Change permissions from columns to table entries (#762)

app/models/ability.rb

@@ -26,20 +26,21 @@ class Ability
       can :manage, :all
     else
       highest_role = user.highest_priority_role
-      if highest_role.can_edit_site_settings
+      if highest_role.get_permission("can_edit_site_settings")
         can [:index, :site_settings, :server_recordings, :update_settings, :coloring, :registration_method], :admin
       end
 
-      if highest_role.can_edit_roles
+      if highest_role.get_permission("can_edit_roles")
         can [:index, :roles, :new_role, :change_role_order, :update_role, :delete_role], :admin
       end
 
-      if highest_role.can_manage_users
+      if highest_role.get_permission("can_manage_users")
         can [:index, :roles, :edit_user, :promote, :demote, :ban_user, :unban_user,
              :approve, :invite, :reset], :admin
       end
 
-      if !highest_role.can_edit_site_settings && !highest_role.can_edit_roles && !highest_role.can_manage_users
+      if !highest_role.get_permission("can_edit_site_settings") && !highest_role.get_permission("can_edit_roles") &&
+         !highest_role.get_permission("can_manage_users")
         cannot :manage, AdminsController
       end
     end

app/models/role.rb

@@ -18,6 +18,7 @@
 
 class Role < ApplicationRecord
   has_and_belongs_to_many :users, join_table: :users_roles
+  has_many :role_permissions
 
   default_scope { order(:priority) }
   scope :by_priority, -> { order(:priority) }
@@ -30,15 +31,18 @@ class Role < ApplicationRecord
   end
 
   def self.create_default_roles(provider)
-    Role.create(name: "user", provider: provider, priority: 1, can_create_rooms: true, colour: "#868e96")
-    Role.create(name: "admin", provider: provider, priority: 0, can_create_rooms: true, send_promoted_email: true,
+    Role.create(name: "user", provider: provider, priority: 1, colour: "#868e96")
+        .update_all_role_permissions(can_create_rooms: true)
+    Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f")
+        .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true,
       send_demoted_email: true, can_edit_site_settings: true,
-      can_edit_roles: true, can_manage_users: true, colour: "#f1c40f")
-    Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8")
-    Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40")
-    Role.create(name: "super_admin", provider: provider, priority: -2, can_create_rooms: true,
+      can_edit_roles: true, can_manage_users: true)
+    Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions
+    Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40").update_all_role_permissions
+    Role.create(name: "super_admin", provider: provider, priority: -2, colour: "#cd201f")
+        .update_all_role_permissions(can_create_rooms: true,
       send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true,
-      can_edit_roles: true, can_manage_users: true, colour: "#cd201f")
+      can_edit_roles: true, can_manage_users: true)
   end
 
   def self.create_new_role(role_name, provider)
@@ -56,4 +60,37 @@ class Role < ApplicationRecord
 
     role
   end
+
+  def update_all_role_permissions(permissions = {})
+    update_permission("can_create_rooms", permissions[:can_create_rooms].to_s)
+    update_permission("send_promoted_email", permissions[:send_promoted_email].to_s)
+    update_permission("send_demoted_email", permissions[:send_demoted_email].to_s)
+    update_permission("can_edit_site_settings", permissions[:can_edit_site_settings].to_s)
+    update_permission("can_edit_roles", permissions[:can_edit_roles].to_s)
+    update_permission("can_manage_users", permissions[:can_manage_users].to_s)
+  end
+
+  # Updates the value of the permission and enables it
+  def update_permission(name, value)
+    permission = role_permissions.find_or_create_by!(name: name)
+
+    permission.update_attributes(value: value, enabled: true)
+  end
+
+  # Returns the value if enabled or the default if not enabled
+  def get_permission(name, return_boolean = true)
+    permission = role_permissions.find_or_create_by!(name: name)
+
+    value = if permission[:enabled]
+        permission[:value]
+    else
+      "false"
+    end
+
+    if return_boolean
+      value == "true"
+    else
+      value
+    end
+  end
 end

app/models/role_permission.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class RolePermission < ApplicationRecord
+  belongs_to :role
+end

app/models/user.rb

@@ -29,7 +29,7 @@ class User < ApplicationRecord
   has_many :rooms
   belongs_to :main_room, class_name: 'Room', foreign_key: :room_id, required: false
 
-  has_and_belongs_to_many :roles, join_table: :users_roles
+  has_and_belongs_to_many :roles, -> { includes :role_permissions }, join_table: :users_roles
 
   validates :name, length: { maximum: 256 }, presence: true
   validates :provider, presence: true
@@ -163,11 +163,11 @@ class User < ApplicationRecord
       if has_role? :super_admin
         id != user.id
       else
-        highest_priority_role.can_manage_users && (id != user.id) && (provider == user.provider) &&
+        highest_priority_role.get_permission("can_manage_users") && (id != user.id) && (provider == user.provider) &&
           (!user.has_role? :super_admin)
       end
     else
-      (highest_priority_role.can_manage_users || (has_role? :super_admin)) && (id != user.id)
+      (highest_priority_role.get_permission("can_manage_users") || (has_role? :super_admin)) && (id != user.id)
     end
   end
 
@@ -230,7 +230,7 @@ class User < ApplicationRecord
 
   def self.all_users_with_roles
     User.joins("INNER JOIN users_roles ON users_roles.user_id = users.id INNER JOIN roles " \
-      "ON roles.id = users_roles.role_id")
+      "ON roles.id = users_roles.role_id INNER JOIN role_permissions ON roles.id = role_permissions.role_id").distinct
   end
 
   private