Merge v2.6-alpha (#1672)

* GRN2-xx: Switch the relation between users and roles to make queries cleaner and faster (#1299) * First steps * Fixes in account creation flow * Fixed most testcases * more test fixes * Fixed more test cases * Passing tests and rubocop * Added rake task to remove rooms * Adding translation (#1510) * Update _account.html.erb * Update en.yml * Fix "for" attribute for label elements (#1488) Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com> * Fix some issues reported by LGTM (#1478) * Declare local JavaScript variables (reported by LGTM) Signed-off-by: Stefan Weil <sw@weilnetz.de> * Remove unused local JavaScript variable (reported by LGTM) Signed-off-by: Stefan Weil <sw@weilnetz.de> * Puma Worker Configuration (#1332) We noticed that the current default settings perform very poorly under load. We managed to literally take down Greenlight during a larger event when people where accessing the landing page for rooms and when doing some tests, I was more or less able to DoS Greenlight on my own. This patch adds a default worker configuration which significantly improves the situation. The small, 4 core machine I was testing on could handle about thrice the amount of requests. While the new default configuration should be reasonably well suited for most deployments, this patch further allows users to easily configure the worker pool on their own in the environment file. * Made name and email readonly for no greenlight accounts (#1534) * Fixed hardcoded string (#1532) * fixed spelling error that was bugging me :) - sep a rat e (#1535) Co-authored-by: Dave Lane <dave@oerfoundation.org> * Improve Server Rooms View (#1524) * Order rooms by status * Cleaned up order function * Now displays Started/Created/Ended * Added participant count to rooms list * Fix rake task user:create so that users can be created when terms are present (#1565) * Changed user create task to always accept terms * clean up * More secure room ID (#1451) * Legal and privpolicy link (#1421) * add customizable Links to Imprint and Privacy Policy * fix copy&paste error in spec * replace "imprint" with "legal" since that is the correct term * remove german translation of new strings, transifex will take care of them later * GRN2-295:Refactored update profile and update password (#1591) * Refactored update profile and update password * Relowered rubocop settings * Fixed email sending when not supposed to (#1592) * Design changes for small screens (#1580) * now rap for pagination * Update _subtitle.html.erb * Update _rooms.html.erb * Update _recordings.html.erb * Update _rooms.html.erb * Update _users.html.erb * Update cant_create_rooms.html.erb * Update room.js * Update edit.html.erb * Update new.html.erb * Update cant_create_rooms.html.erb * Update _sessions.html.erb * Update _account.html.erb * Make Greenlight work with Ruby 2.7 (#1560) Greenlight's failure to start up with Ruby 2.7 seems to be caused by [an issue in bootsnap](https://github.com/Shopify/bootsnap/issues/258). Updating that library makes Greenlight work again. However, there are still a lot of deprecation warnings. But that's something to deal with separately. This fixes #1558 * use email input for sign in (#1199) * use email input for sign in * use email input for registration * use email input for invitation * use email input for account settings Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com> * Fix Gemfile (#1593) * Fixed invalid token for password reset (#1632) * HELP_URL env variable now works as expected (#1636) * #1372 Fix for long Text in Table + Remove invalid HTML Tag (#1403) * removed invalid HTML Tag * removed invalid HTML Tag * Update _public_recording_row.html.erb * Update _recording_row.html.erb * Update _server_recording_row.html.erb form-inline replaced by own css * Update _server_room_row.html.erb * Update _public_recording_row.html.erb * Update _recording_row.html.erb * Update _public_recording_row.html.erb * Update _recordings.html.erb * Update _rooms.html.erb * Update main.scss fix for long text * Update main.scss * Update _public_recording_row.html.erb * Added more validation on profile image (#1644) * Users who can't create rooms but have shared rooms now have a different view (#1649) * Revert "Puma Worker Configuration (#1332)" (#1667) This reverts commit 78ed8d7460. * Removed html safe from all flash messages (#1668) * Remove hardcoded guest=true if require mod approval is set (#1669) * Change random generation for room uid (#1670) * GRN2-290: Update gems and update to Rails 5.2.4.3 (#1671) * Update gems and update to Rails 5.2.4.3 * remove gemfile error Co-authored-by: MrKeksi <mrkeksi@users.noreply.github.com> Co-authored-by: Florian Weber <fnwbr@users.noreply.github.com> Co-authored-by: Stefan Weil <sw@weilnetz.de> Co-authored-by: Lars Kiesow <lkiesow@uos.de> Co-authored-by: Dave Lane <dave@lane.net.nz> Co-authored-by: Dave Lane <dave@oerfoundation.org> Co-authored-by: Henning <hng@users.noreply.github.com> Co-authored-by: Marcel Waldvogel <marcel@waldvogel.family> Co-authored-by: Christian Marg <marg@rz.tu-clausthal.de> Co-authored-by: Klaus <klaus@jsxc.org>
2020-05-26 17:37:23 -04:00
parent 7411eba8e0
commit 51824ad84b
76 changed files with 903 additions and 735 deletions
--- a/app/controllers/concerns/authenticator.rb
+++ b/app/controllers/concerns/authenticator.rb
@ -46,8 +46,10 @@ module Authenticator
                          internal_error_url, not_found_url]
      url = if cookies[:return_to] && !dont_redirect_to.include?(cookies[:return_to])
        cookies[:return_to]
-      else
+      elsif user.role.get_permission("can_create_rooms")
        user.main_room
+      else
+        cant_create_rooms_path
      end

      # Delete the cookie if it exists
--- a/app/controllers/concerns/bbb_server.rb
+++ b/app/controllers/concerns/bbb_server.rb
@ -54,7 +54,6 @@ module BbbServer
    join_opts = {}
    join_opts[:userID] = uid if uid
    join_opts[:join_via_html5] = true
-    join_opts[:guest] = true if options[:require_moderator_approval] && !options[:user_is_moderator]

    bbb_server.join_meeting_url(room.bbb_id, name, password, join_opts)
  end
--- a/app/controllers/concerns/emailer.rb
+++ b/app/controllers/concerns/emailer.rb
@ -99,7 +99,6 @@ module Emailer
  def send_approval_user_signup_email(user)
    begin
      return unless Rails.configuration.enable_email_verification
-
      admin_emails = admin_emails()
      UserMailer.approval_user_signup(user, admins_url(tab: "pending"),
      admin_emails, @settings).deliver_now unless admin_emails.empty?
@ -129,12 +128,12 @@ module Emailer
  end

  def admin_emails
-    admins = User.all_users_with_roles.where(roles: { role_permissions: { name: "can_manage_users", value: "true" } })
+    roles = Role.where(provider: @user_domain, role_permissions: { name: "can_manage_users", value: "true" })
+                .pluck(:name)

-    if Rails.configuration.loadbalanced_configuration
-      admins = admins.without_role(:super_admin)
-                     .where(provider: @user_domain)
-    end
+    admins = User.with_role(roles - ["super_admin"])
+
+    admins = admins.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration

    admins.collect(&:email).join(",")
  end
--- a/app/controllers/concerns/populator.rb
+++ b/app/controllers/concerns/populator.rb
@ -25,29 +25,22 @@ module Populator

    initial_user = case @tab
      when "active"
-        User.includes(:roles).without_role(:pending).without_role(:denied)
+        User.without_role([:pending, :denied])
      when "deleted"
-        User.includes(:roles).deleted
+        User.deleted
      else
-        User.includes(:roles)
+        User.all
    end

    current_role = Role.find_by(name: @tab, provider: @user_domain) if @tab == "pending" || @tab == "denied"

-    initial_list = if current_user.has_role? :super_admin
-      initial_user.where.not(id: current_user.id)
-    else
-      initial_user.without_role(:super_admin).where.not(id: current_user.id)
-    end
+    initial_list = initial_user.without_role(:super_admin) unless current_user.has_role? :super_admin

-    if Rails.configuration.loadbalanced_configuration
-      initial_list.where(provider: @user_domain)
-                  .admins_search(@search, current_role)
-                  .admins_order(@order_column, @order_direction)
-    else
-      initial_list.admins_search(@search, current_role)
-                  .admins_order(@order_column, @order_direction)
-    end
+    initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
+
+    initial_list.where.not(id: current_user.id)
+                .admins_search(@search, current_role)
+                .admins_order(@order_column, @order_direction)
  end

  # Returns a list of rooms that are in the same context of the current user
@ -55,9 +48,9 @@ module Populator
    if Rails.configuration.loadbalanced_configuration
      Room.includes(:owner).where(users: { provider: @user_domain })
          .admins_search(@search)
-          .admins_order(@order_column, @order_direction)
+          .admins_order(@order_column, @order_direction, @running_room_bbb_ids)
    else
-      Room.includes(:owner).all.admins_search(@search).admins_order(@order_column, @order_direction)
+      Room.includes(:owner).admins_search(@search).admins_order(@order_column, @order_direction, @running_room_bbb_ids)
    end
  end

@ -77,10 +70,7 @@ module Populator
      roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.priority >= 0
    end

-    initial_list = User.where.not(uid: current_user.uid)
-                       .without_role(:pending)
-                       .without_role(:denied)
-                       .with_highest_priority_role(roles_can_appear)
+    initial_list = User.where.not(uid: current_user.uid).with_role(roles_can_appear)

    return initial_list unless Rails.configuration.loadbalanced_configuration
    initial_list.where(provider: @user_domain)
@ -88,7 +78,7 @@ module Populator

  # Returns a list of users that can merged into another user
  def merge_user_list
-    initial_list = User.where.not(uid: current_user.uid).without_role(:super_admin)
+    initial_list = User.without_role(:super_admin).where.not(uid: current_user.uid)

    return initial_list unless Rails.configuration.loadbalanced_configuration
    initial_list.where(provider: @user_domain)
--- a/app/controllers/concerns/rolify.rb
+++ b/app/controllers/concerns/rolify.rb
@ -46,60 +46,23 @@ module Rolify
  end

  # Updates a user's roles
-  def update_roles(roles)
-    # Check that the user can manage users
-    return true unless current_user.highest_priority_role.get_permission("can_manage_users")
+  def update_roles(role_id)
+    return true if role_id.blank?
+    # Check to make sure user can edit roles
+    return false unless current_user.role.get_permission("can_manage_users")

-    new_roles = roles.split(' ').map(&:to_i)
-    old_roles = @user.roles.pluck(:id).uniq
+    return true if @user.role_id == role_id.to_i

-    added_role_ids = new_roles - old_roles
-    removed_role_ids = old_roles - new_roles
+    new_role = Role.find_by(id: role_id, provider: @user_domain)
+    # Return false if new role doesn't exist
+    return false if new_role.nil?

-    added_roles = []
-    removed_roles = []
-    current_user_role = current_user.highest_priority_role
-
-    # Check that the user has the permissions to add all the new roles
-    added_role_ids.each do |id|
-      role = Role.find(id)
-
-      # Admins are able to add the admin role to other users. All other roles may only
-      # add roles with a higher priority
-      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
-         role.provider == @user_domain
-        added_roles << role
-      else
-        return false
-      end
-    end
-
-    # Check that the user has the permissions to remove all the deleted roles
-    removed_role_ids.each do |id|
-      role = Role.find(id)
-
-      # Admins are able to remove the admin role from other users. All other roles may only
-      # remove roles with a higher priority
-      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
-         role.provider == @user_domain
-        removed_roles << role
-      else
-        return false
-      end
-    end
+    return false if new_role.priority < current_user.role.priority

    # Send promoted/demoted emails
-    added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
-    removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
+    send_user_promoted_email(@user, new_role) if new_role.get_permission("send_promoted_email")

-    # Update the roles
-    @user.roles.delete(removed_roles)
-    @user.roles << added_roles
-
-    # Make sure each user always has at least the user role
-    @user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
-
-    @user.save!
+    @user.update_attribute(:role_id, role_id)
  end

  # Updates a roles priority
@ -107,7 +70,7 @@ module Rolify
    user_role = Role.find_by(name: "user", provider: @user_domain)
    admin_role = Role.find_by(name: "admin", provider: @user_domain)

-    current_user_role = current_user.highest_priority_role
+    current_user_role = current_user.role

    # Users aren't allowed to update the priority of the admin or user roles
    return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)
@ -149,7 +112,7 @@ module Rolify

  # Update Permissions
  def update_permissions(role)
-    current_user_role = current_user.highest_priority_role
+    current_user_role = current_user.role

    # Checks that it is valid for the provider to update the role
    return false if role.priority <= current_user_role.priority || role.provider != @user_domain