
|
||||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
|
||||
tmp_role1 = Role.create(name: "test1", priority: 2, provider: "greenlight")
|
||||
tmp_role1.update_permission("send_demoted_email", "true")
|
||||
user.roles << tmp_role1
|
||||
user.save!
|
||||
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
params = random_valid_user_params
|
||||
params = params.merge!(user_uid: user, user: { role_ids: "" })
|
||||
|
||||
expect { patch :update, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
expect(user.roles.count).to eq(1)
|
||||
expect(user.highest_priority_role.name).to eq("user")
|
||||
expect(user.role.name).to eq("test1")
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "DELETE #user" do
|
||||
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
|
||||
before do
|
||||
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
||||
Role.create_default_roles("provider1")
|
||||
end
|
||||
|
||||
it "permanently deletes user" do
|
||||
user = create(:user)
|
||||
|
|
@ -416,7 +370,7 @@ describe UsersController, type: :controller do
|
|||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider1")
|
||||
admin.add_role :admin
|
||||
admin.set_role :admin
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
delete :destroy, params: { user_uid: user.uid }
|
||||
|
|
@ -434,7 +388,7 @@ describe UsersController, type: :controller do
|
|||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider1")
|
||||
admin.add_role :admin
|
||||
admin.set_role :admin
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
delete :destroy, params: { user_uid: user.uid, permanent: "true" }
|
||||
|
|
@ -452,7 +406,7 @@ describe UsersController, type: :controller do
|
|||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider1")
|
||||
admin.add_role :admin
|
||||
admin.set_role :admin
|
||||
@request.session[:user_id] = admin.id
|
||||
uid = user.main_room.uid
|
||||
|
||||
|
|
@ -473,7 +427,7 @@ describe UsersController, type: :controller do
|
|||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider2")
|
||||
admin.add_role :admin
|
||||
admin.set_role :admin
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
delete :destroy, params: { user_uid: user.uid }
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ FactoryBot.define do
|
|||
accepted_terms { true }
|
||||
email_verified { true }
|
||||
activated_at { Time.zone.now }
|
||||
role { set_role(:user) }
|
||||
end
|
||||
|
||||
factory :room do
|
||||
|
|
|
|||
|
|
@ -170,12 +170,12 @@ describe User, type: :model do
|
|||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
|
||||
expect(@admin.admin_of?(@user, "can_manage_users")).to be true
|
||||
|
||||
@super_admin = create(:user, provider: "test")
|
||||
@super_admin.add_role :super_admin
|
||||
@super_admin.set_role :super_admin
|
||||
|
||||
expect(@super_admin.admin_of?(@user, "can_manage_users")).to be true
|
||||
end
|
||||
|
|
@ -188,32 +188,16 @@ describe User, type: :model do
|
|||
|
||||
it "should get the highest priority role" do
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
|
||||
expect(@admin.highest_priority_role.name).to eq("admin")
|
||||
end
|
||||
|
||||
it "should skip adding the role if the user already has the role" do
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.add_role :admin
|
||||
|
||||
expect(@admin.roles.count).to eq(2)
|
||||
expect(@admin.role.name).to eq("admin")
|
||||
end
|
||||
|
||||
it "should add the role if the user doesn't already have the role" do
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
|
||||
expect(@admin.roles.count).to eq(2)
|
||||
end
|
||||
|
||||
it "should remove the role if the user has the role assigned to them" do
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.remove_role :admin
|
||||
|
||||
expect(@admin.roles.count).to eq(1)
|
||||
expect(@admin.has_role?(:admin)).to eq(true)
|
||||
end
|
||||
|
||||
it "has_role? should return false if the user doesn't have the role" do
|
||||
|
|
@ -222,7 +206,7 @@ describe User, type: :model do
|
|||
|
||||
it "has_role? should return true if the user has the role" do
|
||||
@admin = create(:user, provider: @user.provider)
|
||||
@admin.add_role :admin
|
||||
@admin.set_role :admin
|
||||
|
||||
expect(@admin.has_role?(:admin)).to eq(true)
|
||||
end
|
||||
|
|
@ -230,8 +214,8 @@ describe User, type: :model do
|
|||
it "with_role should return all users with the role" do
|
||||
@admin1 = create(:user, provider: @user.provider)
|
||||
@admin2 = create(:user, provider: @user.provider)
|
||||
@admin1.add_role :admin
|
||||
@admin2.add_role :admin
|
||||
@admin1.set_role :admin
|
||||
@admin2.set_role :admin
|
||||
|
||||
expect(User.with_role(:admin).count).to eq(2)
|
||||
end
|
||||
|
|
@ -239,18 +223,11 @@ describe User, type: :model do
|
|||
it "without_role should return all users without the role" do
|
||||
@admin1 = create(:user, provider: @user.provider)
|
||||
@admin2 = create(:user, provider: @user.provider)
|
||||
@admin1.add_role :admin
|
||||
@admin2.add_role :admin
|
||||
@admin1.set_role :admin
|
||||
@admin2.set_role :admin
|
||||
|
||||
expect(User.without_role(:admin).count).to eq(1)
|
||||
end
|
||||
|
||||
it "all_users_with_roles should return all users with at least one role" do
|
||||
@admin1 = create(:user, provider: @user.provider)
|
||||
@admin2 = create(:user, provider: @user.provider)
|
||||
|
||||
expect(User.all_users_with_roles.count).to eq(3)
|
||||
end
|
||||
end
|
||||
|
||||
context 'blank email' do
|
||||
|
|
|
|||
|
|
@ -108,6 +108,8 @@ RSpec.configure do |config|
|
|||
<GOOGLE_HD/>
|
||||
</user>
|
||||
</response>", headers: {}) if ENV['LOADBALANCER_ENDPOINT']
|
||||
|
||||
Role.create_default_roles("greenlight")
|
||||
end
|
||||
|
||||
# rspec-expectations config goes here. You can use an alternate
|
||||
|
|
|
|||
Loading…
Reference in New Issue