lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-xx: Switch the relation between users and roles to make queries cleaner and faster (#1299)

Browse Source 
* First steps

* Fixes in account creation flow

* Fixed most testcases

* more test fixes

* Fixed more test cases

* Passing tests and rubocop

* Added rake task to remove rooms
This commit is contained in:
Ahmad Farhat
2020-05-06 15:23:28 -04:00
committed by GitHub
parent 8f454cad0e
commit 467947f1b5
37 changed files with 262 additions and 402 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
app/assets/javascripts/user_edit.js
View File

@ -18,61 +18,19 @@ $(document).on('turbolinks:load', function(){
var controller = $("body").data('controller');
var action = $("body").data('action');
if ((controller == "admins" && action == "edit_user") || (controller == "users" && action == "edit")) {
// Clear the role when the user clicks the x
$(".clear-role").click(clearRole)
// Hack to make it play nice with turbolinks
if ($("#role-dropdown:visible").length == 0){
$(window).trigger('load.bs.select.data-api')
}
// When the user selects an item in the dropdown add the role to the user
$("#role-select-dropdown").change(function(data){
var dropdown = $("#role-select-dropdown");
var select_role_id = dropdown.val();
// Check to see if the role dropdown was set up
if ($("#role-dropdown").length != 0){
$("#role-dropdown").selectpicker('val', $("#user_role_id").val())
}
if(select_role_id){
// Disable the role in the dropdown
var selected_role = dropdown.find('[value=\"' + select_role_id + '\"]');
selected_role.prop("disabled", true)
// Add the role tag
var tag_container = $("#role-tag-container");
tag_container.append("<span id=\"user-role-tag_" + select_role_id + "\" style=\"background-color:" + selected_role.data("colour") + ";\" class=\"tag user-role-tag\">" +
selected_role.text() + "<a data-role-id=\"" + select_role_id + "\" class=\"tag-addon clear-role\"><i data-role-id=\"" + select_role_id + "\" class=\"fas fa-times\"></i></a></span>");
// Update the role ids input that gets submited on user update
var role_ids = $("#user_role_ids").val()
role_ids += " " + select_role_id
$("#user_role_ids").val(role_ids)
// Add the clear role function to the tag
$("#user-role-tag_" + select_role_id).click(clearRole);
// Reset the dropdown
dropdown.val(null)
}
// Update hidden field with new value
$("#role-dropdown").on("changed.bs.select", function(){
$("#user_role_id").val($("#role-dropdown").selectpicker('val'))
})
}
})
// This function removes the specfied role from a user
function clearRole(data){
// Get the role id
var role_id = $(data.target).data("role-id");
var role_tag = $("#user-role-tag_" + role_id);
// Remove the role tag
$(role_tag).remove()
// Update the role ids input
var role_ids = $("#user_role_ids").val()
var parsed_ids = role_ids.split(' ')
var index = parsed_ids.indexOf(role_id.toString());
if (index > -1) {
parsed_ids.splice(index, 1);
}
$("#user_role_ids").val(parsed_ids.join(' '))
// Enable the role in the role select dropdown
var selected_role = $("#role-select-dropdown").find('[value=\"' + role_id + '\"]');
selected_role.prop("disabled", false)
}
})

10
app/controllers/admins_controller.rb
View File

@ -86,23 +86,21 @@ class AdminsController < ApplicationController
# POST /admins/ban/:user_uid
def ban_user
@user.roles = []
@user.add_role :denied
@user.set_role :denied
redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.banned") }
end
# POST /admins/unban/:user_uid
def unban_user
@user.remove_role :denied
@user.add_role :user
@user.set_role :user
redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.unbanned") }
end
# POST /admins/approve/:user_uid
def approve
@user.remove_role :pending
@user.set_role :user
send_user_approved_email(@user)
@ -298,7 +296,7 @@ class AdminsController < ApplicationController
flash[:alert] = I18n.t("administrator.roles.role_has_users", user_count: role.users.count)
return redirect_to admin_roles_path(selected_role: role.id)
elsif Role::RESERVED_ROLE_NAMES.include?(role) || role.provider != @user_domain ||
role.priority <= current_user.highest_priority_role.priority
role.priority <= current_user.role.priority
return redirect_to admin_roles_path(selected_role: role.id)
else
role.role_permissions.delete_all

2
app/controllers/application_controller.rb
View File

@ -26,7 +26,7 @@ class ApplicationController < ActionController::Base
# Retrieves the current user.
def current_user
@current_user ||= User.includes(:roles, :main_room).find_by(id: session[:user_id])
@current_user ||= User.includes(:role, :main_room).find_by(id: session[:user_id])
if Rails.configuration.loadbalanced_configuration
if @current_user && !@current_user.has_role?(:super_admin) &&

11
app/controllers/concerns/emailer.rb
View File

@ -99,7 +99,6 @@ module Emailer
def send_approval_user_signup_email(user)
begin
return unless Rails.configuration.enable_email_verification
admin_emails = admin_emails()
UserMailer.approval_user_signup(user, admins_url(tab: "pending"),
admin_emails, @settings).deliver_now unless admin_emails.empty?
@ -129,12 +128,12 @@ module Emailer
end
def admin_emails
admins = User.all_users_with_roles.where(roles: { role_permissions: { name: "can_manage_users", value: "true" } })
roles = Role.where(provider: @user_domain, role_permissions: { name: "can_manage_users", value: "true" })
.pluck(:name)
if Rails.configuration.loadbalanced_configuration
admins = admins.without_role(:super_admin)
.where(provider: @user_domain)
end
admins = User.with_role(roles - ["super_admin"])
admins = admins.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
admins.collect(&:email).join(",")
end

36
app/controllers/concerns/populator.rb
View File

@ -25,29 +25,22 @@ module Populator
initial_user = case @tab
when "active"
User.includes(:roles).without_role(:pending).without_role(:denied)
User.without_role([:pending, :denied])
when "deleted"
User.includes(:roles).deleted
User.deleted
else
User.includes(:roles)
User.all
end
current_role = Role.find_by(name: @tab, provider: @user_domain) if @tab == "pending" || @tab == "denied"
initial_list = if current_user.has_role? :super_admin
initial_user.where.not(id: current_user.id)
else
initial_user.without_role(:super_admin).where.not(id: current_user.id)
end
initial_list = initial_user.without_role(:super_admin) unless current_user.has_role? :super_admin
if Rails.configuration.loadbalanced_configuration
initial_list.where(provider: @user_domain)
.admins_search(@search, current_role)
.admins_order(@order_column, @order_direction)
else
initial_list.admins_search(@search, current_role)
.admins_order(@order_column, @order_direction)
end
initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
initial_list.where.not(id: current_user.id)
.admins_search(@search, current_role)
.admins_order(@order_column, @order_direction)
end
# Returns a list of rooms that are in the same context of the current user
@ -74,13 +67,12 @@ module Populator
def shared_user_list
roles_can_appear = []
Role.where(provider: @user_domain).each do |role|
roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.priority >= 0
if role.get_permission("can_appear_in_share_list") && role.get_permission("can_create_rooms") && role.priority >= 0
roles_can_appear << role.name
end
end
initial_list = User.where.not(uid: current_user.uid)
.without_role(:pending)
.without_role(:denied)
.with_highest_priority_role(roles_can_appear)
initial_list = User.where.not(uid: current_user.uid).with_role(roles_can_appear)
return initial_list unless Rails.configuration.loadbalanced_configuration
initial_list.where(provider: @user_domain)
@ -88,7 +80,7 @@ module Populator
# Returns a list of users that can merged into another user
def merge_user_list
initial_list = User.where.not(uid: current_user.uid).without_role(:super_admin)
initial_list = User.without_role(:super_admin).where.not(uid: current_user.uid)
return initial_list unless Rails.configuration.loadbalanced_configuration
initial_list.where(provider: @user_domain)

63
app/controllers/concerns/rolify.rb
View File

@ -46,60 +46,23 @@ module Rolify
end
# Updates a user's roles
def update_roles(roles)
# Check that the user can manage users
return true unless current_user.highest_priority_role.get_permission("can_manage_users")
def update_roles(role_id)
return true if role_id.blank?
# Check to make sure user can edit roles
return false unless current_user.role.get_permission("can_manage_users")
new_roles = roles.split(' ').map(&:to_i)
old_roles = @user.roles.pluck(:id).uniq
return true if @user.role_id == role_id
added_role_ids = new_roles - old_roles
removed_role_ids = old_roles - new_roles
new_role = Role.find_by(id: role_id, provider: @user_domain)
# Return false if new role doesn't exist
return false if new_role.nil?
added_roles = []
removed_roles = []
current_user_role = current_user.highest_priority_role
# Check that the user has the permissions to add all the new roles
added_role_ids.each do |id|
role = Role.find(id)
# Admins are able to add the admin role to other users. All other roles may only
# add roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
added_roles << role
else
return false
end
end
# Check that the user has the permissions to remove all the deleted roles
removed_role_ids.each do |id|
role = Role.find(id)
# Admins are able to remove the admin role from other users. All other roles may only
# remove roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
removed_roles << role
else
return false
end
end
return false if new_role.priority < current_user.role.priority
# Send promoted/demoted emails
added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
send_user_promoted_email(@user, new_role) if new_role.get_permission("send_promoted_email")
# Update the roles
@user.roles.delete(removed_roles)
@user.roles << added_roles
# Make sure each user always has at least the user role
@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
@user.save!
@user.update_attribute(:role_id, role_id)
end
# Updates a roles priority
@ -107,7 +70,7 @@ module Rolify
user_role = Role.find_by(name: "user", provider: @user_domain)
admin_role = Role.find_by(name: "admin", provider: @user_domain)
current_user_role = current_user.highest_priority_role
current_user_role = current_user.role
# Users aren't allowed to update the priority of the admin or user roles
return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)
@ -149,7 +112,7 @@ module Rolify
# Update Permissions
def update_permissions(role)
current_user_role = current_user.highest_priority_role
current_user_role = current_user.role
# Checks that it is valid for the provider to update the role
return false if role.priority <= current_user_role.priority || role.provider != @user_domain

4
app/controllers/recordings_controller.rb
View File

@ -57,8 +57,6 @@ class RecordingsController < ApplicationController
# Ensure the user is logged into the room they are accessing.
def verify_room_ownership
if !@room.owned_by?(current_user) && !current_user&.highest_priority_role&.get_permission("can_manage_rooms_recordings")
redirect_to root_path
end
redirect_to root_path if !@room.owned_by?(current_user) && !current_user&.role&.get_permission("can_manage_rooms_recordings")
end
end

2
app/controllers/rooms_controller.rb
View File

@ -69,7 +69,7 @@ class RoomsController < ApplicationController
# If its the current user's room
if current_user && (@room.owned_by?(current_user) || @shared_room)
if current_user.highest_priority_role.get_permission("can_create_rooms")
if current_user.role.get_permission("can_create_rooms")
# User is allowed to have rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)

4
app/controllers/sessions_controller.rb
View File

@ -218,7 +218,7 @@ class SessionsController < ApplicationController
# Add pending role if approval method and is a new user
if approval_registration && !@user_exists
user.add_role :pending
user.set_role :pending
# Inform admins that a user signed up if emails are turned on
send_approval_user_signup_email(user)
@ -228,6 +228,8 @@ class SessionsController < ApplicationController
send_invite_user_signup_email(user) if invite_registration && !@user_exists
user.set_role :user unless @user_exists
login(user)
if @auth['provider'] == "twitter"

10
app/controllers/users_controller.rb
View File

@ -47,7 +47,7 @@ class UsersController < ApplicationController
# Set user to pending and redirect if Approval Registration is set
if approval_registration
@user.add_role :pending
@user.set_role :pending
return redirect_to root_path,
flash: { success: I18n.t("registration.approval.signup") } unless Rails.configuration.enable_email_verification
@ -56,7 +56,11 @@ class UsersController < ApplicationController
send_registration_email
# Sign in automatically if email verification is disabled or if user is already verified.
login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified
if !Rails.configuration.enable_email_verification || @user.email_verified
@user.set_role :user
login(@user) && return
end
send_activation_email(@user, @user.create_activation_token)
@ -116,7 +120,7 @@ class UsersController < ApplicationController
user_locale(@user)
if update_roles(params[:user][:role_ids])
if update_roles(params[:user][:role_id])
return redirect_to redirect_path, flash: { success: I18n.t("info_update_success") }
else
flash[:alert] = I18n.t("administrator.roles.invalid_assignment")

2
app/helpers/admins_helper.rb
View File

@ -110,6 +110,6 @@ module AdminsHelper
# Roles
def edit_disabled
@edit_disabled ||= @selected_role.priority <= current_user.highest_priority_role.priority
@edit_disabled ||= @selected_role.priority <= current_user.role.priority
end
end

9
app/helpers/users_helper.rb
View File

@ -26,7 +26,7 @@ module UsersHelper
end
def disabled_roles(user)
current_user_role = current_user.highest_priority_role
current_user_role = current_user.role
# Admins are able to remove the admin role from other admins
# For all other roles they can only add/remove roles with a higher priority
@ -38,7 +38,7 @@ module UsersHelper
.pluck(:id)
end
user.roles.by_priority.pluck(:id) | disallowed_roles
[user.role.id] + disallowed_roles
end
# Returns language selection options for user edit
@ -52,6 +52,11 @@ module UsersHelper
language_opts.sort
end
# Returns a list of roles that the user can have
def role_options
Role.editable_roles(@user_domain).where("priority >= ?", current_user.role.priority)
end
# Parses markdown for rendering.
def markdown(text)
markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML,

2
app/models/ability.rb
View File

@ -25,7 +25,7 @@ class Ability
elsif user.has_role? :super_admin
can :manage, :all
else
highest_role = user.highest_priority_role
highest_role = user.role
if highest_role.get_permission("can_edit_site_settings")
can [:site_settings, :room_configuration, :update_settings,
:update_room_configuration, :coloring, :registration_method], :admin

2
app/models/concerns/auth_values.rb
View File

@ -63,7 +63,7 @@ module AuthValues
role_provider = auth['provider'] == "bn_launcher" ? auth['info']['customer'] : "greenlight"
roles.each do |role_name|
role = Role.find_by(provider: role_provider, name: role_name)
user.roles << role if !role.nil? && !user.has_role?(role_name)
user.role = role if !role.nil? && !user.has_role?(role_name)
end
end
end

6
app/models/role.rb
View File

@ -17,10 +17,12 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class Role < ApplicationRecord
has_and_belongs_to_many :users, join_table: :users_roles
has_and_belongs_to_many :users, join_table: :users_roles # Obsolete -- not used anymore
has_many :role_permissions
default_scope { includes(:role_permissions).order(:priority) }
has_many :users
default_scope { includes(:role_permissions).distinct.order(:priority) }
scope :by_priority, -> { order(:priority) }
scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) }

87
app/models/user.rb
View File

@ -31,7 +31,9 @@ class User < ApplicationRecord
has_many :shared_access
belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
has_and_belongs_to_many :roles, join_table: :users_roles
has_and_belongs_to_many :roles, join_table: :users_roles # obsolete
belongs_to :role, required: false
validates :name, length: { maximum: 256 }, presence: true
validates :provider, presence: true
@ -92,14 +94,12 @@ class User < ApplicationRecord
end
search_param = "%#{string}%"
joins("LEFT OUTER JOIN users_roles ON users_roles.user_id = users.id LEFT OUTER JOIN roles " \
"ON roles.id = users_roles.role_id").distinct
.where(search_query, search: search_param, roles_search: role_search_param)
where(search_query, search: search_param, roles_search: role_search_param)
end
def self.admins_order(column, direction)
# Arel.sql to avoid sql injection
order(Arel.sql("#{column} #{direction}"))
order(Arel.sql("users.#{column} #{direction}"))
end
# Returns a list of rooms ordered by last session (with nil rooms last)
@ -109,6 +109,7 @@ class User < ApplicationRecord
# Activates an account and initialize a users main room
def activate
set_role :user if role_id.nil?
update_attributes(email_verified: true, activated_at: Time.zone.now, activation_digest: nil)
end
@ -162,7 +163,7 @@ class User < ApplicationRecord
end
def admin_of?(user, permission)
has_correct_permission = highest_priority_role.get_permission(permission) && id != user.id
has_correct_permission = role.get_permission(permission) && id != user.id
return has_correct_permission unless Rails.configuration.loadbalanced_configuration
return id != user.id if has_role? :super_admin
@ -170,70 +171,31 @@ class User < ApplicationRecord
end
# role functions
def highest_priority_role
roles.min_by(&:priority)
end
def set_role(role) # rubocop:disable Naming/AccessorMethodName
return if has_role?(role)
def add_role(role)
unless has_role?(role)
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
new_role = Role.find_by(name: role, provider: role_provider)
new_role = Role.find_by(name: role, provider: role_provider)
return if new_role.nil?
if new_role.nil?
return if Role.duplicate_name(role, role_provider) || role.strip.empty?
create_home_room if main_room.nil? && new_role.get_permission("can_create_rooms")
new_role = Role.create_new_role(role, role_provider)
end
update_attribute(:role, new_role)
roles << new_role
save!
end
end
def remove_role(role)
if has_role?(role)
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
roles.delete(Role.find_by(name: role, provider: role_provider))
save!
end
new_role
end
# This rule is disabled as the function name must be has_role?
# rubocop:disable Naming/PredicateName
def has_role?(role)
# rubocop:enable Naming/PredicateName
roles.each do |single_role|
return true if single_role.name.eql? role.to_s
end
false
def has_role?(role_name) # rubocop:disable Naming/PredicateName
role&.name == role_name.to_s
end
def self.with_role(role)
User.all_users_with_roles.where(roles: { name: role })
User.includes(:role).where(roles: { name: role })
end
def self.without_role(role)
User.where.not(id: with_role(role).pluck(:id))
end
def self.with_highest_priority_role(role)
User.all_users_highest_priority_role.where(roles: { name: role })
end
def self.all_users_with_roles
User.joins("INNER JOIN users_roles ON users_roles.user_id = users.id INNER JOIN roles " \
"ON roles.id = users_roles.role_id INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
end
def self.all_users_highest_priority_role
User.joins("INNER JOIN (SELECT user_id, min(roles.priority) as role_priority FROM users_roles " \
"INNER JOIN roles ON users_roles.role_id = roles.id GROUP BY user_id) as a ON " \
"a.user_id = users.id INNER JOIN roles ON roles.priority = a.role_priority " \
" INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
User.includes(:role).where.not(roles: { name: role })
end
private
@ -246,15 +208,13 @@ class User < ApplicationRecord
def setup_user
# Initializes a room for the user and assign a BigBlueButton user id.
id = "gl-#{(0...12).map { rand(65..90).chr }.join.downcase}"
room = Room.create!(owner: self, name: I18n.t("home_room"))
update_attributes(uid: id, main_room: room)
update_attributes(uid: id)
# Initialize the user to use the default user role
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
Role.create_default_roles(role_provider) if Role.where(provider: role_provider).count.zero?
add_role(:user) if roles.blank?
end
def check_if_email_can_be_blank
@ -266,4 +226,13 @@ class User < ApplicationRecord
end
end
end
def create_home_room
room = Room.create!(owner: self, name: I18n.t("home_room"))
update_attributes(main_room: room)
end
def role_provider
Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
end
end

2
app/views/admins/components/_menu_buttons.html.erb
View File

@ -14,7 +14,7 @@
%>
<div class="list-group list-group-transparent mb-0">
<% highest_role = current_user.highest_priority_role %>
<% highest_role = current_user.role %>
<% highest_role.name %>
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "index"}" do %>

2
app/views/admins/components/_roles.html.erb
View File

@ -15,7 +15,7 @@
<div class="container">
<div class="row">
<% current_role = current_user.highest_priority_role%>
<% current_role = current_user.role%>
<div class="col-lg-3 mb-4">
<div class="list-group list-group-transparent mb-0">
<div id="rolesSelect" data-url="<%= admin_roles_order_path %>">

24
app/views/admins/components/_users.html.erb
View File

@ -13,21 +13,6 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<% if @role.nil? %>
<%= render "admins/components/manage_users_tags" %>
<% else %>
@ -89,11 +74,10 @@
<td class="user-email"><%= user.email && user.email != "" ? user.email : user.username%></td>
<td><%= user.provider %></td>
<td class="text-center">
<% roles = user.roles().pluck(:name) %>
<%= render "admins/components/admins_role", role: user.highest_priority_role %>
<%= render "admins/components/admins_role", role: user.role %>
</td>
<td>
<% if !roles.include?("super_admin") %>
<% if !user.has_role?("super_admin") %>
<div class="item-action dropdown">
<a href="javascript:void(0)" data-toggle="dropdown" class="icon">
<i class="fas fa-ellipsis-v px-4"></i>
@ -106,14 +90,14 @@
<button class="delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid, permanent: "true") %>" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-skull-crossbones"></i> <%= t("administrator.users.settings.perm_delete") %>
</button>
<% elsif roles.include?("denied") %>
<% elsif user.has_role?("denied") %>
<%= button_to admin_unban_path(user_uid: user.uid), class: "dropdown-item", "data-disable": "" do %>
<i class="dropdown-icon fas fa-lock-open"></i> <%= t("administrator.users.settings.unban") %>
<% end %>
<button class= "delete-user dropdown-item" data-path="<%= delete_user_path(user_uid: user.uid) %>" data-delete="temp-delete" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
</button>
<% elsif roles.include?("pending") %>
<% elsif user.has_role?("pending") %>
<%= button_to admin_approve_path(user_uid: user.uid), class: "dropdown-item", "data-disable": "" do %>
<i class="dropdown-icon far fa-check-circle"></i> <%= t("administrator.users.settings.approve") %>
<% end %>

4
app/views/shared/_header.html.erb
View File

@ -38,7 +38,7 @@
<i class="fas fa-home pr-1 "></i><span class="d-none d-sm-inline-block"><%= t("header.dropdown.home") %></span>
<% end %>
<% if current_user.highest_priority_role.get_permission("can_create_rooms") %>
<% if current_user.role.get_permission("can_create_rooms") %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i><span class="d-none d-sm-inline-block"><%= t("header.all_recordings") %></span>
@ -62,7 +62,7 @@
<%= link_to edit_user_path(current_user), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-id-card mr-3"></i><%= t("header.dropdown.settings") %>
<% end %>
<% highest_role = current_user.highest_priority_role %>
<% highest_role = current_user.role %>
<% if highest_role.get_permission("can_manage_users") || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>

37
app/views/users/components/_account.html.erb
View File

@ -13,7 +13,7 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<%= form_for @user, url: update_user_path, method: :patch do |f| %>
<%= form_for @user, url: update_user_path, method: :post do |f| %>
<%= hidden_field_tag :setting, "account" %>
<div class="form-group">
<div class="row">
@ -38,28 +38,21 @@
<%= f.label t("settings.account.language"), class: "form-label" %>
<%= f.select :language, language_options, {}, { class: "form-control custom-select" } %>
<% current_user_role = current_user.highest_priority_role %>
<br>
<br>
<%= f.label t("settings.account.roles"), class: "form-label" %>
<div id="role-tag-container" class="tags mb-1">
<% @user.roles.by_priority.each do |role| %>
<span id="<%= "user-role-tag_#{role.id}" %>" style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)};" %>" class="tag user-role-tag">
<%= translated_role_name(role) %>
<% if (current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
<a data-role-id="<%= role.id %>" class="tag-addon clear-role">
<i data-role-id="<%= role.id %>" class="fas fa-times"></i>
</a>
<% end %>
</span>
<% end %>
</div>
<% if current_user_role.get_permission("can_manage_users") || current_user_role.name == "super_admin" %>
<% provider = Rails.configuration.loadbalanced_configuration ? current_user.provider : "greenlight" %>
<%= f.select :roles, Role.editable_roles(@user_domain).map{|role| [translated_role_name(role), role.id, {'data-colour' => role_colour(role)}]}.unshift(["", nil, {'data-colour' => nil}]), {disabled: disabled_roles(@user)}, { class: "form-control custom-select", id: "role-select-dropdown" } %>
<% end %>
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id).uniq %>
<%= f.label t("settings.account.roles"), class: "form-label mt-5" %>
<% if current_user.role.get_permission("can_manage_users") %>
<select id="role-dropdown" class="selectpicker show-tick" >
<% role_options.each do |role| %>
<option value="<%=role.id%>"><%= translated_role_name(role) %></option>
<% end %>
</select>
<%= f.hidden_field :role_id, id: "user_role_id", value: @user.role.id %>
<% else %>
<span style="<%= "background-color: #{role_colour(@user.role)};border-color: #{role_colour(@user.role)};" %>" class="tag custom-role-tag">
<%= translated_role_name(@user.role) %>
</span>
<% end %>
<%= f.label t("settings.account.image"), class: "form-label mt-5" %>
<div class="row">
<div class="col-2">