lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

Browse Source 
* Add roles editor

* Add colour selection ability to roles

* Add ability to assign roles to users in the UI

* Remove rolify and replace it with our own custom roles implemenation

* - Fix all existing roles functionality
- Fix super admins

* Fix bugs with new customers not have default roles

* Add can't create room setting

* Code improvements

* Fix migration

* Add tests for new methods

* Translate reserved role names

* Pull roles from saml/ldap

* Fix rspec

* Fix scrutinizer issues

* Fix email promoted/demoted tests

* Apply comments

* Redirect directly to the main room

* Add comments
This commit is contained in:
shawn-higgins1
2019-07-31 11:53:32 -04:00
committed by Jesus Federico
parent 02b342b157
commit 4fc1714db8
56 changed files with 1713 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/views/shared/_header.html.erb
View File

@ -23,7 +23,7 @@
<div class="d-flex ml-auto">
<% if current_user %>
<% if current_user.has_cached_role? :super_admin %>
<% if current_user.has_role? :super_admin %>
<% admins_page = params[:controller] == "admins" && params[:action] == "index" ? "active" : "" %>
<%= link_to admins_path, class: "px-3 mx-1 mt-1 header-nav #{admins_page}" do %>
<i class="fas fa-home pr-1 "></i> <%= t("header.dropdown.home") %>
@ -34,9 +34,11 @@
<i class="fas fa-home pr-1 "></i> <%= t("header.dropdown.home") %>
<% end %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i> <%= t("header.all_recordings") %>
<% if current_user.highest_priority_role.can_create_rooms %>
<% all_rec_page = params[:controller] == "users" && params[:action] == "recordings" ? "active" : "" %>
<%= link_to get_user_recordings_path(current_user), class: "px-3 mx-1 mt-1 header-nav #{all_rec_page}" do %>
<i class="fas fa-video pr-1"></i> <%= t("header.all_recordings") %>
<% end %>
<% end %>
<% end %>
@ -56,10 +58,19 @@
<%= link_to edit_user_path(current_user), class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-id-card mr-3"></i><%= t("header.dropdown.settings") %>
<% end %>
<% if current_user.has_cached_role? :admin %>
<% highest_role = current_user.highest_priority_role %>
<% if highest_role.can_manage_users || highest_role.name == "super_admin" %>
<%= link_to admins_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_site_settings %>
<%= link_to admin_site_settings_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% elsif highest_role.can_edit_roles%>
<%= link_to admin_roles_path, class: "dropdown-item" do %>
<i class="dropdown-icon fas fa-user-tie mr-3"></i><%= t("header.dropdown.account_settings") %>
<% end %>
<% end %>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="http://docs.bigbluebutton.org/install/greenlight-v2.html" target="_blank">

24
app/views/shared/components/_admins_role.html.erb
View File

@ -13,24 +13,6 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<% if roles.include?("denied")%>
<button class="user-role btn btn-sm btn-gray-dark" onclick="filterRole('denied')">
<%= t("roles.banned") %>
</button>
<% elsif roles.include?("pending") %>
<button class="user-role btn btn-sm btn-cyan" onclick="filterRole('pending')">
<%= t("roles.pending") %>
</button>
<% elsif roles.include?("super_admin") %>
<button class="user-role btn btn-sm btn-red" onclick="filterRole('super_admin')">
<%= t("roles.super_admin") %>
</button>
<% elsif roles.include?("admin") %>
<button class="user-role btn btn-sm btn-yellow" onclick="filterRole('admin')">
<%= t("roles.administrator") %>
</button>
<% else %>
<button class="user-role btn btn-sm btn-gray" onclick="filterRole('user')">
<%= t("roles.user") %>
</button>
<% end %>
<button style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)}" %>" class="user-role btn btn-sm" onclick="filterRole('<%= role.name %>')">
<%= translated_role_name(role) %>
</button>

42
app/views/shared/components/_admins_tags.html.erb
View File

@ -16,42 +16,12 @@
<div class="form-group">
<div class="row">
<div class="col-12 tags">
<% if @role == "denied"%>
<span class="tag tag-gray-dark">
<%= t("roles.banned") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "pending" %>
<span class="tag tag-cyan">
<%= t("roles.pending") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "super_admin" %>
<span class="tag tag-red">
<%= t("roles.super_admin") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% elsif @role == "admin" %>
<span class="tag tag-yellow">
<%= t("roles.administrator") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% else %>
<span class="tag tag-gray">
<%= t("roles.user") %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
<% end %>
<span style="<%= "background-color: #{role_colour(@role)};border-color: #{role_colour(@role)};" %>" class="tag custom-role-tag">
<%= translated_role_name(@role) %>
<a class="tag-addon clear-role">
<i class="fas fa-times"></i>
</a>
</span>
</div>
</div>
</div>

44
app/views/shared/modals/_create_role_modal.html.erb Normal file
View File

@ -0,0 +1,44 @@
<%
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>
<div class="modal fade" id="createRoleModal" tabindex="-1" role="dialog">
<div class="modal-dialog modal-dialog-centered" role="document">
<div class="modal-content text-center">
<div class="modal-body">
<div class="card-body p-6">
<div class="card-title">
<h3><%= t("modal.create_role.title") %></h3>
</div>
<%= form_for(:role, url: admin_new_role_path) do |f| %>
<div class="input-icon mb-2">
<span class="input-icon-addon">
<i class="fas fa-user-tag"></i>
</span>
<%= f.text_field :name, id: "createRoleName", class: "form-control text-center", placeholder: t("modal.create_role.name_placeholder"), autocomplete: :off, required: true %>
<div class="invalid-feedback text-left"><%= t("modal.create_role.not_blank") %></div>
</div>
<div class="mt-4">
<%= f.submit t("modal.create_role.create"), class: "btn btn-primary btn-block" %>
</div>
<% end %>
</div>
<div class="card-footer">
<p><%= t("modal.create_role.footer_text") %></p>
</div>
</div>
</div>
</div>
</div>

22
app/views/shared/settings/_account.html.erb
View File

@ -38,6 +38,28 @@
<%= f.label t("settings.account.language"), class: "form-label" %>
<%= f.select :language, language_options, {}, { class: "form-control custom-select" } %>
<% current_user_role = current_user.highest_priority_role %>
<br>
<br>
<%= f.label t("settings.account.roles"), class: "form-label" %>
<div id="role-tag-container" class="tags mb-1">
<% @user.roles.by_priority.each do |role| %>
<span id="<%= "user-role-tag_#{role.id}" %>" style="<%= "background-color: #{role_colour(role)};border-color: #{role_colour(role)};" %>" class="tag user-role-tag">
<%= translated_role_name(role) %>
<% if (current_user_role.can_edit_roles || current_user_role.name == "super_admin") && (role.priority > current_user_role.priority || current_user_role.name == "admin") %>
<a data-role-id="<%= role.id %>" class="tag-addon clear-role">
<i data-role-id="<%= role.id %>" class="fas fa-times"></i>
</a>
<% end %>
</span>
<% end %>
</div>
<% if current_user_role.can_edit_roles || current_user_role.name == "super_admin" %>
<% provider = Rails.configuration.loadbalanced_configuration ? current_user.provider : "greenlight" %>
<%= f.select :roles, Role.editable_roles(@user_domain).map{|role| [translated_role_name(role), role.id, {'data-colour' => role_colour(role)}]}.unshift(["", nil, {'data-colour' => nil}]), {disabled: disabled_roles(@user)}, { class: "form-control custom-select", id: "role-select-dropdown" } %>
<% end %>
<%= f.hidden_field :role_ids, id: "user_role_ids", value: @user.roles.by_priority.pluck(:id) %>
<%= f.label t("settings.account.image"), class: "form-label mt-5" %>
<div class="row">
<div class="col-2">