GRN2-xx: Email and admin fix (#515)

* Email and admin fix

* Redirected super_admins to the admins page

* Small fix

* Update rooms_controller.rb

app/controllers/account_activations_controller.rb

@@ -17,7 +17,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
 class AccountActivationsController < ApplicationController
-  include Verifier
+  include Emailer
 
   before_action :ensure_unauthenticated
   before_action :find_user
@@ -46,7 +46,7 @@ class AccountActivationsController < ApplicationController
       flash[:alert] = I18n.t("verify.already_verified")
     else
       begin
-        @user.send_activation_email(user_verification_link)
+        send_activation_email(@user)
       rescue => e
         logger.error "Error in email delivery: #{e}"
         flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))

app/controllers/concerns/emailer.rb

@@ -16,11 +16,27 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
-module Verifier
+module Emailer
   extend ActiveSupport::Concern
 
+  # Sends account activation email.
+  def send_activation_email(user)
+    @user = user
+    UserMailer.verify_email(@user, user_verification_link, logo_image, user_color).deliver
+  end
+
+  # Sends password reset email.
+  def send_password_reset_email(user)
+    @user = user
+    UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now
+  end
+
   # Returns the link the user needs to click to verify their account
   def user_verification_link
     request.base_url + edit_account_activation_path(token: @user.activation_token, email: @user.email)
   end
+
+  def reset_link
+    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
+  end
 end

app/controllers/password_resets_controller.rb

@@ -17,6 +17,8 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
 class PasswordResetsController < ApplicationController
+  include Emailer
+
   before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
   before_action :find_user,   only: [:edit, :update]
   before_action :valid_user, only: [:edit, :update]
@@ -29,7 +31,7 @@ class PasswordResetsController < ApplicationController
     @user = User.find_by(email: params[:password_reset][:email].downcase)
     if @user
       @user.create_reset_digest
-      @user.send_password_reset_email(reset_link)
+      send_password_reset_email(@user)
       flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
       redirect_to root_path
     else
@@ -78,10 +80,6 @@ class PasswordResetsController < ApplicationController
     redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?
   end
 
-  def reset_link
-    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
-  end
-
   # Confirms a valid user.
   def valid_user
     unless current_user.authenticated?(:reset, params[:id])

app/controllers/rooms_controller.rb

@@ -26,6 +26,7 @@ class RoomsController < ApplicationController
   before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
   before_action :verify_room_owner_verified, only: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
+  before_action :verify_user_not_admin, only: [:show]
 
   # POST /
   def create
@@ -244,11 +245,15 @@ class RoomsController < ApplicationController
     unless @room.owner.activated?
       flash[:alert] = t("room.unavailable")
 
-      if current_user
+      if current_user && !@room.owned_by?(current_user)
         redirect_to current_user.main_room
       else
         redirect_to root_path
       end
     end
   end
+
+  def verify_user_not_admin
+    redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
+  end
 end

app/controllers/users_controller.rb

@@ -18,7 +18,7 @@
 
 class UsersController < ApplicationController
   include RecordingsHelper
-  include Verifier
+  include Emailer
 
   before_action :find_user, only: [:edit, :update, :destroy]
   before_action :ensure_unauthenticated, only: [:new, :create]
@@ -46,7 +46,7 @@ class UsersController < ApplicationController
 
     # Start email verification and redirect to root.
     begin
-      @user.send_activation_email(user_verification_link)
+      send_activation_email(@user)
     rescue => e
       logger.error "Error in email delivery: #{e}"
       flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))