Admin panel (#496)

* Added the administrator role and functionality that comes with it (#403) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * Update user.rb * Update admins.js * GRN-15: Added the ability to change color and image from admin interface (#425) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Update user.rb * Update user.rb * Update routes.rb * Update admins_controller.rb * GRN-87:Added a super admin role and made changes to how to the design works (#430) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * Update user.rb * Update themes_controller_spec.rb * Update routes.rb * Update admins_controller.rb * Removed duplicated code that broke the build after last merge * GRN-78: Restructured some of the views to make the UI more consistent and responsive (#435) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * GRN-78: Cleaned up buttons and moved signin to its own page * GRN-78: Moved the Rooms and Recordings link to nav bar * Merge fix * Views restructure fix (#458) * Added cache to gitlab-ci.yml * Restructured seed * GRN2-99 -> GRN2-106: UI cleanup and refactoring (#478) * GRN2-98: Change Fullname to Full name * GRN2-105: Changed View Users to Manage Users * GRN2-101/103: Updated email to match branding * GRN2-100: Updated Email Sent flash to be more descriptive * GRN2-104: Redirect user to sign in page w/ flash after clicking activation link * GRN2-102: Changed the wording in the verification email * GRN2-99: Added email form validation * GRN2-106: Cleaned up Users list front end * Fixes to rake and admin password validator for passing rubocop * GRN2-113: Fixed issues with admin panel (#479) * GRN2-116: Code clean up after restructure of views (#482) * Removed unused references * Rubocop * Added pagination to admin view (#483) * GRN2-114: Added the ability for admins to ban/unban users (#487) * Added the ability for admins to ban and unban users * Update sessions_helper.rb * Merge branch 'master' into admin-panel (#492) * Updated rubocop gem * Updated rubocop and fixed issues (#490) * Rubocop fixes * GRN2-122: Updated sign in flow for admins and switch design tab to site settings (#489) * Switched design tab to site settings * Update _header with spaces instead of tabs * Added more test cases to increase coverage (#494)
2019-05-03 13:05:12 -04:00
parent b9efff586a
commit 9f74b0e2c0
85 changed files with 2286 additions and 203 deletions
--- a/spec/controllers/account_activations_controller_spec.rb
+++ b/spec/controllers/account_activations_controller_spec.rb
@ -50,7 +50,7 @@ describe AccountActivationsController, type: :controller do

      expect(@user.email_verified).to eq(true)
      expect(flash[:success]).to be_present
-      expect(response).to redirect_to(root_path)
+      expect(response).to redirect_to(signin_path)
    end

    it "does not activate a user if they have the correct activation token" do
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+require "rails_helper"
+
+describe AdminsController, type: :controller do
+  before do
+    @user = create(:user, provider: "provider1")
+    @admin = create(:user, provider: "provider1")
+    @admin.add_role :admin
+  end
+
+  describe "User Roles" do
+    context "GET #index" do
+      it "renders a 404 if a user tries to acccess it" do
+        @request.session[:user_id] = @user.id
+        get :index
+
+        expect(response).to render_template(:not_found)
+      end
+
+      it "renders the admin settings if an admin tries to acccess it" do
+        @request.session[:user_id] = @admin.id
+        get :index
+
+        expect(response).to render_template(:index)
+      end
+    end
+
+    context "GET #edit_user" do
+      it "renders the index page" do
+        @request.session[:user_id] = @admin.id
+
+        get :edit_user, params: { user_uid: @user.uid }
+
+        expect(response).to render_template(:index)
+      end
+    end
+
+    context "POST #promote" do
+      it "promotes a user to admin" do
+        @request.session[:user_id] = @admin.id
+
+        expect(@user.has_role?(:admin)).to eq(false)
+
+        post :promote, params: { user_uid: @user.uid }
+
+        expect(@user.has_role?(:admin)).to eq(true)
+        expect(flash[:success]).to be_present
+        expect(response).to redirect_to(admins_path)
+      end
+    end
+
+    context "POST #demote" do
+      it "demotes an admin to user" do
+        @request.session[:user_id] = @admin.id
+
+        @user.add_role :admin
+        expect(@user.has_role?(:admin)).to eq(true)
+
+        post :demote, params: { user_uid: @user.uid }
+
+        expect(@user.has_role?(:admin)).to eq(false)
+        expect(flash[:success]).to be_present
+        expect(response).to redirect_to(admins_path)
+      end
+    end
+
+    context "POST #ban" do
+      it "bans a user from the application" do
+        @request.session[:user_id] = @admin.id
+
+        expect(@user.has_role?(:denied)).to eq(false)
+
+        post :ban_user, params: { user_uid: @user.uid }
+
+        expect(@user.has_role?(:denied)).to eq(true)
+        expect(flash[:success]).to be_present
+        expect(response).to redirect_to(admins_path)
+      end
+    end
+
+    context "POST #unban" do
+      it "unbans the user from the application" do
+        @request.session[:user_id] = @admin.id
+        @user.add_role :denied
+
+        expect(@user.has_role?(:denied)).to eq(true)
+
+        post :unban_user, params: { user_uid: @user.uid }
+
+        expect(@user.has_role?(:denied)).to eq(false)
+        expect(flash[:success]).to be_present
+        expect(response).to redirect_to(admins_path)
+      end
+    end
+  end
+
+  describe "User Design" do
+    context "POST #branding" do
+      it "changes the branding image on the page" do
+        allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+        allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+        @request.session[:user_id] = @admin.id
+        fake_image_url = "example.com"
+
+        post :branding, params: { url: fake_image_url }
+
+        feature = Setting.find_by(provider: "provider1").features.find_by(name: "Branding Image")
+
+        expect(feature[:value]).to eq(fake_image_url)
+        expect(response).to redirect_to(admins_path)
+      end
+    end
+
+    context "POST #coloring" do
+      it "changes the primary on the page" do
+        allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+        allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+        @request.session[:user_id] = @admin.id
+        primary_color = "#000000"
+
+        post :coloring, params: { color: primary_color }
+
+        feature = Setting.find_by(provider: "provider1").features.find_by(name: "Primary Color")
+
+        expect(feature[:value]).to eq(primary_color)
+        expect(response).to redirect_to(admins_path(setting: "site_settings"))
+      end
+    end
+  end
+end
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+require 'rails_helper'
+
+RSpec.configure do |c|
+  c.infer_base_class_for_anonymous_controllers = false
+end
+
+describe ApplicationController do
+  controller do
+    before_action :check_if_unbanned
+
+    def index
+      head :ok
+    end
+  end
+
+  context "roles" do
+    it "redirects a banned user to a 401 and logs them out" do
+      @user = create(:user)
+      @user.add_role :denied
+      @request.session[:user_id] = @user.id
+
+      get :index
+      expect(@request.session[:user_id]).to be_nil
+      expect(response).to redirect_to(unauthorized_path)
+    end
+  end
+end
--- a/spec/controllers/errors_controller_spec.rb
+++ b/spec/controllers/errors_controller_spec.rb
@ -39,4 +39,11 @@ describe ErrorsController, type: :controller do
      expect(response).to have_http_status(500)
    end
  end
+
+  describe "GET #unauthorized" do
+    it "returns unauthorized" do
+      get :unauthorized
+      expect(response).to have_http_status(401)
+    end
+  end
 end
--- a/spec/controllers/recordings_controller_spec.rb
+++ b/spec/controllers/recordings_controller_spec.rb
@ -27,6 +27,7 @@ describe RecordingsController, type: :controller do

  context "POST #update_recording" do
    it "updates the recordings details" do
+      allow_any_instance_of(Room).to receive(:update_recording).and_return(updated: true)
      @request.session[:user_id] = @user.uid

      post :update_recording, params: { meetingID: @room.bbb_id, record_id: Faker::IDNumber.valid, state: "public" }
@ -45,6 +46,7 @@ describe RecordingsController, type: :controller do

  context "DELETE #delete_recording" do
    it "deletes the recording" do
+      allow_any_instance_of(Room).to receive(:delete_recording).and_return(true)
      @request.session[:user_id] = @user.uid

      post :delete_recording, params: { meetingID: @room.bbb_id, record_id: Faker::IDNumber.valid, state: "public" }
--- a/spec/controllers/rooms_controller_spec.rb
+++ b/spec/controllers/rooms_controller_spec.rb
@ -82,6 +82,21 @@ describe RoomsController, type: :controller do
      expect(flash[:alert]).to be_present
      expect(response).to redirect_to(root_path)
    end
+
+    it "sets the join name to cookie[:greenlight_name] if it exists" do
+      name = Faker::Pokemon.name
+      @request.cookies[:greenlight_name] = name
+
+      get :show, params: { room_uid: @owner.main_room }
+
+      expect(assigns(:name)).to eql(name)
+    end
+
+    it "sets the join name to blank if user isnt signed in" do
+      get :show, params: { room_uid: @owner.main_room }
+
+      expect(assigns(:name)).to eql("")
+    end
  end

  describe "POST #create" do
@ -113,6 +128,17 @@ describe RoomsController, type: :controller do

      expect(response).to redirect_to(root_path)
    end
+
+    it "it should redirect back to main room with error if it fails" do
+      @request.session[:user_id] = @owner.id
+
+      room_params = { name: "", "client": "html5", "mute_on_join": "1" }
+
+      post :create, params: { room: room_params }
+
+      expect(flash[:alert]).to be_present
+      expect(response).to redirect_to(@owner.main_room)
+    end
  end

  describe "POST #join" do
@ -300,4 +326,19 @@ describe RoomsController, type: :controller do
      expect(response).to redirect_to(@secondary_room)
    end
  end
+
+  describe "GET #logout" do
+    before do
+      @user = create(:user)
+      @room = @user.main_room
+    end
+
+    it "redirects to the correct room" do
+      @request.session[:user_id] = @user.id
+
+      get :logout, params: { room_uid: @room }
+
+      expect(response).to redirect_to(@room)
+    end
+  end
 end
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -140,6 +140,22 @@ describe SessionsController, type: :controller do
      expect(@request.session[:user_id]).to eql(user.id)
      expect(response).to redirect_to(user.main_room)
    end
+
+    it "redirects to the admins page for admins" do
+      user = create(:user, provider: "greenlight",
+        password: "example", password_confirmation: 'example')
+      user.add_role :super_admin
+
+      post :create, params: {
+        session: {
+          email: user.email,
+          password: 'example',
+        },
+      }
+
+      expect(@request.session[:user_id]).to eql(user.id)
+      expect(response).to redirect_to(admins_path)
+    end
  end

  describe "GET/POST #omniauth" do
--- a/spec/controllers/themes_controller_spec.rb
+++ b/spec/controllers/themes_controller_spec.rb
@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+
+require "rails_helper"
+
+describe ThemesController, type: :controller do
+  context "GET #index" do
+    before do
+      @user = create(:user)
+    end
+
+    it "responds with css file" do
+      @request.session[:user_id] = @user.id
+
+      get :index, format: :css
+
+      expect(response.content_type).to eq("text/css")
+    end
+  end
+
+  context "CSS file creation" do
+    before do
+      @fake_color = Faker::Color.hex_color
+      allow(Rails.configuration).to receive(:primary_color_default).and_return(@fake_color)
+    end
+
+    it "returns the correct color based on provider" do
+      allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+      allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+      color1 = Faker::Color.hex_color
+      provider1 = Faker::Company.name
+      Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
+      user1 = create(:user, provider: provider1)
+
+      @request.session[:user_id] = user1.id
+
+      get :index, format: :css
+
+      expect(response.content_type).to eq("text/css")
+      expect(response.body).to include(color1)
+    end
+
+    it "uses the default color option" do
+      provider1 = Faker::Company.name
+      user1 = create(:user, provider: provider1)
+
+      @request.session[:user_id] = user1.id
+
+      get :index, format: :css
+
+      expect(response.content_type).to eq("text/css")
+      expect(response.body).to include(@fake_color)
+    end
+  end
+end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -47,12 +47,64 @@ describe UsersController, type: :controller do
  end

  describe "GET #new" do
-    before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
-
    it "assigns a blank user to the view" do
+      allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
+
      get :new
      expect(assigns(:user)).to be_a_new(User)
    end
+
+    it "redirects to root if allow_user_signup is false" do
+      allow(Rails.configuration).to receive(:allow_user_signup).and_return(false)
+
+      get :new
+      expect(response).to redirect_to(root_path)
+    end
+  end
+
+  describe "GET #edit" do
+    it "renders the edit template" do
+      user = create(:user)
+
+      @request.session[:user_id] = user.id
+
+      get :edit, params: { user_uid: user.uid }
+
+      expect(response).to render_template(:edit)
+    end
+
+    it "does not allow you to edit other users if you're not an admin" do
+      user = create(:user)
+      user2 = create(:user)
+
+      @request.session[:user_id] = user.id
+
+      get :edit, params: { user_uid: user2.uid }
+
+      expect(response).to redirect_to(user.main_room)
+    end
+
+    it "allows admins to edit other users" do
+      allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+      allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+      user = create(:user, provider: "provider1")
+      user.add_role :admin
+      user2 = create(:user, provider: "provider1")
+
+      @request.session[:user_id] = user.id
+
+      get :edit, params: { user_uid: user2.uid }
+
+      expect(response).to render_template(:edit)
+    end
+
+    it "redirect to root if user isn't signed in" do
+      user = create(:user)
+
+      get :edit, params: { user_uid: user }
+      expect(response).to redirect_to(root_path)
+    end
  end

  describe "POST #create" do
@ -86,6 +138,21 @@ describe UsersController, type: :controller do

        expect(response).to render_template(:new)
      end
+
+      it "sends activation email if email verification is on" do
+        allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
+
+        params = random_valid_user_params
+        expect { post :create, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
+
+        u = User.find_by(name: params[:user][:name], email: params[:user][:email])
+
+        expect(u).to_not be_nil
+        expect(u.name).to eql(params[:user][:name])
+
+        expect(flash[:success]).to be_present
+        expect(response).to redirect_to(root_path)
+      end
    end

    context "disallow greenlight accounts" do
@ -133,6 +200,8 @@ describe UsersController, type: :controller do

      expect(user.name).to eql(params[:user][:name])
      expect(user.email).to eql(params[:user][:email])
+      expect(flash[:success]).to be_present
+      expect(response).to redirect_to(edit_user_path(user))
    end

    it "renders #edit on unsuccessful save" do
@ -148,6 +217,37 @@ describe UsersController, type: :controller do

    it "properly deletes user" do
      user = create(:user)
+      @request.session[:user_id] = user.id
+
+      delete :destroy, params: { user_uid: user.uid }
+
+      expect(response).to redirect_to(root_path)
+    end
+
+    it "allows admins to delete users" do
+      allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+      allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+      allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
+
+      user = create(:user, provider: "provider1")
+      admin = create(:user, provider: "provider1")
+      admin.add_role :admin
+      @request.session[:user_id] = admin.id
+
+      delete :destroy, params: { user_uid: user.uid }
+
+      expect(flash[:success]).to be_present
+      expect(response).to redirect_to(admins_path)
+    end
+
+    it "doesn't allow admins of other providers to delete users" do
+      allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
+      allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
+
+      user = create(:user, provider: "provider1")
+      admin = create(:user, provider: "provider2")
+      admin.add_role :admin
+      @request.session[:user_id] = admin.id

      delete :destroy, params: { user_uid: user.uid }