GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

* Add roles editor * Add colour selection ability to roles * Add ability to assign roles to users in the UI * Remove rolify and replace it with our own custom roles implemenation * - Fix all existing roles functionality - Fix super admins * Fix bugs with new customers not have default roles * Add can't create room setting * Code improvements * Fix migration * Add tests for new methods * Translate reserved role names * Pull roles from saml/ldap * Fix rspec * Fix scrutinizer issues * Fix email promoted/demoted tests * Apply comments * Redirect directly to the main room * Add comments
2019-07-31 11:53:32 -04:00
parent 02b342b157
commit 4fc1714db8
56 changed files with 1713 additions and 328 deletions
--- a/app/models/role.rb
+++ b/app/models/role.rb
@ -19,13 +19,25 @@
 class Role < ApplicationRecord
  has_and_belongs_to_many :users, join_table: :users_roles

-  belongs_to :resource,
-    polymorphic: true,
-    optional: true
+  default_scope { order(:priority) }
+  scope :by_priority, -> { order(:priority) }
+  scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) }

-  validates :resource_type,
-    inclusion: { in: Rolify.resource_types },
-    allow_nil: true
+  RESERVED_ROLE_NAMES = %w[super_admin admin pending denied user]

-  scopify
+  def self.duplicate_name(name, provider)
+    RESERVED_ROLE_NAMES.include?(name) || Role.exists?(name: name, provider: provider)
+  end
+
+  def self.create_default_roles(provider)
+    Role.create(name: "user", provider: provider, priority: 1, can_create_rooms: true, colour: "#868e96")
+    Role.create(name: "admin", provider: provider, priority: 0, can_create_rooms: true, send_promoted_email: true,
+      send_demoted_email: true, can_edit_site_settings: true,
+      can_edit_roles: true, can_manage_users: true, colour: "#f1c40f")
+    Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8")
+    Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40")
+    Role.create(name: "super_admin", provider: provider, priority: -2, can_create_rooms: true,
+      send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true,
+      can_edit_roles: true, can_manage_users: true, colour: "#cd201f")
+  end
 end