GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

* Add roles editor

* Add colour selection ability to roles

* Add ability to assign roles to users in the UI

* Remove rolify and replace it with our own custom roles implemenation

* - Fix all existing roles functionality
- Fix super admins

* Fix bugs with new customers not have default roles

* Add can't create room setting

* Code improvements

* Fix migration

* Add tests for new methods

* Translate reserved role names

* Pull roles from saml/ldap

* Fix rspec

* Fix scrutinizer issues

* Fix email promoted/demoted tests

* Apply comments

* Redirect directly to the main room

* Add comments

config/initializers/rolify.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-Rolify.configure do |config|
-  # By default ORM adapter is ActiveRecord. uncomment to use mongoid
-  # config.use_mongoid
-
-  # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false
-  # config.use_dynamic_shortcuts
-
-  # Configuration to remove roles from database once the last resource is removed. Default is: true
-  # config.remove_role_if_empty = false
-end

config/locales/en.yml

@@ -80,6 +80,27 @@ en:
     recordings:
       title: Server Recordings
       no_recordings: This server has no recordings.
+    roles:
+      can_create_rooms: Can create rooms
+      delete: Delete the role
+      duplicate_name: The role name you provided was a duplicate. All role names must be unique
+      empty_name: All roles must have a non empty name
+      invalid_order: The user role must be the lowest priority role and the admin role must be the highest priority role
+      invalid_update: You can't update a role with a higher priority than your own role
+      name: Role Name
+      new_role: Create a new role
+      role_has_users: This role is assigned to %{user_count} accounts. Please remove all accounts from this role before deleting it.
+      title: Roles
+      promote_email: Send an email to users when they are assigned this role
+      demote_email: Send an email to users when they are removed from this role
+      edit_site_settings: Allow users with this role to edit site settings
+      edit_roles: Allow users with this role to edit other roles
+      manage_users: Allow users with this role to manage users
+      invalid_assignment: You can't assign a role with a higher priority than your own to a user
+      invalid_removal: You can't remove a role with a higher priority than your own
+      colour:
+        title: Role Colour
+        info: Set the colour that will be associated with the role
     title: Organization Settings
     users:
       invite: Invite User
@@ -90,9 +111,8 @@ en:
         decline: Decline
         ban: Ban User
         delete: Delete
-        demote: Demote to User
         edit: Edit
-        promote: Promote to Admin
+        edit_roles: Edit the user roles
         unban: Unban User
       table:
         authenticator: Authenticator
@@ -226,10 +246,10 @@ en:
         subject: Account Approved
         username: Your username is %{email}.
       demoted:
-        info: You are no longer an administrator on %{url}.
-        more-info: You now have the same privileges as a regular user and will no longer be able to access any of the Administrator settings.
+        info: You are no longer an %{role} on %{url}.
+        more-info: You now have the same privileges as a regular user.
         root_link: Sign In
-        subtitle: Administrator Rights Rescinded
+        subtitle: "%{role} Rights Rescinded"
       invite:
         info: You have been invited to your own personal space by %{name}
         signup_info: To signup using your email, click the button below and follow the steps.
@@ -250,9 +270,9 @@ en:
         ignore: You can safely ignore this email if you did not request a password reset.
       promoted:
         admins_link: Visit the Organization Page
-        info: You are now an administrator on %{url}.
-        more-info: As an administrator, you can manage users, their role and configure your site settings by changing the logo and brand colour.
-        subtitle: Administrator Rights Granted
+        info: You are now an %{role} on %{url}.
+        more-info: To view your new abilities please visit %{url}.
+        subtitle: "%{role} Rights Granted"
       verify_email:
         welcome: Welcome to your personal space, %{name}!
         success: Leveraging %{bigbluebutton}, you can create your own rooms to host sessions and collaborate with others.
@@ -263,6 +283,12 @@ en:
         thanks: Thanks for joining and have a great day!
   max_concurrent: The maximum number of concurrent sessions allowed has been reached!
   modal:
+    create_role:
+      create: Create a new Role
+      footer_text: You can edit the individual permissions for this role after you've created it
+      name_placeholder: Enter a role name...
+      not_blank: Role name cannot be blank.
+      title: Create New Role
     create_room:
       access_code: Access Code
       access_code_placeholder: Generate an optional room access code
@@ -369,10 +395,9 @@ en:
     confirm: New Password Confirmation
     update: Update Password
   roles:
-    administrator: Admin
+    admin: Admin
     banned: Banned
     pending: Pending
-    super_admin: Super Admin
     user: User
   room:
     access_code_required: Please enter a valid access code to join the room
@@ -386,6 +411,10 @@ en:
     last_session: Last session on %{session}
     login: Enter
     owner: Owner
+    no_room:
+      title: Join a Room
+      placeholder: Enter the room url or the room id for the room you want to join.
+      invalid_room_uid: The room url/uid you entered was invalid.
     no_sessions: This room has no sessions, yet!
     recordings: Room Recordings
     room_limit: You have reached the maximum number of rooms allowed
@@ -406,6 +435,7 @@ en:
       provider: Provider
       image: Image
       image_url: Profile Image URL
+      roles: User Roles
       subtitle: Update your Account Info
       title: Account Info
     delete:

config/routes.rb

@@ -46,8 +46,6 @@ Rails.application.routes.draw do
     post '/coloring_darken', to: 'admins#coloring_darken', as: :admin_coloring_darken
     post '/signup', to: 'admins#signup', as: :admin_signup
     get '/edit/:user_uid', to: 'admins#edit_user', as: :admin_edit_user
-    post '/promote/:user_uid', to: 'admins#promote', as: :admin_promote
-    post '/demote/:user_uid', to: 'admins#demote', as: :admin_demote
     post '/ban/:user_uid', to: 'admins#ban_user', as: :admin_ban
     post '/unban/:user_uid', to: 'admins#unban_user', as: :admin_unban
     post '/invite', to: 'admins#invite', as: :invite_user
@@ -55,6 +53,11 @@ Rails.application.routes.draw do
     post '/approve/:user_uid', to: 'admins#approve', as: :admin_approve
     post '/room_limit', to: 'admins#room_limit', as: :admin_room_limit
     post '/default_recording_visibility', to: 'admins#default_recording_visibility', as: :admin_recording_visibility
+    get '/roles', to: 'admins#roles', as: :admin_roles
+    post '/role', to: 'admins#new_role', as: :admin_new_role
+    patch 'roles/order', to: 'admins#change_role_order', as: :admin_roles_order
+    post '/role/:role_id', to: 'admins#update_role', as: :admin_update_role
+    delete 'role/:role_id', to: 'admins#delete_role', as: :admin_delete_role
   end
 
   scope '/themes' do
@@ -96,6 +99,9 @@ Rails.application.routes.draw do
   # Room resources.
   resources :rooms, only: [:create, :show, :destroy], param: :room_uid, path: '/'
 
+  # Join a room by UID
+  post '/room/join', to: 'rooms#join_specific_room', as: :join_room
+
   # Extended room routes.
   scope '/:room_uid' do
     post '/', to: 'rooms#join'