GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)

* Add roles editor * Add colour selection ability to roles * Add ability to assign roles to users in the UI * Remove rolify and replace it with our own custom roles implemenation * - Fix all existing roles functionality - Fix super admins * Fix bugs with new customers not have default roles * Add can't create room setting * Code improvements * Fix migration * Add tests for new methods * Translate reserved role names * Pull roles from saml/ldap * Fix rspec * Fix scrutinizer issues * Fix email promoted/demoted tests * Apply comments * Redirect directly to the main room * Add comments
2019-07-31 11:53:32 -04:00
parent 02b342b157
commit 4fc1714db8
56 changed files with 1713 additions and 328 deletions
--- a/db/migrate/20190726153012_add_custom_roles.rb
+++ b/db/migrate/20190726153012_add_custom_roles.rb
@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+class AddCustomRoles < ActiveRecord::Migration[5.2]
+  def up
+    super_admin_id = -1
+    user_id = -1
+    admin_id = -1
+    denied_id = -1
+    pending_id = -1
+
+    old_roles = ActiveRecord::Base.connection.execute("select * from roles")
+
+    # Determine what ids corresponded to what roles in the old table
+    old_roles.each do |role|
+      if role["name"] == "super_admin"
+        super_admin_id = role["id"]
+      elsif role["name"] == "user"
+        user_id = role["id"]
+      elsif role["name"] == "admin"
+        admin_id = role["id"]
+      elsif role["name"] == "denied"
+        denied_id = role["id"]
+      elsif role["name"] == "pending"
+        pending_id = role["id"]
+      end
+    end
+
+    # Replace Rolify's table with our own
+    drop_table :roles
+
+    create_table(:roles) do |t|
+      t.string :name
+      t.integer :priority, default: 9999
+      t.boolean :can_create_rooms, default: false
+      t.boolean :send_promoted_email, default: false
+      t.boolean :send_demoted_email, default: false
+      t.boolean :can_edit_site_settings, default: false
+      t.boolean :can_edit_roles, default: false
+      t.boolean :can_manage_users, default: false
+      t.string  :colour
+      t.string :provider
+
+      t.timestamps
+    end
+
+    add_index(:roles, :name)
+    add_index(:roles, [:name, :provider], unique: true)
+
+    # Look at all the old role assignments and and for each role create a new role
+    # that is scoped to the provider
+    old_assignments = ActiveRecord::Base.connection.execute("select * from users_roles")
+    new_assignments = []
+
+    old_assignments.each do |assignment|
+      user = User.find(assignment["user_id"])
+      new_assignment = { "user_id" => assignment["user_id"] }
+      if assignment["role_id"] == super_admin_id
+        new_assignment["new_role_id"] = generate_scoped_role(user, "super_admin")
+      elsif assignment["role_id"] == user_id
+        new_assignment["new_role_id"] = generate_scoped_role(user, "user")
+      elsif assignment["role_id"] == admin_id
+        new_assignment["new_role_id"] = generate_scoped_role(user, "admin")
+      elsif assignment["role_id"] == denied_id
+        new_assignment["new_role_id"] = generate_scoped_role(user, "denied")
+      elsif assignment["role_id"] == pending_id
+        new_assignment["new_role_id"] = generate_scoped_role(user, "pending")
+      end
+
+      new_assignments << new_assignment
+    end
+
+    assign_new_users(new_assignments)
+  end
+
+  def generate_scoped_role(user, role_name)
+    provider = Rails.configuration.loadbalanced_configuration ? user.provider : 'greenlight'
+    new_role = Role.find_by(name: role_name, provider: provider)
+
+    if new_role.nil?
+      Role.create_default_roles(provider)
+
+      new_role = Role.find_by(name: role_name, provider: provider)
+    end
+
+    new_role.id
+  end
+
+  def assign_new_users(new_assignments)
+    # Delete the old assignments
+    ActiveRecord::Base.connection.execute("DELETE FROM users_roles")
+    # Add the role assignments to the new roles
+    new_assignments.each do |assignment|
+      if assignment['new_role_id']
+        ActiveRecord::Base.connection.execute("INSERT INTO users_roles (user_id, role_id)" \
+          " VALUES (#{assignment['user_id']}, #{assignment['new_role_id']})")
+      end
+    end
+  end
+
+  def down
+    drop_table :roles
+
+    create_table(:roles) do |t|
+      t.string :name
+      t.references :resource, polymorphic: true
+
+      t.timestamps
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,53 +10,59 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20190711192033) do
+ActiveRecord::Schema.define(version: 2019_07_26_153012) do

  create_table "features", force: :cascade do |t|
-    t.integer  "setting_id"
-    t.string   "name",                       null: false
-    t.string   "value"
-    t.boolean  "enabled",    default: false
-    t.datetime "created_at",                 null: false
-    t.datetime "updated_at",                 null: false
+    t.integer "setting_id"
+    t.string "name", null: false
+    t.string "value"
+    t.boolean "enabled", default: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
    t.index ["name"], name: "index_features_on_name"
    t.index ["setting_id"], name: "index_features_on_setting_id"
  end

  create_table "invitations", force: :cascade do |t|
-    t.string   "email",        null: false
-    t.string   "provider",     null: false
-    t.string   "invite_token"
-    t.datetime "created_at",   null: false
-    t.datetime "updated_at",   null: false
+    t.string "email", null: false
+    t.string "provider", null: false
+    t.string "invite_token"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
    t.index ["invite_token"], name: "index_invitations_on_invite_token"
    t.index ["provider"], name: "index_invitations_on_provider"
  end

  create_table "roles", force: :cascade do |t|
-    t.string   "name"
-    t.string   "resource_type"
-    t.integer  "resource_id"
-    t.datetime "created_at",    null: false
-    t.datetime "updated_at",    null: false
-    t.index ["name", "resource_type", "resource_id"], name: "index_roles_on_name_and_resource_type_and_resource_id"
+    t.string "name"
+    t.integer "priority", default: 9999
+    t.boolean "can_create_rooms", default: false
+    t.boolean "send_promoted_email", default: false
+    t.boolean "send_demoted_email", default: false
+    t.boolean "can_edit_site_settings", default: false
+    t.boolean "can_edit_roles", default: false
+    t.boolean "can_manage_users", default: false
+    t.string "colour"
+    t.string "provider"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["name", "provider"], name: "index_roles_on_name_and_provider", unique: true
    t.index ["name"], name: "index_roles_on_name"
-    t.index ["resource_type", "resource_id"], name: "index_roles_on_resource_type_and_resource_id"
  end

  create_table "rooms", force: :cascade do |t|
-    t.integer  "user_id"
-    t.string   "name"
-    t.string   "uid"
-    t.string   "bbb_id"
-    t.integer  "sessions",              default: 0
+    t.integer "user_id"
+    t.string "name"
+    t.string "uid"
+    t.string "bbb_id"
+    t.integer "sessions", default: 0
    t.datetime "last_session"
-    t.datetime "created_at",                            null: false
-    t.datetime "updated_at",                            null: false
-    t.string   "room_settings",         default: "{ }"
-    t.string   "moderator_pw"
-    t.string   "attendee_pw"
-    t.string   "access_code"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.string "room_settings", default: "{ }"
+    t.string "moderator_pw"
+    t.string "attendee_pw"
+    t.string "access_code"
    t.index ["bbb_id"], name: "index_rooms_on_bbb_id"
    t.index ["last_session"], name: "index_rooms_on_last_session"
    t.index ["name"], name: "index_rooms_on_name"
@ -66,30 +72,30 @@ ActiveRecord::Schema.define(version: 20190711192033) do
  end

  create_table "settings", force: :cascade do |t|
-    t.string   "provider",   null: false
+    t.string "provider", null: false
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["provider"], name: "index_settings_on_provider"
  end

  create_table "users", force: :cascade do |t|
-    t.integer  "room_id"
-    t.string   "provider"
-    t.string   "uid"
-    t.string   "name"
-    t.string   "username"
-    t.string   "email"
-    t.string   "social_uid"
-    t.string   "image"
-    t.string   "password_digest"
-    t.boolean  "accepted_terms",    default: false
-    t.datetime "created_at",                              null: false
-    t.datetime "updated_at",                              null: false
-    t.boolean  "email_verified",    default: false
-    t.string   "language",          default: "default"
-    t.string   "reset_digest"
+    t.integer "room_id"
+    t.string "provider"
+    t.string "uid"
+    t.string "name"
+    t.string "username"
+    t.string "email"
+    t.string "social_uid"
+    t.string "image"
+    t.string "password_digest"
+    t.boolean "accepted_terms", default: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.boolean "email_verified", default: false
+    t.string "language", default: "default"
+    t.string "reset_digest"
    t.datetime "reset_sent_at"
-    t.string   "activation_digest"
+    t.string "activation_digest"
    t.datetime "activated_at"
    t.index ["created_at"], name: "index_users_on_created_at"
    t.index ["email"], name: "index_users_on_email"
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -8,4 +8,5 @@
 #   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
 #   Character.create(name: 'Luke', movie: movies.first)

+Role.create_default_roles("greenlight")
 Rake::Task['admin:create'].invoke