GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

* Add roles editor

* Add colour selection ability to roles

* Add ability to assign roles to users in the UI

* Remove rolify and replace it with our own custom roles implemenation

* - Fix all existing roles functionality
- Fix super admins

* Fix bugs with new customers not have default roles

* Add can't create room setting

* Code improvements

* Fix migration

* Add tests for new methods

* Translate reserved role names

* Pull roles from saml/ldap

* Fix rspec

* Fix scrutinizer issues

* Fix email promoted/demoted tests

* Apply comments

* Redirect directly to the main room

* Add comments

app/helpers/admins_helper.rb

@@ -78,4 +78,8 @@ module AdminsHelper
   def room_limit_number
     Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
   end
+
+  def edit_disabled
+    @edit_disabled ||= @selected_role.priority <= current_user.highest_priority_role.priority
+  end
 end

app/helpers/application_helper.rb

@@ -107,7 +107,25 @@ module ApplicationHelper
   # Returns the page that the logo redirects to when clicked on
   def home_page
     return root_path unless current_user
-    return admins_path if current_user.has_cached_role? :super_admin
+    return admins_path if current_user.has_role? :super_admin
     current_user.main_room
   end
+
+  def role_colour(role)
+    role.colour || Rails.configuration.primary_color_default
+  end
+
+  def translated_role_name(role)
+    if role.name == "denied"
+      I18n.t("roles.banned")
+    elsif role.name == "pending"
+      I18n.t("roles.pending")
+    elsif role.name == "admin"
+      I18n.t("roles.admin")
+    elsif role.name == "user"
+      I18n.t("roles.user")
+    else
+      role.name
+    end
+  end
 end

app/helpers/rooms_helper.rb

@@ -37,7 +37,7 @@ module RoomsHelper
 
     # Does not apply to admin or users that aren't signed in
     # 15+ option is used as unlimited
-    return false if current_user&.has_cached_role?(:admin) || limit == 15
+    return false if current_user&.has_role?(:admin) || limit == 15
 
     current_user.rooms.length >= limit
   end
@@ -46,7 +46,7 @@ module RoomsHelper
     # Get how many rooms need to be deleted to reach allowed room number
     limit = Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
 
-    return false if current_user&.has_cached_role?(:admin) || limit == 15
+    return false if current_user&.has_role?(:admin) || limit == 15
 
     @diff = current_user.rooms.count - limit
     @diff.positive? && current_user.rooms.pluck(:id).index(room.id) + 1 > limit

app/helpers/theming_helper.rb

@@ -31,7 +31,7 @@ module ThemingHelper
 
   # Returns the user's provider in the settings context
   def user_settings_provider
-    if Rails.configuration.loadbalanced_configuration && current_user && !current_user&.has_cached_role?(:super_admin)
+    if Rails.configuration.loadbalanced_configuration && current_user && !current_user&.has_role?(:super_admin)
       current_user.provider
     elsif Rails.configuration.loadbalanced_configuration
       @user_domain

app/helpers/users_helper.rb

@@ -20,4 +20,20 @@ module UsersHelper
   def recaptcha_enabled?
     Rails.configuration.recaptcha_enabled
   end
+
+  def disabled_roles(user)
+    current_user_role = current_user.highest_priority_role
+
+    # Admins are able to remove the admin role from other admins
+    # For all other roles they can only add/remove roles with a higher priority
+    disallowed_roles = if current_user_role.name == "admin"
+                          Role.editable_roles(@user_domain).where("priority < #{current_user_role.priority}")
+                              .pluck(:id)
+                        else
+                          Role.editable_roles(@user_domain).where("priority <= #{current_user_role.priority}")
+                              .pluck(:id)
+                       end
+
+    user.roles.by_priority.pluck(:id) | disallowed_roles
+  end
 end