GRN2-253: Added the ability to share rooms across multiple users (#912)

* Added ability to share rooms with other users

* Fixed testcases

app/controllers/admins_controller.rb

@@ -22,6 +22,7 @@ class AdminsController < ApplicationController
   include Emailer
   include Recorder
   include Rolify
+  include Populator
 
   manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve, :reset]
   manage_deleted_users = [:undelete]
@@ -49,11 +50,7 @@ class AdminsController < ApplicationController
 
   # GET /admins/server_recordings
   def server_recordings
-    server_rooms = if Rails.configuration.loadbalanced_configuration
-      Room.includes(:owner).where(users: { provider: @user_domain }).pluck(:bbb_id)
-    else
-      Room.pluck(:bbb_id)
-    end
+    server_rooms = rooms_list_for_recordings
 
     @search, @order_column, @order_direction, recs =
       all_recordings(server_rooms, params.permit(:search, :column, :direction), true, true)
@@ -67,13 +64,9 @@ class AdminsController < ApplicationController
     @order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
     @order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
 
-    server_rooms = if Rails.configuration.loadbalanced_configuration
-      Room.includes(:owner).where(users: { provider: @user_domain })
-          .admins_search(@search)
-          .admins_order(@order_column, @order_direction)
-    else
-      Room.all.admins_search(@search).admins_order(@order_column, @order_direction)
-    end
+    server_rooms = server_rooms_list
+
+    @user_list = shared_user_list if shared_access_allowed
 
     @pagy, @rooms = pagy_array(server_rooms)
   end

app/controllers/application_controller.rb

@@ -172,6 +172,12 @@ class ApplicationController < ActionController::Base
   end
   helper_method :configured_providers
 
+  # Indicates whether users are allowed to share rooms
+  def shared_access_allowed
+    @settings.get_value("Shared Access") == "true"
+  end
+  helper_method :shared_access_allowed
+
   # Parses the url for the user domain
   def parse_user_domain(hostname)
     return hostname.split('.').first if Rails.configuration.url_host.empty?

app/controllers/concerns/populator.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+module Populator
+  extend ActiveSupport::Concern
+
+  # Returns a list of rooms that are in the same context of the current user
+  def server_rooms_list
+    if Rails.configuration.loadbalanced_configuration
+      Room.includes(:owner).where(users: { provider: @user_domain })
+          .admins_search(@search)
+          .admins_order(@order_column, @order_direction)
+    else
+      Room.all.admins_search(@search).admins_order(@order_column, @order_direction)
+    end
+  end
+
+  # Returns list of rooms needed to get the recordings on the server
+  def rooms_list_for_recordings
+    if Rails.configuration.loadbalanced_configuration
+      Room.includes(:owner).where(users: { provider: @user_domain }).pluck(:bbb_id)
+    else
+      Room.pluck(:bbb_id)
+    end
+  end
+
+  # Returns a list of users that are in the same context of the current user
+  def shared_user_list
+    roles_can_appear = []
+    Role.where(provider: @user_domain).each do |role|
+      roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.name != "super_admin"
+    end
+
+    initial_list = User.where.not(uid: current_user.uid).with_highest_priority_role(roles_can_appear)
+
+    return initial_list unless Rails.configuration.loadbalanced_configuration
+    initial_list.where(provider: @user_domain)
+  end
+end

app/controllers/concerns/rolify.rb

@@ -142,7 +142,7 @@ module Rolify
     role_params = params.require(:role).permit(:name)
     permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
       :send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users,
-      :can_manage_rooms_recordings, :colour)
+      :can_manage_rooms_recordings, :can_appear_in_share_list, :colour)
 
     permission_params.transform_values! do |v|
       if v == "0"

app/controllers/rooms_controller.rb

@@ -20,12 +20,15 @@ class RoomsController < ApplicationController
   include Pagy::Backend
   include Recorder
   include Joiner
+  include Populator
 
   before_action :validate_accepted_terms, unless: -> { !Rails.configuration.terms }
   before_action :validate_verified_email, except: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
   before_action :find_room, except: [:create, :join_specific_room]
-  before_action :verify_room_ownership_or_admin, only: [:start, :update_settings, :destroy]
+  before_action :verify_room_ownership_or_admin_or_shared, only: [:start, :shared_access]
+  before_action :verify_room_ownership_or_admin, only: [:update_settings, :destroy]
+  before_action :verify_room_ownership_or_shared, only: [:remove_shared_access]
   before_action :verify_room_owner_verified, only: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
   before_action :verify_room_owner_valid, only: [:show, :join]
@@ -61,14 +64,17 @@ class RoomsController < ApplicationController
   def show
     @anyone_can_start = JSON.parse(@room[:room_settings])["anyoneCanStart"]
     @room_running = room_running?(@room.bbb_id)
+    @shared_room = room_shared_with_user
 
     # If its the current user's room
-    if current_user && @room.owned_by?(current_user)
+    if current_user && (@room.owned_by?(current_user) || @shared_room)
       if current_user.highest_priority_role.get_permission("can_create_rooms")
         # User is allowed to have rooms
         @search, @order_column, @order_direction, recs =
           recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
 
+        @user_list = shared_user_list if shared_access_allowed
+
         @pagy, @recordings = pagy_array(recs)
       else
         # Render view for users that cant create rooms
@@ -189,6 +195,55 @@ class RoomsController < ApplicationController
     redirect_back fallback_location: room_path(@room)
   end
 
+  # POST /:room_uid/update_shared_access
+  def shared_access
+    begin
+      current_list = @room.shared_users.pluck(:id)
+      new_list = User.where(uid: params[:add]).pluck(:id)
+
+      # Get the list of users that used to be in the list but were removed
+      users_to_remove = current_list - new_list
+      # Get the list of users that are in the new list but not in the current list
+      users_to_add = new_list - current_list
+
+      # Remove users that are removed
+      SharedAccess.where(room_id: @room.id, user_id: users_to_remove).delete_all unless users_to_remove.empty?
+
+      # Add users that are added
+      users_to_add.each do |id|
+        SharedAccess.create(room_id: @room.id, user_id: id)
+      end
+
+      flash[:success] = I18n.t("room.shared_access_success")
+    rescue => e
+      logger.error "Support: Error in updating room shared access: #{e}"
+      flash[:alert] = I18n.t("room.shared_access_error")
+    end
+
+    redirect_back fallback_location: room_path
+  end
+
+  # POST /:room_uid/remove_shared_access
+  def remove_shared_access
+    begin
+      SharedAccess.find_by!(room_id: @room.id, user_id: params[:user_id]).destroy
+      flash[:success] = I18n.t("room.remove_shared_access_success")
+    rescue => e
+      logger.error "Support: Error in removing room shared access: #{e}"
+      flash[:alert] = I18n.t("room.remove_shared_access_error")
+    end
+
+    redirect_to current_user.main_room
+  end
+
+  # GET /:room_uid/shared_users
+  def shared_users
+    # Respond with JSON object of users that have access to the room
+    respond_to do |format|
+      format.json { render body: @room.shared_users.to_json }
+    end
+  end
+
   # GET /:room_uid/logout
   def logout
     logger.info "Support: #{current_user.present? ? current_user.email : 'Guest'} has left room #{@room.uid}"
@@ -229,11 +284,23 @@ class RoomsController < ApplicationController
     @room = Room.find_by!(uid: params[:room_uid])
   end
 
+  # Ensure the user either owns the room or is an admin of the room owner or the room is shared with him
+  def verify_room_ownership_or_admin_or_shared
+    return redirect_to root_path unless @room.owned_by?(current_user) ||
+                                        room_shared_with_user ||
+                                        current_user&.admin_of?(@room.owner)
+  end
+
   # Ensure the user either owns the room or is an admin of the room owner
   def verify_room_ownership_or_admin
     return redirect_to root_path if !@room.owned_by?(current_user) && !current_user&.admin_of?(@room.owner)
   end
 
+  # Ensure the user owns the room or is allowed to start it
+  def verify_room_ownership_or_shared
+   return redirect_to root_path unless @room.owned_by?(current_user) || room_shared_with_user
+  end
+
   def validate_accepted_terms
     redirect_to terms_path if current_user && !current_user&.accepted_terms
   end
@@ -259,6 +326,11 @@ class RoomsController < ApplicationController
     @settings.get_value("Room Authentication") == "true" && current_user.nil?
   end
 
+  # Checks if the room is shared with the user and room sharing is enabled
+  def room_shared_with_user
+    shared_access_allowed ? @room.shared_with?(current_user) : false
+  end
+
   def room_limit_exceeded
     limit = @settings.get_value("Room Limit").to_i