forked from External/greenlight
GRN2-176: Create a role editor that allows admins to specify what permissions each role has (#709)
* Add roles editor * Add colour selection ability to roles * Add ability to assign roles to users in the UI * Remove rolify and replace it with our own custom roles implemenation * - Fix all existing roles functionality - Fix super admins * Fix bugs with new customers not have default roles * Add can't create room setting * Code improvements * Fix migration * Add tests for new methods * Translate reserved role names * Pull roles from saml/ldap * Fix rspec * Fix scrutinizer issues * Fix email promoted/demoted tests * Apply comments * Redirect directly to the main room * Add comments
This commit is contained in:
shawn-higgins1
committed by
Jesus Federico
Jesus Federico
parent
02b342b157
commit
4fc1714db8
@ -22,6 +22,7 @@ describe AdminsController, type: :controller do
|
||||
before do
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||
controller.instance_variable_set(:@user_domain, "provider1")
|
||||
|
||||
@user = create(:user, provider: "provider1")
|
||||
@admin = create(:user, provider: "provider1")
|
||||
@admin.add_role :admin
|
||||
@ -58,53 +59,6 @@ describe AdminsController, type: :controller do
|
||||
end
|
||||
end
|
||||
|
||||
context "POST #promote" do
|
||||
it "promotes a user to admin" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
expect(@user.has_role?(:admin)).to eq(false)
|
||||
|
||||
post :promote, params: { user_uid: @user.uid }
|
||||
|
||||
expect(@user.has_role?(:admin)).to eq(true)
|
||||
expect(flash[:success]).to be_present
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
|
||||
it "sends an email to the user being promoted" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
params = { user_uid: @user.uid }
|
||||
|
||||
expect { post :promote, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context "POST #demote" do
|
||||
it "demotes an admin to user" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@user.add_role :admin
|
||||
expect(@user.has_role?(:admin)).to eq(true)
|
||||
|
||||
post :demote, params: { user_uid: @user.uid }
|
||||
|
||||
expect(@user.has_role?(:admin)).to eq(false)
|
||||
expect(flash[:success]).to be_present
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
|
||||
it "sends an email to the user being demoted" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
@user.add_role :admin
|
||||
|
||||
params = { user_uid: @user.uid }
|
||||
|
||||
expect { post :demote, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context "POST #ban" do
|
||||
it "bans a user from the application" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
@ -331,4 +285,239 @@ describe AdminsController, type: :controller do
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "Roles" do
|
||||
context "GET #roles" do
|
||||
it "should render the roles editor with the user role selected" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
get :roles
|
||||
|
||||
expect(response).to render_template :roles
|
||||
expect(assigns(:roles).count).to eq(2)
|
||||
expect(assigns(:selected_role).name).to eq("user")
|
||||
end
|
||||
|
||||
it "should render the roles editor with the request role selected" do
|
||||
Role.create_default_roles("provider1")
|
||||
|
||||
new_role = Role.create(name: "test", provider: "provider1")
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
get :roles, params: { selected_role: new_role.id }
|
||||
|
||||
expect(response).to render_template :roles
|
||||
expect(assigns(:roles).count).to eq(3)
|
||||
expect(assigns(:selected_role).name).to eq(new_role.name)
|
||||
end
|
||||
end
|
||||
|
||||
context "POST #new_role" do
|
||||
before do
|
||||
Role.create_default_roles("provider1")
|
||||
end
|
||||
|
||||
it "should fail with duplicate role name" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :new_role, params: { role: { name: "admin" } }
|
||||
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.duplicate_name"))
|
||||
end
|
||||
|
||||
it "should fail with empty role name" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :new_role, params: { role: { name: " " } }
|
||||
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.empty_name"))
|
||||
end
|
||||
|
||||
it "should create new role and increase user role priority" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
post :new_role, params: { role: { name: "test" } }
|
||||
|
||||
new_role = Role.find_by(name: "test", provider: "provider1")
|
||||
user_role = Role.find_by(name: "user", provider: "provider1")
|
||||
|
||||
expect(new_role.priority).to eq(1)
|
||||
expect(user_role.priority).to eq(2)
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
|
||||
end
|
||||
end
|
||||
|
||||
context "PATCH #change_role_order" do
|
||||
before do
|
||||
Role.create_default_roles("provider1")
|
||||
end
|
||||
|
||||
it "should fail if user attempts to change the order of the admin or user roles" do
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
user_role = Role.find_by(name: "user", provider: "provider1")
|
||||
admin_role = Role.find_by(name: "admin", provider: "provider1")
|
||||
|
||||
patch :change_role_order, params: { role: [user_role.id, admin_role.id] }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_order"))
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
end
|
||||
|
||||
it "should fail if a user attempts to edit a role with a higher priority than their own" do
|
||||
Role.create(name: "test1", priority: 1, provider: "greenlight")
|
||||
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
|
||||
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
|
||||
user_role = Role.find_by(name: "user", provider: "greenlight")
|
||||
|
||||
user_role.priority = 4
|
||||
user_role.save!
|
||||
|
||||
@user.roles << new_role2
|
||||
@user.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
patch :change_role_order, params: { role: [new_role3.id, new_role2.id] }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
end
|
||||
|
||||
it "should fail if a user attempts to edit a role with a higher priority than their own" do
|
||||
Role.create(name: "test1", priority: 1, provider: "greenlight")
|
||||
new_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight", can_edit_roles: true)
|
||||
new_role3 = Role.create(name: "test3", priority: 3, provider: "greenlight")
|
||||
user_role = Role.find_by(name: "user", provider: "greenlight")
|
||||
|
||||
user_role.priority = 4
|
||||
user_role.save!
|
||||
|
||||
@user.roles << new_role2
|
||||
@user.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
patch :change_role_order, params: { role: [new_role3.id, new_role2.id] }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
end
|
||||
|
||||
it "should update the role order" do
|
||||
new_role1 = Role.create(name: "test1", priority: 1, provider: "provider1")
|
||||
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1")
|
||||
new_role3 = Role.create(name: "test3", priority: 3, provider: "provider1")
|
||||
user_role = Role.find_by(name: "user", provider: "provider1")
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
patch :change_role_order, params: { role: [new_role3.id, new_role2.id, new_role1.id] }
|
||||
|
||||
new_role1.reload
|
||||
new_role2.reload
|
||||
new_role3.reload
|
||||
user_role.reload
|
||||
|
||||
expect(new_role3.priority).to eq(1)
|
||||
expect(new_role2.priority).to eq(2)
|
||||
expect(new_role1.priority).to eq(3)
|
||||
expect(user_role.priority).to eq(4)
|
||||
end
|
||||
end
|
||||
|
||||
context 'POST #update_role' do
|
||||
before do
|
||||
Role.create_default_roles("provider1")
|
||||
end
|
||||
|
||||
it "should fail to update a role with a lower priority than the user" do
|
||||
new_role1 = Role.create(name: "test1", priority: 1, provider: "provider1")
|
||||
new_role2 = Role.create(name: "test2", priority: 2, provider: "provider1", can_edit_roles: true)
|
||||
user_role = Role.find_by(name: "user", provider: "greenlight")
|
||||
|
||||
user_role.priority = 3
|
||||
user_role.save!
|
||||
|
||||
@user.roles << new_role2
|
||||
@user.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
patch :update_role, params: { role_id: new_role1.id }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_update"))
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: new_role1.id)
|
||||
end
|
||||
|
||||
it "should fail to update if there is a duplicate name" do
|
||||
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
patch :update_role, params: { role_id: new_role.id, role: { name: "admin" } }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.duplicate_name"))
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
|
||||
end
|
||||
|
||||
it "should update role permisions" do
|
||||
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
patch :update_role, params: { role_id: new_role.id, role: { name: "test", can_edit_roles: false,
|
||||
colour: "#45434", can_manage_users: true } }
|
||||
|
||||
new_role.reload
|
||||
expect(new_role.name).to eq("test")
|
||||
expect(new_role.can_edit_roles).to eq(false)
|
||||
expect(new_role.colour).to eq("#45434")
|
||||
expect(new_role.can_manage_users).to eq(true)
|
||||
expect(new_role.send_promoted_email).to eq(false)
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: new_role.id)
|
||||
end
|
||||
end
|
||||
|
||||
context "DELETE delete_role" do
|
||||
before do
|
||||
Role.create_default_roles("provider1")
|
||||
end
|
||||
|
||||
it "should fail to delete the role if it has users assigned to it" do
|
||||
admin_role = Role.find_by(name: "admin", provider: "greenlight")
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
delete :delete_role, params: { role_id: admin_role.id }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.role_has_users", user_count: 1))
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: admin_role.id)
|
||||
end
|
||||
|
||||
it "should fail to delete the role if it is a default role" do
|
||||
pending_role = Role.find_by(name: "pending", provider: "provider1")
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
delete :delete_role, params: { role_id: pending_role.id }
|
||||
|
||||
expect(response).to redirect_to admin_roles_path(selected_role: pending_role.id)
|
||||
end
|
||||
|
||||
it "should successfully delete the role" do
|
||||
new_role = Role.create(name: "test2", priority: 1, provider: "provider1", can_edit_roles: true)
|
||||
|
||||
@request.session[:user_id] = @admin.id
|
||||
|
||||
delete :delete_role, params: { role_id: new_role.id }
|
||||
|
||||
expect(Role.where(name: "test2", provider: "provider1").count).to eq(0)
|
||||
expect(response).to redirect_to admin_roles_path
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@ -61,6 +61,19 @@ describe RoomsController, type: :controller do
|
||||
expect(response).to render_template(:join)
|
||||
end
|
||||
|
||||
it "should render cant_create_rooms if user doesn't have permission to create rooms" do
|
||||
user_role = @user.highest_priority_role
|
||||
|
||||
user_role.can_create_rooms = false
|
||||
user_role.save!
|
||||
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
get :show, params: { room_uid: @user.main_room }
|
||||
|
||||
expect(response).to render_template(:cant_create_rooms)
|
||||
end
|
||||
|
||||
it "should be able to search public recordings if user is not owner" do
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
@ -454,4 +467,32 @@ describe RoomsController, type: :controller do
|
||||
expect(flash[:alert]).to eq(I18n.t("room.access_code_required"))
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST join_specific_room" do
|
||||
before do
|
||||
@user = create(:user)
|
||||
@user1 = create(:user)
|
||||
end
|
||||
|
||||
it "should display flash if the user doesn't supply a valid uid" do
|
||||
@request.session[:user_id] = @user.id
|
||||
|
||||
post :join_specific_room, params: { join_room: { url: "abc" } }
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("room.no_room.invalid_room_uid"))
|
||||
expect(response).to redirect_to room_path(@user.main_room)
|
||||
end
|
||||
|
||||
it "should redirect the user to the room uid they supplied" do
|
||||
post :join_specific_room, params: { join_room: { url: @user1.main_room } }
|
||||
|
||||
expect(response).to redirect_to room_path(@user1.main_room)
|
||||
end
|
||||
|
||||
it "should redirect the user to the room join url they supplied" do
|
||||
post :join_specific_room, params: { join_room: { url: room_path(@user1.main_room) } }
|
||||
|
||||
expect(response).to redirect_to room_path(@user1.main_room)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@ -333,6 +333,95 @@ describe UsersController, type: :controller do
|
||||
patch :update, params: invalid_params.merge!(user_uid: @user)
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
context 'Roles updates' do
|
||||
it "should fail to update roles if users tries to add a role with a higher priority than their own" do
|
||||
user = create(:user)
|
||||
@request.session[:user_id] = user.id
|
||||
|
||||
user_role = user.highest_priority_role
|
||||
|
||||
user_role.can_edit_roles = true
|
||||
|
||||
user_role.save!
|
||||
|
||||
tmp_role = Role.create(name: "test", priority: -2, provider: "greenlight")
|
||||
|
||||
params = random_valid_user_params
|
||||
patch :update, params: params.merge!(user_uid: user, user: { role_ids: tmp_role.id.to_s })
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_assignment"))
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
it "should fail to update roles if a user tries to remove a role with a higher priority than their own" do
|
||||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
|
||||
@request.session[:user_id] = user.id
|
||||
|
||||
user_role = user.highest_priority_role
|
||||
|
||||
user_role.can_edit_roles = true
|
||||
|
||||
user_role.save!
|
||||
|
||||
params = random_valid_user_params
|
||||
patch :update, params: params.merge!(user_uid: admin, user: { role_ids: "" })
|
||||
|
||||
user.reload
|
||||
|
||||
expect(flash[:alert]).to eq(I18n.t("administrator.roles.invalid_removal"))
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
it "should successfuly add roles to the user" do
|
||||
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
||||
|
||||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight", send_promoted_email: true)
|
||||
tmp_role2 = Role.create(name: "test2", priority: 2, provider: "greenlight")
|
||||
|
||||
params = random_valid_user_params
|
||||
params = params.merge!(user_uid: user, user: { role_ids: "#{tmp_role1.id} #{tmp_role2.id}" })
|
||||
|
||||
expect { patch :update, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
expect(user.roles.count).to eq(2)
|
||||
expect(user.highest_priority_role.name).to eq("test1")
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
|
||||
it "all users must at least have the user role" do
|
||||
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
||||
|
||||
user = create(:user)
|
||||
admin = create(:user)
|
||||
|
||||
admin.add_role :admin
|
||||
|
||||
tmp_role1 = Role.create(name: "test1", priority: 1, provider: "greenlight", send_demoted_email: true)
|
||||
user.roles << tmp_role1
|
||||
user.save!
|
||||
|
||||
@request.session[:user_id] = admin.id
|
||||
|
||||
params = random_valid_user_params
|
||||
params = params.merge!(user_uid: user, user: { role_ids: "" })
|
||||
|
||||
expect { patch :update, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
||||
expect(user.roles.count).to eq(1)
|
||||
expect(user.highest_priority_role.name).to eq("user")
|
||||
expect(response).to redirect_to(admins_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "DELETE #user" do
|
||||
|
||||
Reference in New Issue
Block a user