lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

Browse Source 
* Add roles editor

* Add colour selection ability to roles

* Add ability to assign roles to users in the UI

* Remove rolify and replace it with our own custom roles implemenation

* - Fix all existing roles functionality
- Fix super admins

* Fix bugs with new customers not have default roles

* Add can't create room setting

* Code improvements

* Fix migration

* Add tests for new methods

* Translate reserved role names

* Pull roles from saml/ldap

* Fix rspec

* Fix scrutinizer issues

* Fix email promoted/demoted tests

* Apply comments

* Redirect directly to the main room

* Add comments
This commit is contained in:
shawn-higgins1
2019-07-31 11:53:32 -04:00
committed by Jesus Federico
parent 02b342b157
commit 4fc1714db8
56 changed files with 1713 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
app/assets/javascripts/admins.js
View File

@ -19,47 +19,60 @@ $(document).on('turbolinks:load', function(){
var action = $("body").data('action');
// Only run on the admins page.
if (controller == "admins" && action == "index") {
// show the modal with the correct form action url
$(".delete-user").click(function(data){
var uid = $(data.target).closest("tr").data("user-uid")
var url = $("body").data("relative-root")
if (!url.endsWith("/")) {
url += "/"
}
url += "u/" + uid
$("#delete-confirm").parent().attr("action", url)
})
if (controller == "admins") {
if(action == "index") {
// show the modal with the correct form action url
$(".delete-user").click(function(data){
var uid = $(data.target).closest("tr").data("user-uid")
var url = $("body").data("relative-root")
if (!url.endsWith("/")) {
url += "/"
}
url += "u/" + uid
$("#delete-confirm").parent().attr("action", url)
})
//clear the role filter if user clicks on the x
$(".clear-role").click(function() {
var search = new URL(location.href).searchParams.get('search')
//clear the role filter if user clicks on the x
$(".clear-role").click(function() {
var search = new URL(location.href).searchParams.get('search')
var url = window.location.pathname + "?page=1"
if (search) {
url += "&search=" + search
}
window.location.replace(url);
})
}
var url = window.location.pathname + "?page=1"
if (search) {
url += "&search=" + search
}
window.location.replace(url);
})
}
else if(action == "site_settings"){
loadColourSelectors()
}
else if (action == "roles"){
// Refreshes the new role modal
$("#newRoleButton").click(function(){
$("#createRoleName").val("")
})
if (controller == "admins" && action == "site_settings") {
loadColourSelectors()
}
// Updates the colour picker to the correct colour
role_colour = $("#role-colorinput-regular").data("colour")
$("#role-colorinput-regular").css("background-color", role_colour);
$("#role-colorinput-regular").css("border-color", role_colour);
// Only run on the admins edit user page.
if (controller == "admins" && action == "edit_user") {
$(".setting-btn").click(function(data){
var url = $("body").data("relative-root")
if (!url.endsWith("/")) {
url += "/"
}
url += "admins?setting=" + data.target.id
loadRoleColourSelector(role_colour, $("#role-colorinput-regular").data("disabled"));
window.location.href = url
})
// Loads the jquery sortable so users can manually sort roles
$("#rolesSelect").sortable({
items: "a:not(.sort-disabled)",
update: function() {
$.ajax({
url: $(this).data("url"),
type: 'PATCH',
data: $(this).sortable('serialize')
});
}
});
}
}
});
@ -160,4 +173,35 @@ function loadColourSelectors() {
location.reload()
});
})
}
function loadRoleColourSelector(role_colour, disabled) {
if (!disabled) {
const pickrRoleRegular = new Pickr({
el: '#role-colorinput-regular',
theme: 'monolith',
useAsButton: true,
lockOpacity: true,
defaultRepresentation: 'HEX',
closeWithKey: 'Enter',
default: role_colour,
components: {
palette: true,
preview: true,
hue: true,
interaction: {
input: true,
save: true,
},
},
});
// On save update the colour input's background colour and update the role colour input
pickrRoleRegular.on("save", (color, instance) => {
$("#role-colorinput-regular").css("background-color", color.toHEXA().toString());
$("#role-colorinput-regular").css("border-color", color.toHEXA().toString());
$("#role-colour").val(color.toHEXA().toString());
});
}
}

2
app/assets/javascripts/application.js
View File

@ -31,4 +31,6 @@
//= require tabler
//= require tabler.plugins
//= require jquery_ujs
//= require jquery-ui/widget
//= require jquery-ui/widgets/sortable
//= require_tree .

5
app/assets/javascripts/room.js.erb
View File

@ -39,6 +39,11 @@ $(document).on('turbolinks:load', function(){
}, 2000)
}
});
// Forces the wrapper to take the entire screen height if the user can't create rooms
if ($("#cant-create-room-wrapper").length){
$(".wrapper").css('height', '100%').css('height', '-=130px');
}
}
// Display and update all fields related to creating a room in the createRoomModal

88
app/assets/javascripts/user_edit.js Normal file
View File

@ -0,0 +1,88 @@
// BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
//
// Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
//
// This program is free software; you can redistribute it and/or modify it under the
// terms of the GNU Lesser General Public License as published by the Free Software
// Foundation; either version 3.0 of the License, or (at your option) any later
// version.
//
// BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
// PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License along
// with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
$(document).on('turbolinks:load', function(){
var controller = $("body").data('controller');
var action = $("body").data('action');
if ((controller == "admins" && action == "edit_user") || (controller == "users" && action == "edit")) {
$(".setting-btn").click(function(data){
var url = $("body").data("relative-root")
if (!url.endsWith("/")) {
url += "/"
}
url += "admins?setting=" + data.target.id
window.location.href = url
})
// Clear the role when the user clicks the x
$(".clear-role").click(clearRole)
// When the user selects an item in the dropdown add the role to the user
$("#role-select-dropdown").change(function(data){
var dropdown = $("#role-select-dropdown");
var select_role_id = dropdown.val();
if(select_role_id){
// Disable the role in the dropdown
var selected_role = dropdown.find('[value=\"' + select_role_id + '\"]');
selected_role.prop("disabled", true)
// Add the role tag
var tag_container = $("#role-tag-container");
tag_container.append("<span id=\"user-role-tag_" + select_role_id + "\" style=\"background-color:" + selected_role.data("colour") + ";\" class=\"tag\">" +
selected_role.text() + "<a data-role-id=\"" + select_role_id + "\" class=\"tag-addon clear-role\"><i data-role-id=\"" + select_role_id + "\" class=\"fas fa-times\"></i></a></span>");
// Update the role ids input that gets submited on user update
var role_ids = $("#user_role_ids").val()
role_ids += " " + select_role_id
$("#user_role_ids").val(role_ids)
// Add the clear role function to the tag
$("#user-role-tag_" + select_role_id).click(clearRole);
// Reset the dropdown
dropdown.val(null)
}
})
}
})
// This function removes the specfied role from a user
function clearRole(data){
// Get the role id
var role_id = $(data.target).data("role-id");
var role_tag = $("#user-role-tag_" + role_id);
// Remove the role tag
$(role_tag).remove()
// Update the role ids input
var role_ids = $("#user_role_ids").val()
var parsed_ids = role_ids.split(' ')
var index = parsed_ids.indexOf(role_id.toString());
if (index > -1) {
parsed_ids.splice(index, 1);
}
$("#user_role_ids").val(parsed_ids.join(' '))
// Enable the role in the role select dropdown
var selected_role = $("#role-select-dropdown").find('[value=\"' + role_id + '\"]');
selected_role.prop("disabled", false)
}

25
app/assets/stylesheets/admins.scss
View File

@ -54,4 +54,29 @@
height: 2rem;
width: 2rem;
}
}
.sort-disabled{
background: #e6e6e6 !important;
color: rgb(110, 118, 135) !important;
opacity: 0.75;
&:hover{
opacity: 0.9;
}
}
.form-disable{
background-color: #e6e6e6;
}
.role-colour-picker{
color: white !important;
}
.custom-role-tag{
color: white !important;
}
.user-role-tag{
color: white !important;
}

1
app/assets/stylesheets/application.scss
View File

@ -32,6 +32,7 @@
@import "tabler/variables";
@import "bootstrap";
@import "jquery-ui/sortable";
@import "tabler-custom";
@import "utilities/variables";

4
app/assets/stylesheets/users.scss
View File

@ -18,3 +18,7 @@
// Place all the styles related to the Users controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/
.user-role-tag{
color: white !important;
}

11
app/assets/stylesheets/utilities/_primary_themes.scss
View File

@ -85,6 +85,11 @@ a {
&:hover {
color: $primary-color !important;
background-color: $primary-color-lighten !important;
&.sort-disabled {
background: #e6e6e6 !important;
color: rgb(110, 118, 135) !important;
opacity: 0.9;
}
}
&:active {
background-color: $primary-color-lighten !important;
@ -102,6 +107,12 @@ input:focus, select:focus {
&, .list-group-item.active * {
color: $primary-color !important;
}
&.sort-disabled {
background: #e6e6e6 !important;
color: rgb(110, 118, 135) !important;
opacity: 0.9 !important;
}
}
.text-primary {

179
app/controllers/admins_controller.rb
View File

@ -36,7 +36,8 @@ class AdminsController < ApplicationController
@search = params[:search] || ""
@order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
@order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
@role = params[:role] || ""
@role = params[:role] ? Role.find_by(name: params[:role], provider: @user_domain) : nil
@pagy, @users = pagy(user_list)
end
@ -64,24 +65,6 @@ class AdminsController < ApplicationController
def edit_user
end
# POST /admins/promote/:user_uid
def promote
@user.add_role :admin
send_user_promoted_email(@user)
redirect_to admins_path, flash: { success: I18n.t("administrator.flash.promoted") }
end
# POST /admins/demote/:user_uid
def demote
@user.remove_role :admin
send_user_demoted_email(@user)
redirect_to admins_path, flash: { success: I18n.t("administrator.flash.demoted") }
end
# POST /admins/ban/:user_uid
def ban_user
@user.roles = []
@ -185,6 +168,158 @@ class AdminsController < ApplicationController
}
end
# ROLES
# GET /admins/roles
def roles
@roles = Role.editable_roles(@user_domain)
if @roles.count.zero?
Role.create_default_roles(@user_domain)
@roles = Role.editable_roles(@user_domain)
end
@selected_role = if params[:selected_role].nil?
@roles.find_by(name: 'user')
else
@roles.find(params[:selected_role])
end
end
# POST /admin/role
# This method creates a new role scope to the users provider
def new_role
new_role_name = params[:role][:name]
# Make sure that the role name isn't a duplicate or a reserved name like super_admin
if Role.duplicate_name(new_role_name, @user_domain)
flash[:alert] = I18n.t("administrator.roles.duplicate_name")
return redirect_to admin_roles_path
end
# Make sure the role name isn't empty
if new_role_name.strip.empty?
flash[:alert] = I18n.t("administrator.roles.empty_name")
return redirect_to admin_roles_path
end
# Create the new role with the second highest priority
# This means that it will only be more important than the user role
# This also updates the user role to have the highest priority
new_role = Role.create(name: new_role_name, provider: @user_domain)
user_role = Role.find_by(name: 'user', provider: @user_domain)
new_role.priority = user_role.priority
user_role.priority += 1
new_role.save!
user_role.save!
redirect_to admin_roles_path(selected_role: new_role.id)
end
# PATCH /admin/roles/order
# This updates the priority of a site's roles
# Note: A lower priority role will always get used before a higher priority one
def change_role_order
user_role = Role.find_by(name: "user", provider: @user_domain)
admin_role = Role.find_by(name: "admin", provider: @user_domain)
current_user_role = current_user.highest_priority_role
# Users aren't allowed to update the priority of the admin or user roles
if params[:role].include?(user_role.id.to_s) || params[:role].include?(admin_role.id.to_s)
flash[:alert] = I18n.t("administrator.roles.invalid_order")
return redirect_to admin_roles_path
end
# Restrict users to only updating the priority for roles in their domain with a higher
# priority
params[:role].each do |id|
role = Role.find(id)
if role.priority <= current_user_role.priority || role.provider != @user_domain
flash[:alert] = I18n.t("administrator.roles.invalid_update")
return redirect_to admin_roles_path
end
end
# Update the roles priority including the user role
top_priority = 0
params[:role].each_with_index do |id, index|
new_priority = index + [current_user_role.priority, 0].max + 1
top_priority = new_priority
Role.where(id: id).update_all(priority: new_priority)
end
user_role.priority = top_priority + 1
user_role.save!
end
# POST /admin/role/:role_id
# This method updates the permissions assigned to a role
def update_role
role = Role.find(params[:role_id])
current_user_role = current_user.highest_priority_role
# Checks that it is valid for the provider to update the role
if role.priority <= current_user_role.priority || role.provider != @user_domain
flash[:alert] = I18n.t("administrator.roles.invalid_update")
return redirect_to admin_roles_path(selected_role: role.id)
end
role_params = params.require(:role).permit(:name)
permission_params = params.require(:role)
.permit(
:can_create_rooms,
:send_promoted_email,
:send_demoted_email,
:can_edit_site_settings,
:can_edit_roles,
:can_manage_users,
:colour
)
# Make sure if the user is updating the role name that the role name is valid
if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
!role_params[:name].strip.empty?
role.name = role_params[:name]
elsif role.name != role_params[:name]
flash[:alert] = I18n.t("administrator.roles.duplicate_name")
return redirect_to admin_roles_path(selected_role: role.id)
end
role.update(permission_params)
role.save!
redirect_to admin_roles_path(selected_role: role.id)
end
# DELETE admins/role/:role_id
# This deletes a role
def delete_role
role = Role.find(params[:role_id])
# Make sure no users are assigned to the role and the role isn't a reserved role
# before deleting
if role.users.count.positive?
flash[:alert] = I18n.t("administrator.roles.role_has_users", user_count: role.users.count)
return redirect_to admin_roles_path(selected_role: role.id)
elsif Role::RESERVED_ROLE_NAMES.include?(role) || role.provider != @user_domain ||
role.priority <= current_user.highest_priority_role.priority
return redirect_to admin_roles_path(selected_role: role.id)
else
role.delete
end
redirect_to admin_roles_path
end
private
def find_user
@ -202,10 +337,10 @@ class AdminsController < ApplicationController
# Gets the list of users based on your configuration
def user_list
initial_list = if current_user.has_cached_role? :super_admin
User.where.not(id: current_user.id).includes(:roles)
initial_list = if current_user.has_role? :super_admin
User.where.not(id: current_user.id)
else
User.without_role(:super_admin).where.not(id: current_user.id).includes(:roles)
User.without_role(:super_admin).where.not(id: current_user.id)
end
if Rails.configuration.loadbalanced_configuration

6
app/controllers/application_controller.rb
View File

@ -137,7 +137,7 @@ class ApplicationController < ActionController::Base
# Checks to make sure that the admin has changed his password from the default
def check_admin_password
if current_user&.has_cached_role?(:admin) && current_user&.greenlight_account? &&
if current_user&.has_role?(:admin) && current_user&.greenlight_account? &&
current_user&.authenticate(Rails.configuration.admin_password_default)
flash.now[:alert] = I18n.t("default_admin",
@ -185,10 +185,10 @@ class ApplicationController < ActionController::Base
# Checks if the user is banned and logs him out if he is
def check_user_role
if current_user&.has_cached_role? :denied
if current_user&.has_role? :denied
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
elsif current_user&.has_cached_role? :pending
elsif current_user&.has_role? :pending
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
end

10
app/controllers/concerns/emailer.rb
View File

@ -35,16 +35,16 @@ module Emailer
UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now
end
def send_user_promoted_email(user)
def send_user_promoted_email(user, role)
return unless Rails.configuration.enable_email_verification
UserMailer.user_promoted(user, root_url, logo_image, user_color).deliver_now
UserMailer.user_promoted(user, role, root_url, logo_image, user_color).deliver_now
end
def send_user_demoted_email(user)
def send_user_demoted_email(user, role)
return unless Rails.configuration.enable_email_verification
UserMailer.user_demoted(user, root_url, logo_image, user_color).deliver_now
UserMailer.user_demoted(user, role, root_url, logo_image, user_color).deliver_now
end
# Sends inivitation to join
@ -87,7 +87,7 @@ module Emailer
end
def admin_emails
admins = User.with_role(:admin)
admins = User.all_users_with_roles.where(roles: { can_manage_users: true })
if Rails.configuration.loadbalanced_configuration
admins = admins.without_role(:super_admin)

4
app/controllers/recordings_controller.rb
View File

@ -52,8 +52,8 @@ class RecordingsController < ApplicationController
def verify_room_ownership
if !current_user ||
!@room.owned_by?(current_user) ||
!current_user.has_cached_role?(:admin) ||
!current_user.has_cached_role?(:super_admin)
!current_user.has_role?(:admin) ||
!current_user.has_role?(:super_admin)
redirect_to root_path
end
end

34
app/controllers/rooms_controller.rb
View File

@ -24,8 +24,8 @@ class RoomsController < ApplicationController
before_action :validate_accepted_terms, unless: -> { !Rails.configuration.terms }
before_action :validate_verified_email, except: [:show, :join],
unless: -> { !Rails.configuration.enable_email_verification }
before_action :find_room, except: :create
before_action :verify_room_ownership, except: [:create, :show, :join, :logout, :login]
before_action :find_room, except: [:create, :join_specific_room]
before_action :verify_room_ownership, except: [:create, :show, :join, :logout, :login, :join_specific_room]
before_action :verify_room_owner_verified, only: [:show, :join],
unless: -> { !Rails.configuration.enable_email_verification }
before_action :verify_user_not_admin, only: [:show]
@ -60,11 +60,14 @@ class RoomsController < ApplicationController
@anyone_can_start = JSON.parse(@room[:room_settings])["anyoneCanStart"]
if current_user && @room.owned_by?(current_user)
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, @user_domain, params.permit(:search, :column, :direction), true)
@pagy, @recordings = pagy_array(recs)
if current_user.highest_priority_role.can_create_rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, @user_domain, params.permit(:search, :column, :direction), true)
@pagy, @recordings = pagy_array(recs)
else
render :cant_create_rooms
end
else
# Get users name
@name = if current_user
@ -138,6 +141,21 @@ class RoomsController < ApplicationController
redirect_to current_user.main_room
end
# POST room/join
def join_specific_room
room_uid = params[:join_room][:url].split('/').last
begin
@room = Room.find_by(uid: room_uid)
rescue ActiveRecord::RecordNotFound
return redirect_to current_user.main_room, alert: I18n.t("room.no_room.invalid_room_uid")
end
return redirect_to current_user.main_room, alert: I18n.t("room.no_room.invalid_room_uid") if @room.nil?
redirect_to room_path(@room)
end
# POST /:room_uid/start
def start
# Join the user in and start the meeting.
@ -275,7 +293,7 @@ class RoomsController < ApplicationController
end
def verify_user_not_admin
redirect_to admins_path if current_user && current_user&.has_cached_role?(:super_admin)
redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
end
def auth_required
@ -288,7 +306,7 @@ class RoomsController < ApplicationController
# Does not apply to admin
# 15+ option is used as unlimited
return false if current_user&.has_cached_role?(:admin) || limit == 15
return false if current_user&.has_role?(:admin) || limit == 15
current_user.rooms.count >= limit
end

67
app/controllers/users_controller.rb
View File

@ -144,12 +144,14 @@ class UsersController < ApplicationController
errors.each { |k, v| @user.errors.add(k, v) }
render :edit, params: { settings: params[:settings] }
end
elsif user_params[:email] != @user.email && @user.update_attributes(user_params)
elsif user_params[:email] != @user.email && @user.update_attributes(user_params) && update_roles
@user.update_attributes(email_verified: false)
flash[:success] = I18n.t("info_update_success")
redirect_to redirect_path
elsif @user.update_attributes(user_params)
elsif @user.update_attributes(user_params) && update_roles
update_locale(@user)
flash[:success] = I18n.t("info_update_success")
redirect_to redirect_path
else
@ -255,4 +257,65 @@ class UsersController < ApplicationController
invitation[:present]
end
# Updates as user's roles
def update_roles
# Check that the user can edit roles
if current_user.highest_priority_role.can_edit_roles
new_roles = params[:user][:role_ids].split(' ').map(&:to_i)
old_roles = @user.roles.pluck(:id)
added_role_ids = new_roles - old_roles
removed_role_ids = old_roles - new_roles
added_roles = []
removed_roles = []
current_user_role = current_user.highest_priority_role
# Check that the user has the permissions to add all the new roles
added_role_ids.each do |id|
role = Role.find(id)
# Admins are able to add the admin role to other users. All other roles may only
# add roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
added_roles << role
else
flash[:alert] = I18n.t("administrator.roles.invalid_assignment")
return false
end
end
# Check that the user has the permissions to remove all the deleted roles
removed_role_ids.each do |id|
role = Role.find(id)
# Admins are able to remove the admin role from other users. All other roles may only
# remove roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
removed_roles << role
else
flash[:alert] = I18n.t("administrator.roles.invalid_removal")
return false
end
end
# Send promoted/demoted emails
added_roles.each { |role| send_user_promoted_email(@user, role.name) if role.send_promoted_email }
removed_roles.each { |role| send_user_demoted_email(@user, role.name) if role.send_demoted_email }
# Update the roles
@user.roles.delete(removed_roles)
@user.roles << added_roles
# Make sure each user always has at least the user role
@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
@user.save!
else
true
end
end
end

4
app/helpers/admins_helper.rb
View File

@ -78,4 +78,8 @@ module AdminsHelper
def room_limit_number
Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
end
def edit_disabled
@edit_disabled ||= @selected_role.priority <= current_user.highest_priority_role.priority
end
end

20
app/helpers/application_helper.rb
View File

@ -107,7 +107,25 @@ module ApplicationHelper
# Returns the page that the logo redirects to when clicked on
def home_page
return root_path unless current_user
return admins_path if current_user.has_cached_role? :super_admin
return admins_path if current_user.has_role? :super_admin
current_user.main_room
end
def role_colour(role)
role.colour || Rails.configuration.primary_color_default
end
def translated_role_name(role)
if role.name == "denied"
I18n.t("roles.banned")
elsif role.name == "pending"
I18n.t("roles.pending")
elsif role.name == "admin"
I18n.t("roles.admin")
elsif role.name == "user"
I18n.t("roles.user")
else
role.name
end
end
end

4
app/helpers/rooms_helper.rb
View File

@ -37,7 +37,7 @@ module RoomsHelper
# Does not apply to admin or users that aren't signed in
# 15+ option is used as unlimited
return false if current_user&.has_cached_role?(:admin) || limit == 15
return false if current_user&.has_role?(:admin) || limit == 15
current_user.rooms.length >= limit
end
@ -46,7 +46,7 @@ module RoomsHelper
# Get how many rooms need to be deleted to reach allowed room number
limit = Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
return false if current_user&.has_cached_role?(:admin) || limit == 15
return false if current_user&.has_role?(:admin) || limit == 15
@diff = current_user.rooms.count - limit
@diff.positive? && current_user.rooms.pluck(:id).index(room.id) + 1 > limit

2
app/helpers/theming_helper.rb
View File

@ -31,7 +31,7 @@ module ThemingHelper
# Returns the user's provider in the settings context
def user_settings_provider
if Rails.configuration.loadbalanced_configuration && current_user && !current_user&.has_cached_role?(:super_admin)
if Rails.configuration.loadbalanced_configuration && current_user && !current_user&.has_role?(:super_admin)
current_user.provider
elsif Rails.configuration.loadbalanced_configuration
@user_domain

16
app/helpers/users_helper.rb
View File

@ -20,4 +20,20 @@ module UsersHelper
def recaptcha_enabled?
Rails.configuration.recaptcha_enabled
end
def disabled_roles(user)
current_user_role = current_user.highest_priority_role
# Admins are able to remove the admin role from other admins
# For all other roles they can only add/remove roles with a higher priority
disallowed_roles = if current_user_role.name == "admin"
Role.editable_roles(@user_domain).where("priority < #{current_user_role.priority}")
.pluck(:id)
else
Role.editable_roles(@user_domain).where("priority <= #{current_user_role.priority}")
.pluck(:id)
end
user.roles.by_priority.pluck(:id) | disallowed_roles
end
end

10
app/mailers/user_mailer.rb
View File

@ -35,20 +35,22 @@ class UserMailer < ApplicationMailer
mail to: user.email, subject: t('reset_password.subtitle')
end
def user_promoted(user, url, image, color)
def user_promoted(user, role, url, image, color)
@url = url
@admin_url = url + "admins"
@image = image
@color = color
mail to: user.email, subject: t('mailer.user.promoted.subtitle')
@role = role
mail to: user.email, subject: t('mailer.user.promoted.subtitle', role: role)
end
def user_demoted(user, url, image, color)
def user_demoted(user, role, url, image, color)
@url = url
@root_url = url
@image = image
@color = color
mail to: user.email, subject: t('mailer.user.demoted.subtitle')
@role = role
mail to: user.email, subject: t('mailer.user.demoted.subtitle', role: role)
end
def invite_email(name, email, url, image, color)

23
app/models/ability.rb
View File

@ -24,10 +24,25 @@ class Ability
cannot :manage, AdminsController
elsif user.has_role? :super_admin
can :manage, :all
elsif user.has_role? :admin
can :manage, :all
elsif user.has_role? :user
cannot :manage, AdminsController
else
highest_role = user.highest_priority_role
if highest_role.can_edit_site_settings
can [:index, :site_settings, :server_recordings, :branding, :coloring, :coloring_lighten, :coloring_darken,
:room_authentication, :registration_method, :room_limit, :default_recording_visibility], :admin
end
if highest_role.can_edit_roles
can [:index, :roles, :new_role, :change_role_order, :update_role, :delete_role], :admin
end
if highest_role.can_manage_users
can [:index, :roles, :edit_user, :promote, :demote, :ban_user, :unban_user,
:approve, :invite], :admin
end
if !highest_role.can_edit_site_settings && !highest_role.can_edit_roles && !highest_role.can_manage_users
cannot :manage, AdminsController
end
end
end
end

26
app/models/role.rb
View File

@ -19,13 +19,25 @@
class Role < ApplicationRecord
has_and_belongs_to_many :users, join_table: :users_roles
belongs_to :resource,
polymorphic: true,
optional: true
default_scope { order(:priority) }
scope :by_priority, -> { order(:priority) }
scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) }
validates :resource_type,
inclusion: { in: Rolify.resource_types },
allow_nil: true
RESERVED_ROLE_NAMES = %w[super_admin admin pending denied user]
scopify
def self.duplicate_name(name, provider)
RESERVED_ROLE_NAMES.include?(name) || Role.exists?(name: name, provider: provider)
end
def self.create_default_roles(provider)
Role.create(name: "user", provider: provider, priority: 1, can_create_rooms: true, colour: "#868e96")
Role.create(name: "admin", provider: provider, priority: 0, can_create_rooms: true, send_promoted_email: true,
send_demoted_email: true, can_edit_site_settings: true,
can_edit_roles: true, can_manage_users: true, colour: "#f1c40f")
Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8")
Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40")
Role.create(name: "super_admin", provider: provider, priority: -2, can_create_rooms: true,
send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true,
can_edit_roles: true, can_manage_users: true, colour: "#cd201f")
end
end

91
app/models/user.rb
View File

@ -19,7 +19,6 @@
require 'bbb_api'
class User < ApplicationRecord
rolify
include ::BbbApi
attr_accessor :reset_token
@ -33,6 +32,8 @@ class User < ApplicationRecord
has_many :rooms
belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
has_and_belongs_to_many :roles, join_table: :users_roles
validates :name, length: { maximum: 256 }, presence: true
validates :provider, presence: true
validate :check_if_email_can_be_blank
@ -59,6 +60,7 @@ class User < ApplicationRecord
u.username = auth_username(auth) unless u.username
u.email = auth_email(auth)
u.image = auth_image(auth) unless u.image
auth_roles(u, auth)
u.email_verified = true
u.save!
end
@ -99,6 +101,18 @@ class User < ApplicationRecord
auth['info']['image']
end
end
def auth_roles(user, auth)
unless auth['info']['roles'].nil?
roles = auth['info']['roles'].split(',')
role_provider = auth['provider'] == "bn_launcher" ? auth['info']['customer'] : "greenlight"
roles.each do |role_name|
role = Role.where(provider: role_provider, name: role_name).first
user.roles << role unless role.nil?
end
end
end
end
def self.admins_search(string, role)
@ -112,16 +126,16 @@ class User < ApplicationRecord
search_query = ""
role_search_param = ""
if role.present?
search_query = "(users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
" OR users.#{created_at_query} LIKE :search OR provider LIKE :search)" \
" AND roles.name = :roles_search"
role_search_param = role
else
if role.nil?
search_query = "users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
" OR users.#{created_at_query} LIKE :search OR provider LIKE :search" \
" OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search" \
" OR roles.name LIKE :roles_search"
role_search_param = "%#{string}%".downcase
role_search_param = "%#{string}%"
else
search_query = "(users.name LIKE :search OR email LIKE :search OR username LIKE :search" \
" OR users.#{created_at_query} LIKE :search OR users.provider LIKE :search)" \
" AND roles.name = :roles_search"
role_search_param = role.name
end
search_param = "%#{string}%"
@ -204,17 +218,14 @@ class User < ApplicationRecord
def admin_of?(user)
if Rails.configuration.loadbalanced_configuration
# Pulls in the user roles if they weren't request in the original request
# So the has_cached_role? doesn't always return false
user.roles
if has_cached_role? :super_admin
if has_role? :super_admin
id != user.id
else
(has_cached_role? :admin) && (id != user.id) && (provider == user.provider) &&
(!user.has_cached_role? :super_admin)
highest_priority_role.can_manage_users && (id != user.id) && (provider == user.provider) &&
(!user.has_role? :super_admin)
end
else
((has_cached_role? :admin) || (has_cached_role? :super_admin)) && (id != user.id)
(highest_priority_role.can_manage_users || (has_role? :super_admin)) && (id != user.id)
end
end
@ -228,6 +239,50 @@ class User < ApplicationRecord
SecureRandom.urlsafe_base64
end
# role functions
def highest_priority_role
roles.by_priority.first
end
def add_role(role)
unless has_role?(role)
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
roles << Role.find_or_create_by(name: role, provider: role_provider)
save!
end
end
def remove_role(role)
if has_role?(role)
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
roles.delete(Role.find_by(name: role, provider: role_provider))
save!
end
end
# This rule is disabled as the function name must be has_role?
# rubocop:disable Naming/PredicateName
def has_role?(role)
# rubocop:enable Naming/PredicateName
roles.exists?(name: role)
end
def self.with_role(role)
User.all_users_with_roles.where(roles: { name: role })
end
def self.without_role(role)
User.where.not(id: with_role(role).pluck(:id))
end
def self.all_users_with_roles
User.joins("INNER JOIN users_roles ON users_roles.user_id = users.id INNER JOIN roles " \
"ON roles.id = users_roles.role_id")
end
private
def create_reset_activation_digest(token)
@ -251,6 +306,10 @@ class User < ApplicationRecord
# Initialize the user to use the default user role
def assign_default_role
role_provider = Rails.configuration.loadbalanced_configuration ? provider : "greenlight"
Role.create_default_roles(role_provider) if Role.where(provider: role_provider).count.zero?
add_role(:user) if roles.blank?
end

23
app/views/admins/components/_menu_buttons.html.erb
View File

@ -14,13 +14,24 @@
%>
<div class="list-group list-group-transparent mb-0">
<%= link_to admins_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "index"}" do %>
<span class="icon mr-3"><i class="fas fa-users"></i></span><%= t("administrator.users.title") %>
<% highest_role = current_user.highest_priority_role %>
<% highest_role.name %>
<% if highest_role.can_manage_users || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "index"}" do %>
<span class="icon mr-3"><i class="fas fa-users"></i></span><%= t("administrator.users.title") %>
<% end %>
<% end %>
<%= link_to admin_site_settings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "site_settings"}" do %>
<span class="icon mr-4"><i class="fas fa-cogs"></i></span><%= t("administrator.site_settings.title") %>
<% if highest_role.can_edit_site_settings || highest_role.name == "super_admin" %>
<%= link_to admin_recordings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "server_recordings"}" do %>
<span class="icon mr-4"><i class="fas fa-video"></i></i></span><%= t("administrator.recordings.title") %>
<% end %>
<%= link_to admin_site_settings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "site_settings"}" do %>
<span class="icon mr-4"><i class="fas fa-cogs"></i></span><%= t("administrator.site_settings.title") %>
<% end %>
<% end %>
<%= link_to admin_recordings_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "server_recordings"}" do %>
<span class="icon mr-4"><i class="fas fa-video"></i></i></span><%= t("administrator.recordings.title") %>
<% if highest_role.can_edit_roles || highest_role.name == "super_admin" %>
<%= link_to admin_roles_path, class: "list-group-item list-group-item-action dropdown-item #{"active" if active_page == "roles"}" do %>
<span class="icon mr-4"><i class="fas fa-user-tag"></i></i></span><%= t("administrator.roles.title") %>
<% end %>
<% end %>
</div>

94
app/views/admins/components/_roles.html.erb Normal file
View File

@ -0,0 +1,94 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="container">
<div class="row">
<div class="col-lg-3 mb-4">
<div class="list-group list-group-transparent mb-0">
<div id="rolesSelect" data-url="<%= admin_roles_order_path %>">
<% @roles.each do |role| %>
<%= link_to admin_roles_path(selected_role: role.id),
class: "#{"sort-disabled" if role.name == "user" || role.name == "admin" || role.priority <= current_user.highest_priority_role.priority } dropdown-item list-group-item list-group-item-action #{"active" if @selected_role.id == role.id}",
id: dom_id(role) do %>
<%= translated_role_name(role) %>
<% end %>
<% end %>
</div>
<%= link_to "#", id: "newRoleButton", class: "list-group-item list-group-item-action", "data-toggle" => "modal", "data-target" => '#createRoleModal' do %>
<span class="icon mr-4"><i class="fas fa-plus-circle"></i></span><%= t("administrator.roles.new_role") %>
<% end %>
</div>
</div>
<div class="col-lg-9 <%="form-disable" if edit_disabled %>">
<%= form_for(@selected_role, url: admin_update_role_path(@selected_role.id), method: :post) do |f| %>
<%= f.label t('administrator.roles.name'), class: "form-label" %>
<%= f.text_field :name, class: 'form-control mb-3', value: translated_role_name(@selected_role), readonly: edit_disabled || @selected_role.name == "user" || @selected_role.name == "admin", required: true %>
<%= f.hidden_field :colour, id: "role-colour", value: role_colour(@selected_role) %>
<div class="form-group">
<label class="form-label"><%= t("administrator.roles.colour.title") %></label>
<label class="form-label text-muted"><%= t("administrator.roles.colour.info") %></label>
<div class="color-inputs">
<div id="role-colorinput-regular" class="btn role-colour-picker" data-disabled="<%= edit_disabled %>" data-colour="<%= role_colour(@selected_role) %>">
<%= t("administrator.site_settings.color.regular") %>
</div>
</div>
</div>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.can_create_rooms")%></span>
<%= f.check_box :can_create_rooms, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.promote_email")%></span>
<%= f.check_box :send_promoted_email, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.demote_email")%></span>
<%= f.check_box :send_demoted_email, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.edit_site_settings")%></span>
<%= f.check_box :can_edit_site_settings, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.edit_roles")%></span>
<%= f.check_box :can_edit_roles, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_users")%></span>
<%= f.check_box :can_manage_users, class: "custom-switch-input", disabled: edit_disabled %>
<span class="custom-switch-indicator float-right"></span>
</label>
<div class="mt-4">
<%= f.submit t("update"), class: "btn btn-primary float-right ml-2 mb-2", disabled: edit_disabled %>
<% if @selected_role.name != "user" && @selected_role.name != "admin" && !edit_disabled %>
<%= link_to admin_delete_role_path(@selected_role.id), method: :delete, class: "float-right btn btn-danger" do %>
<%= t("administrator.roles.delete") %>
<% end %>
<% end %>
</div>
<% end %>
</div>
</div>
</div>
<%= render "shared/modals/create_role_modal" %>

14
app/views/admins/components/_users.html.erb
View File

@ -28,7 +28,7 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<% if @role.present? %>
<% unless @role.nil? %>
<%= render "shared/components/admins_tags" %>
<% end %>
@ -88,7 +88,7 @@
<td><%= user.provider %></td>
<td class="text-center">
<% roles = user.roles().pluck(:name) %>
<%= render "shared/components/admins_role", roles: roles %>
<%= render "shared/components/admins_role", role: user.highest_priority_role %>
</td>
<td>
<% if roles.include?("pending") %>
@ -122,16 +122,6 @@
<button class= "delete-user dropdown-item" data-toggle="modal" data-target="#deleteAccountModal">
<i class="dropdown-icon fas fa-user-minus"></i> <%= t("administrator.users.settings.delete") %>
</button>
<% if roles.include?("admin") %>
<%= button_to admin_demote_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-level-down-alt"></i> <%= t("administrator.users.settings.demote") %>
<% end %>
<% elsif roles.include?("user") %>
<%= button_to admin_promote_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-level-up-alt"></i> <%= t("administrator.users.settings.promote") %>
<% end %>
<% end %>
<%= button_to admin_ban_path(user_uid: user.uid), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-lock"></i> <%= t("administrator.users.settings.ban") %>
<% end %>

27
app/views/admins/roles.html.erb Normal file
View File

@ -0,0 +1,27 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="container pt-6">
<%= render "shared/components/subtitle", subtitle: t("administrator.title"), search: false %>
<div class="row">
<div class="col-lg-3 mb-4">
<%= render "admins/components/menu_buttons" %>
</div>
<div class="col-lg-9">
<%= render "admins/components/setting_view", setting_id: "roles", setting_title: t("administrator.roles.title"), search: false %>
</div>
</div>
</div>

44
app/views/rooms/cant_create_rooms.html.erb Normal file
View File

@ -0,0 +1,44 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div id="cant-create-room-wrapper" class="background h-100 cant-create-room-wrapper">
<div class="container h-100">
<div class="row h-100 align-items-center">
<div class="offset-3 col-6 offset-3">
<div class="card">
<div class="card-status bg-primary"></div>
<div class="card-header">
<h3 class="card-title"><%= t("room.no_room.title") %></h3>
</div>
<div class="card-body">
<%= form_for(:join_room, url: join_room_path) do |f| %>
<div class="input-icon mb-2">
<span class="input-icon-addon">
<i class="fas fa-link"></i>
</span>
<%= f.text_field :url, class: "form-control", value: "", placeholder: t("room.no_room.placeholder"), required: "" %>
</div>
<div class="mt-4">
<%= f.submit t("room.join"), class:"btn btn-primary btn-block" %>
</div>
<% end %>
</div>
</div>
</div>
</div>
</div>
</div>

21
app/views/shared/_header.html.erb
View File

@ -23,7 +23,7 @@
<div class="d-flex ml-auto">
<% if current_user %>
<% if current_user.has_cached_role? :super_admin %>
<% if current_user.has_role? :super_admin %>
<% admins_page = params[:controller] == "admins" && params[:action] == "index" ? "active" : "" %>
<%= link_to admins_path, class: "px-3 mx-1 mt-1 header-nav #{admins_page}" do %>
<i class="fas fa-home pr-1 "></i> <%= t("header.dropdown.home") %>
@ -34,9 +34,11 @@
<i class="fas fa-home pr-1 "></i> <%= t("header.dropdown.home") %>
<% end %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i> <%= t("header.all_recordings") %>
<% if current_user.highest_priority_role.can_create_rooms %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i> <%= t("header.all_recordings") %>
<% end %>
<% end %>
<% end %>
@ -56,10 +58,19 @@
<%= link_to edit_user_path(current_user), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-id-card mr-3"></i><%= t("header.dropdown.settings") %>
<% end %>
<% if current_user.has_cached_role? :admin %>
<% highest_role = current_user.highest_priority_role %>
<% if highest_role.can_manage_users || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_site_settings %>
<%= link_to admin_site_settings_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_roles%>
<%= link_to admin_roles_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% end %>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="http://docs.bigbluebutton.org/install/greenlight-v2.html" target="_blank">

24
app/views/shared/components/_admins_role.html.erb
View File

@ -13,24 +13,6 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<% if roles.include?("denied")%>
<button class="user-role btn btn-sm btn-gray-dark" onclick="filterRole('denied')">
<%= t("roles.banned") %>
</button>
<% elsif roles.include?("pending") %>
<button class="user-role btn btn-sm btn-cyan" onclick="filterRole('pending')">
<%= t("roles.pending") %>
</button>
<% elsif roles.include?("super_admin") %>
<button class="user-role btn btn-sm btn-red" onclick="filterRole('super_admin')">
<%= t("roles.super_admin") %>
</button>
<% elsif roles.include?("admin") %>
<button class="user-role btn btn-sm btn-yellow" onclick="filterRole('admin')">
<%= t("roles.administrator") %>
</button>
<% else %>
<button class="user-role btn btn-sm btn-gray" onclick="filterRole('user')">
<%= t("roles.user") %>
</button>
<% end %>
<button style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)}" %>" class="user-role btn btn-sm" onclick="filterRole('<%= role.name %>')">
<%= translated_role_name(role) %>
</button>

42
app/views/shared/components/_admins_tags.html.erb
View File

@ -16,42 +16,12 @@
<div class="form-group">
<div class="row">
<div class="col-12 tags">
<% if @role == "denied"%>
<span class="tag tag-gray-dark">
<%= t("roles.banned") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "pending" %>
<span class="tag tag-cyan">
<%= t("roles.pending") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "super_admin" %>
<span class="tag tag-red">
<%= t("roles.super_admin") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "admin" %>
<span class="tag tag-yellow">
<%= t("roles.administrator") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% else %>
<span class="tag tag-gray">
<%= t("roles.user") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% end %>
<span style="<%= "background-color: #{role_colour(@role)};border-color: #{role_colour(@role)};" %>" class="tag custom-role-tag">
<%= translated_role_name(@role) %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
</div>
</div>
</div>

44
app/views/shared/modals/_create_role_modal.html.erb Normal file
View File

@ -0,0 +1,44 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="modal fade" id="createRoleModal" tabindex="-1" role="dialog">
<div class="modal-dialog modal-dialog-centered" role="document">
<div class="modal-content text-center">
<div class="modal-body">
<div class="card-body p-6">
<div class="card-title">
<h3><%= t("modal.create_role.title") %></h3>
</div>
<%= form_for(:role, url: admin_new_role_path) do |f| %>
<div class="input-icon mb-2">
<span class="input-icon-addon">
<i class="fas fa-user-tag"></i>
</span>
<%= f.text_field :name, id: "createRoleName", class: "form-control text-center", placeholder: t("modal.create_role.name_placeholder"), autocomplete: :off, required: true %>
<div class="invalid-feedback text-left"><%= t("modal.create_role.not_blank") %></div>
</div>
<div class="mt-4">
<%= f.submit t("modal.create_role.create"), class: "btn btn-primary btn-block" %>
</div>
<% end %>
</div>
<div class="card-footer">
<p><%= t("modal.create_role.footer_text") %></p>
</div>
</div>
</div>
</div>
</div>

22
app/views/shared/settings/_account.html.erb
View File

@ -38,6 +38,28 @@
<%= f.label t("settings.account.language"), class: "form-label" %>
<%= f.select :language, language_options, {}, { class: "form-control custom-select" } %>
<% current_user_role = current_user.highest_priority_role %>
<br>
<br>
<%= f.label t("settings.account.roles"), class: "form-label" %>
<div id="role-tag-container" class="tags mb-1">
<% @user.roles.by_priority.each do |role| %>
<span id="<%= "user-role-tag_#{role.id}" %>" style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)};" %>" class="tag user-role-tag">
<%= translated_role_name(role) %>
<% if (current_user_role.can_edit_roles || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
<a data-role-id="<%= role.id %>" class="tag-addon clear-role">
<i data-role-id="<%= role.id %>" class="fas fa-times"></i>
</a>
<% end %>
</span>
<% end %>
</div>
<% if current_user_role.can_edit_roles || current_user_role.name == "super_admin" %>
<% provider = Rails.configuration.loadbalanced_configuration ? current_user.provider : "greenlight" %>
<%= f.select :roles, Role.editable_roles(@user_domain).map{|role| [translated_role_name(role), role.id, {'data-colour' => role_colour(role)}]}.unshift(["", nil, {'data-colour' => nil}]), {disabled: disabled_roles(@user)}, { class: "form-control custom-select", id: "role-select-dropdown" } %>
<% end %>
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id) %>
<%= f.label t("settings.account.image"), class: "form-label mt-5" %>
<div class="row">
<div class="col-2">

4
app/views/user_mailer/user_demoted.html.erb
View File

@ -21,11 +21,11 @@
<%= image_tag(@image, height: '70') %>
<h1 style="margin-bottom:30px">
<%= t('mailer.user.demoted.subtitle') %>
<%= t('mailer.user.demoted.subtitle', role: @role) %>
</h1>
<p>
<%= t('mailer.user.demoted.info', url: @url) %>
<%= t('mailer.user.demoted.info', url: @url, role: @role) %>
</p>
<p style="margin-bottom:45px;">

4
app/views/user_mailer/user_demoted.text.erb
View File

@ -17,9 +17,9 @@
%>
<%= t('mailer.user.demoted.subtitle') %>
<%= t('mailer.user.demoted.subtitle', role: @role) %>
<%= t('mailer.user.demoted.info', url: @url) %>
<%= t('mailer.user.demoted.info', url: @url, role: @role) %>
<%= t('mailer.user.demoted.more-info') %>

6
app/views/user_mailer/user_promoted.html.erb
View File

@ -21,15 +21,15 @@
<%= image_tag(@image, height: '70') %>
<h1 style="margin-bottom:30px">
<%= t('mailer.user.promoted.subtitle') %>
<%= t('mailer.user.promoted.subtitle', role: @role) %>
</h1>
<p>
<%= t('mailer.user.promoted.info', url: @url) %>
<%= t('mailer.user.promoted.info', url: @url, role: @role) %>
</p>
<p style="margin-bottom:45px;">
<%= t('mailer.user.promoted.more-info') %>
<%= t('mailer.user.promoted.more-info', url: @url) %>
</p>
<a style="background: <%= @color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;" href="<%= @admin_url %>">

6
app/views/user_mailer/user_promoted.text.erb
View File

@ -17,10 +17,10 @@
%>
<%= t('mailer.user.promoted.subtitle') %>
<%= t('mailer.user.promoted.subtitle', role: @role) %>
<%= t('mailer.user.promoted.info', url: @url) %>
<%= t('mailer.user.promoted.info', url: @url, role: @role) %>
<%= t('mailer.user.promoted.more-info') %>
<%= t('mailer.user.promoted.more-info', url: @url) %>
<%= @admin_url %>