Admin panel (#496)

* Added the administrator role and functionality that comes with it (#403) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * Update user.rb * Update admins.js * GRN-15: Added the ability to change color and image from admin interface (#425) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Update user.rb * Update user.rb * Update routes.rb * Update admins_controller.rb * GRN-87:Added a super admin role and made changes to how to the design works (#430) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * Update user.rb * Update themes_controller_spec.rb * Update routes.rb * Update admins_controller.rb * Removed duplicated code that broke the build after last merge * GRN-78: Restructured some of the views to make the UI more consistent and responsive (#435) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * GRN-78: Cleaned up buttons and moved signin to its own page * GRN-78: Moved the Rooms and Recordings link to nav bar * Merge fix * Views restructure fix (#458) * Added cache to gitlab-ci.yml * Restructured seed * GRN2-99 -> GRN2-106: UI cleanup and refactoring (#478) * GRN2-98: Change Fullname to Full name * GRN2-105: Changed View Users to Manage Users * GRN2-101/103: Updated email to match branding * GRN2-100: Updated Email Sent flash to be more descriptive * GRN2-104: Redirect user to sign in page w/ flash after clicking activation link * GRN2-102: Changed the wording in the verification email * GRN2-99: Added email form validation * GRN2-106: Cleaned up Users list front end * Fixes to rake and admin password validator for passing rubocop * GRN2-113: Fixed issues with admin panel (#479) * GRN2-116: Code clean up after restructure of views (#482) * Removed unused references * Rubocop * Added pagination to admin view (#483) * GRN2-114: Added the ability for admins to ban/unban users (#487) * Added the ability for admins to ban and unban users * Update sessions_helper.rb * Merge branch 'master' into admin-panel (#492) * Updated rubocop gem * Updated rubocop and fixed issues (#490) * Rubocop fixes * GRN2-122: Updated sign in flow for admins and switch design tab to site settings (#489) * Switched design tab to site settings * Update _header with spaces instead of tabs * Added more test cases to increase coverage (#494)
2019-05-03 13:05:12 -04:00
parent b9efff586a
commit 9f74b0e2c0
85 changed files with 2286 additions and 203 deletions
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@ -33,11 +33,11 @@ class AccountActivationsController < ApplicationController
      @user.activate

      flash[:success] = I18n.t("verify.activated") + " " + I18n.t("verify.signin")
+      redirect_to signin_path
    else
      flash[:alert] = I18n.t("verify.invalid")
+      redirect_to root_path
    end
-
-    redirect_to root_url
  end

  # GET /account_activations/resend
@ -51,7 +51,7 @@ class AccountActivationsController < ApplicationController
        logger.error "Error in email delivery: #{e}"
        flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
      else
-        flash[:success] = I18n.t("email_sent")
+        flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
      end
    end

--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+class AdminsController < ApplicationController
+  include Pagy::Backend
+  authorize_resource class: false
+  before_action :find_user, only: [:edit_user, :promote, :demote, :ban_user, :unban_user]
+  before_action :verify_admin_of_user, only: [:edit_user, :promote, :demote, :ban_user, :unban_user]
+  before_action :find_setting, only: [:branding, :coloring]
+
+  # GET /admins
+  def index
+    @search = params[:search] || ""
+    @order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
+    @order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
+    puts @order_direction.to_s
+
+    if Rails.configuration.loadbalanced_configuration
+      @pagy, @users = pagy(User.without_role(:super_admin)
+                  .where(provider: user_settings_provider)
+                  .where.not(id: current_user.id)
+                  .admins_search(@search)
+                  .admins_order(@order_column, @order_direction))
+    else
+      @pagy, @users = pagy(User.where.not(id: current_user.id)
+                      .admins_search(@search)
+                      .admins_order(@order_column, @order_direction))
+    end
+  end
+
+  # GET /admins/edit/:user_uid
+  def edit_user
+    render "admins/index", locals: { setting_id: "account" }
+  end
+
+  # POST /admins/promote/:user_uid
+  def promote
+    @user.add_role :admin
+    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.promoted") }
+  end
+
+  # POST /admins/demote/:user_uid
+  def demote
+    @user.remove_role :admin
+    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.demoted") }
+  end
+
+  # POST /admins/branding
+  def branding
+    @settings.update_value("Branding Image", params[:url])
+    redirect_to admins_path
+  end
+
+  # POST /admins/color
+  def coloring
+    @settings.update_value("Primary Color", params[:color])
+    redirect_to admins_path(setting: "site_settings")
+  end
+
+  # POST /admins/ban/:user_uid
+  def ban_user
+    @user.add_role :denied
+    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.banned") }
+  end
+
+  # POST /admins/unban/:user_uid
+  def unban_user
+    @user.remove_role :denied
+    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.unbanned") }
+  end
+
+  private
+
+  def find_user
+    @user = User.find_by!(uid: params[:user_uid])
+  end
+
+  def find_setting
+    @settings = Setting.find_or_create_by!(provider: user_settings_provider)
+  end
+
+  def verify_admin_of_user
+    redirect_to admins_path,
+      flash: { alert: I18n.t("administrator.flash.unauthorized") } unless current_user.admin_of?(@user)
+  end
+end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -20,10 +20,13 @@ require 'bigbluebutton_api'

 class ApplicationController < ActionController::Base
  include SessionsHelper
+  include ThemingHelper

  before_action :migration_error?
  before_action :set_locale
+  before_action :check_admin_password
  before_action :set_user_domain
+  before_action :check_if_unbanned

  # Force SSL for loadbalancer configurations.
  before_action :redirect_to_https
@ -102,6 +105,21 @@ class ApplicationController < ActionController::Base
    }
  end

+  # Manually deal with 401 errors
+  rescue_from CanCan::AccessDenied do |_exception|
+    render "errors/not_found"
+  end
+
+  # Checks to make sure that the admin has changed his password from the default
+  def check_admin_password
+    if current_user&.has_role?(:admin) && current_user&.greenlight_account? &&
+       current_user&.authenticate(Rails.configuration.admin_password_default)
+
+      flash.now[:alert] = I18n.t("default_admin",
+        edit_link: edit_user_path(user_uid: current_user.uid) + "?setting=password").html_safe
+    end
+  end
+
  def redirect_to_https
    if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
      redirect_to protocol: "https://"
@ -116,4 +134,13 @@ class ApplicationController < ActionController::Base
    end
  end
  helper_method :set_user_domain
+
+  # Checks if the user is banned and logs him out if he is
+  def check_if_unbanned
+    if current_user&.has_role?(:denied)
+      session.delete(:user_id)
+      redirect_to unauthorized_path
+    end
+  end
+  helper_method :check_if_unbanned
 end
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@ -28,4 +28,8 @@ class ErrorsController < ApplicationController
  def internal_error
    render status: 500, formats: :html
  end
+
+  def unauthorized
+    render status: 401, formats: :html
+  end
 end
--- a/app/controllers/main_controller.rb
+++ b/app/controllers/main_controller.rb
@ -17,16 +17,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

 class MainController < ApplicationController
-  # before_action :redirect_to_room
-
  # GET /
  def index
  end
-
-  private
-
-  def redirect_to_room
-    # If the user is logged in already, move them along to their room.
-    redirect_to room_path(current_user.room) if current_user
-  end
 end
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@ -30,7 +30,7 @@ class PasswordResetsController < ApplicationController
    if @user
      @user.create_reset_digest
      @user.send_password_reset_email(reset_link)
-      flash[:success] = I18n.t("email_sent")
+      flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
      redirect_to root_path
    else
      flash[:alert] = I18n.t("no_user_email_exists")
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -27,12 +27,18 @@ class SessionsController < ApplicationController

  # POST /users/login
  def create
-    user = User.find_by(email: session_params[:email], provider: @user_domain)
-    redirect_to(root_path, alert: I18n.t("invalid_user")) && return unless user
-    redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account?
+    admin = User.find_by(email: session_params[:email])
+    if admin&.has_role? :super_admin
+      user = admin
+    else
+      user = User.find_by(email: session_params[:email], provider: @user_domain)
+      redirect_to(root_path, alert: I18n.t("invalid_user")) && return unless user
+      redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account?
+      redirect_to(account_activation_path(email: user.email)) && return unless user.activated?
+    end
    redirect_to(root_path, alert: I18n.t("invalid_credentials")) && return unless user.try(:authenticate,
      session_params[:password])
-    redirect_to(account_activation_path(email: user.email)) && return unless user.activated?
+
    login(user)
  end

--- a/app/controllers/themes_controller.rb
+++ b/app/controllers/themes_controller.rb
@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+class ThemesController < ApplicationController
+  before_action :provider_settings
+
+  # GET /primary
+  def index
+    color = @settings.get_value("Primary Color") || Rails.configuration.primary_color_default
+    file_name = Rails.root.join('app', 'assets', 'stylesheets', 'utilities', '_primary_themes.scss')
+    @file_contents = File.read(file_name)
+
+    # Include the variables and covert scss file to css
+    @compiled = Sass::Engine.new("$primary-color:#{color};" \
+                                 "$primary-color-lighten:lighten(#{color}, 40%);" \
+                                 "$primary-color-darken:darken(#{color}, 10%);" +
+                                 @file_contents, syntax: :scss).render
+
+    respond_to do |format|
+      format.css { render body: @compiled }
+    end
+  end
+
+  private
+
+  def provider_settings
+    @settings = Setting.find_or_create_by(provider: user_settings_provider)
+  end
+end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -44,11 +44,15 @@ class UsersController < ApplicationController
      logger.error "Error in email delivery: #{e}"
      flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
    else
-      flash[:success] = I18n.t("email_sent")
+      flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
    end
    redirect_to(root_path)
  end

+  # GET /signin
+  def signin
+  end
+
  # GET /signup
  def new
    if Rails.configuration.allow_user_signup
@ -61,7 +65,7 @@ class UsersController < ApplicationController
  # GET /u/:user_uid/edit
  def edit
    if current_user
-      redirect_to current_user.room unless @user == current_user
+      redirect_to current_user.main_room if @user != current_user && !current_user.admin_of?(@user)
    else
      redirect_to root_path
    end
@ -113,6 +117,16 @@ class UsersController < ApplicationController
    if current_user && current_user == @user
      @user.destroy
      session.delete(:user_id)
+    elsif current_user.admin_of?(@user)
+      begin
+        @user.destroy
+      rescue => e
+        logger.error "Error in user deletion: #{e}"
+        flash[:alert] = I18n.t(params[:message], default: I18n.t("administrator.flash.delete_fail"))
+      else
+        flash[:success] = I18n.t("administrator.flash.delete")
+      end
+      redirect_to(admins_path) && return
    end
    redirect_to root_path
  end