GRN2-xx: Switch the relation between users and roles to make queries cleaner and faster (#1299)

* First steps * Fixes in account creation flow * Fixed most testcases * more test fixes * Fixed more test cases * Passing tests and rubocop * Added rake task to remove rooms
2020-05-06 15:23:28 -04:00
parent 8f454cad0e
commit 467947f1b5
37 changed files with 262 additions and 402 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -86,23 +86,21 @@ class AdminsController < ApplicationController

  # POST /admins/ban/:user_uid
  def ban_user
-    @user.roles = []
-    @user.add_role :denied
+    @user.set_role :denied

    redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.banned") }
  end

  # POST /admins/unban/:user_uid
  def unban_user
-    @user.remove_role :denied
-    @user.add_role :user
+    @user.set_role :user

    redirect_back fallback_location: admins_path, flash: { success: I18n.t("administrator.flash.unbanned") }
  end

  # POST /admins/approve/:user_uid
  def approve
-    @user.remove_role :pending
+    @user.set_role :user

    send_user_approved_email(@user)

@ -298,7 +296,7 @@ class AdminsController < ApplicationController
      flash[:alert] = I18n.t("administrator.roles.role_has_users", user_count: role.users.count)
      return redirect_to admin_roles_path(selected_role: role.id)
    elsif Role::RESERVED_ROLE_NAMES.include?(role) || role.provider != @user_domain ||
-          role.priority <= current_user.highest_priority_role.priority
+          role.priority <= current_user.role.priority
      return redirect_to admin_roles_path(selected_role: role.id)
    else
      role.role_permissions.delete_all
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -26,7 +26,7 @@ class ApplicationController < ActionController::Base

  # Retrieves the current user.
  def current_user
-    @current_user ||= User.includes(:roles, :main_room).find_by(id: session[:user_id])
+    @current_user ||= User.includes(:role, :main_room).find_by(id: session[:user_id])

    if Rails.configuration.loadbalanced_configuration
      if @current_user && !@current_user.has_role?(:super_admin) &&
--- a/app/controllers/concerns/emailer.rb
+++ b/app/controllers/concerns/emailer.rb
@ -99,7 +99,6 @@ module Emailer
  def send_approval_user_signup_email(user)
    begin
      return unless Rails.configuration.enable_email_verification
-
      admin_emails = admin_emails()
      UserMailer.approval_user_signup(user, admins_url(tab: "pending"),
      admin_emails, @settings).deliver_now unless admin_emails.empty?
@ -129,12 +128,12 @@ module Emailer
  end

  def admin_emails
-    admins = User.all_users_with_roles.where(roles: { role_permissions: { name: "can_manage_users", value: "true" } })
+    roles = Role.where(provider: @user_domain, role_permissions: { name: "can_manage_users", value: "true" })
+                .pluck(:name)

-    if Rails.configuration.loadbalanced_configuration
-      admins = admins.without_role(:super_admin)
-                     .where(provider: @user_domain)
-    end
+    admins = User.with_role(roles - ["super_admin"])
+
+    admins = admins.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration

    admins.collect(&:email).join(",")
  end
--- a/app/controllers/concerns/populator.rb
+++ b/app/controllers/concerns/populator.rb
@ -25,29 +25,22 @@ module Populator

    initial_user = case @tab
      when "active"
-        User.includes(:roles).without_role(:pending).without_role(:denied)
+        User.without_role([:pending, :denied])
      when "deleted"
-        User.includes(:roles).deleted
+        User.deleted
      else
-        User.includes(:roles)
+        User.all
    end

    current_role = Role.find_by(name: @tab, provider: @user_domain) if @tab == "pending" || @tab == "denied"

-    initial_list = if current_user.has_role? :super_admin
-      initial_user.where.not(id: current_user.id)
-    else
-      initial_user.without_role(:super_admin).where.not(id: current_user.id)
-    end
+    initial_list = initial_user.without_role(:super_admin) unless current_user.has_role? :super_admin

-    if Rails.configuration.loadbalanced_configuration
-      initial_list.where(provider: @user_domain)
-                  .admins_search(@search, current_role)
-                  .admins_order(@order_column, @order_direction)
-    else
-      initial_list.admins_search(@search, current_role)
-                  .admins_order(@order_column, @order_direction)
-    end
+    initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
+
+    initial_list.where.not(id: current_user.id)
+                .admins_search(@search, current_role)
+                .admins_order(@order_column, @order_direction)
  end

  # Returns a list of rooms that are in the same context of the current user
@ -74,13 +67,12 @@ module Populator
  def shared_user_list
    roles_can_appear = []
    Role.where(provider: @user_domain).each do |role|
-      roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.priority >= 0
+      if role.get_permission("can_appear_in_share_list") && role.get_permission("can_create_rooms") && role.priority >= 0
+        roles_can_appear << role.name
+      end
    end

-    initial_list = User.where.not(uid: current_user.uid)
-                       .without_role(:pending)
-                       .without_role(:denied)
-                       .with_highest_priority_role(roles_can_appear)
+    initial_list = User.where.not(uid: current_user.uid).with_role(roles_can_appear)

    return initial_list unless Rails.configuration.loadbalanced_configuration
    initial_list.where(provider: @user_domain)
@ -88,7 +80,7 @@ module Populator

  # Returns a list of users that can merged into another user
  def merge_user_list
-    initial_list = User.where.not(uid: current_user.uid).without_role(:super_admin)
+    initial_list = User.without_role(:super_admin).where.not(uid: current_user.uid)

    return initial_list unless Rails.configuration.loadbalanced_configuration
    initial_list.where(provider: @user_domain)
--- a/app/controllers/concerns/rolify.rb
+++ b/app/controllers/concerns/rolify.rb
@ -46,60 +46,23 @@ module Rolify
  end

  # Updates a user's roles
-  def update_roles(roles)
-    # Check that the user can manage users
-    return true unless current_user.highest_priority_role.get_permission("can_manage_users")
+  def update_roles(role_id)
+    return true if role_id.blank?
+    # Check to make sure user can edit roles
+    return false unless current_user.role.get_permission("can_manage_users")

-    new_roles = roles.split(' ').map(&:to_i)
-    old_roles = @user.roles.pluck(:id).uniq
+    return true if @user.role_id == role_id

-    added_role_ids = new_roles - old_roles
-    removed_role_ids = old_roles - new_roles
+    new_role = Role.find_by(id: role_id, provider: @user_domain)
+    # Return false if new role doesn't exist
+    return false if new_role.nil?

-    added_roles = []
-    removed_roles = []
-    current_user_role = current_user.highest_priority_role
-
-    # Check that the user has the permissions to add all the new roles
-    added_role_ids.each do |id|
-      role = Role.find(id)
-
-      # Admins are able to add the admin role to other users. All other roles may only
-      # add roles with a higher priority
-      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
-         role.provider == @user_domain
-        added_roles << role
-      else
-        return false
-      end
-    end
-
-    # Check that the user has the permissions to remove all the deleted roles
-    removed_role_ids.each do |id|
-      role = Role.find(id)
-
-      # Admins are able to remove the admin role from other users. All other roles may only
-      # remove roles with a higher priority
-      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
-         role.provider == @user_domain
-        removed_roles << role
-      else
-        return false
-      end
-    end
+    return false if new_role.priority < current_user.role.priority

    # Send promoted/demoted emails
-    added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
-    removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
+    send_user_promoted_email(@user, new_role) if new_role.get_permission("send_promoted_email")

-    # Update the roles
-    @user.roles.delete(removed_roles)
-    @user.roles << added_roles
-
-    # Make sure each user always has at least the user role
-    @user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
-
-    @user.save!
+    @user.update_attribute(:role_id, role_id)
  end

  # Updates a roles priority
@ -107,7 +70,7 @@ module Rolify
    user_role = Role.find_by(name: "user", provider: @user_domain)
    admin_role = Role.find_by(name: "admin", provider: @user_domain)

-    current_user_role = current_user.highest_priority_role
+    current_user_role = current_user.role

    # Users aren't allowed to update the priority of the admin or user roles
    return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)
@ -149,7 +112,7 @@ module Rolify

  # Update Permissions
  def update_permissions(role)
-    current_user_role = current_user.highest_priority_role
+    current_user_role = current_user.role

    # Checks that it is valid for the provider to update the role
    return false if role.priority <= current_user_role.priority || role.provider != @user_domain
--- a/app/controllers/recordings_controller.rb
+++ b/app/controllers/recordings_controller.rb
@ -57,8 +57,6 @@ class RecordingsController < ApplicationController

  # Ensure the user is logged into the room they are accessing.
  def verify_room_ownership
-    if !@room.owned_by?(current_user) && !current_user&.highest_priority_role&.get_permission("can_manage_rooms_recordings")
-      redirect_to root_path
-    end
+    redirect_to root_path if !@room.owned_by?(current_user) && !current_user&.role&.get_permission("can_manage_rooms_recordings")
  end
 end
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -69,7 +69,7 @@ class RoomsController < ApplicationController

    # If its the current user's room
    if current_user && (@room.owned_by?(current_user) || @shared_room)
-      if current_user.highest_priority_role.get_permission("can_create_rooms")
+      if current_user.role.get_permission("can_create_rooms")
        # User is allowed to have rooms
        @search, @order_column, @order_direction, recs =
          recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -218,7 +218,7 @@ class SessionsController < ApplicationController

    # Add pending role if approval method and is a new user
    if approval_registration && !@user_exists
-      user.add_role :pending
+      user.set_role :pending

      # Inform admins that a user signed up if emails are turned on
      send_approval_user_signup_email(user)
@ -228,6 +228,8 @@ class SessionsController < ApplicationController

    send_invite_user_signup_email(user) if invite_registration && !@user_exists

+    user.set_role :user unless @user_exists
+
    login(user)

    if @auth['provider'] == "twitter"
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -47,7 +47,7 @@ class UsersController < ApplicationController

    # Set user to pending and redirect if Approval Registration is set
    if approval_registration
-      @user.add_role :pending
+      @user.set_role :pending

      return redirect_to root_path,
        flash: { success: I18n.t("registration.approval.signup") } unless Rails.configuration.enable_email_verification
@ -56,7 +56,11 @@ class UsersController < ApplicationController
    send_registration_email

    # Sign in automatically if email verification is disabled or if user is already verified.
-    login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified
+    if !Rails.configuration.enable_email_verification || @user.email_verified
+      @user.set_role :user
+
+      login(@user) && return
+    end

    send_activation_email(@user, @user.create_activation_token)

@ -116,7 +120,7 @@ class UsersController < ApplicationController

        user_locale(@user)

-        if update_roles(params[:user][:role_ids])
+        if update_roles(params[:user][:role_id])
          return redirect_to redirect_path, flash: { success: I18n.t("info_update_success") }
        else
          flash[:alert] = I18n.t("administrator.roles.invalid_assignment")