Feat: recording perm (#2775)

* fix: comment into code not related - abusive copy/paste * Add user permission for recording Add a role permission 'can_launch_record' to users to set the ability to run recording. By default everybody can record, but we can set to the user role without perm to record and create a new role for those who can.
2021-06-24 00:16:37 +02:00
parent e0775122d4
commit a7ecd54381
11 changed files with 55 additions and 13 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -31,6 +31,8 @@ class AdminsController < ApplicationController
  before_action :find_deleted_user, only: manage_deleted_users
  before_action :verify_admin_of_user, only: [manage_users, manage_deleted_users]

+  helper_method :perm_to_record_meeting
+
  # GET /admins
  def index
    # Initializa the data manipulation variables
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -180,7 +180,7 @@ class ApplicationController < ActionController::Base
  end
  helper_method :shared_access_allowed

-  # Indicates whether users are allowed to share rooms
+  # Indicates whether users should consent recoding when joining rooms
  def recording_consent_required?
    @settings.get_value("Require Recording Consent") == "true"
  end
--- a/app/controllers/concerns/recorder.rb
+++ b/app/controllers/concerns/recorder.rb
@ -123,6 +123,15 @@ module Recorder
    end
  end

+  def perm_to_record_meeting
+    # define perm without init config of room setting
+    if recording_consent_required?
+      @settings.get_value("Room Configuration Recording") != "disabled" && current_user&.role&.get_permission("can_launch_recording")
+    else
+      current_user&.role&.get_permission("can_launch_recording")
+    end
+  end
+
  private

  # Gets the email of the room owner to which the recording belongs to
--- a/app/controllers/concerns/rolify.rb
+++ b/app/controllers/concerns/rolify.rb
@ -120,7 +120,7 @@ module Rolify
    role_params = params.require(:role).permit(:name)
    permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
      :send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users,
-      :can_manage_rooms_recordings, :can_appear_in_share_list, :colour)
+      :can_launch_recording, :can_manage_rooms_recordings, :can_appear_in_share_list, :colour)

    permission_params.transform_values! do |v|
      case v
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -35,6 +35,8 @@ class RoomsController < ApplicationController
  before_action :verify_user_not_admin, only: [:show]
  skip_before_action :verify_authenticity_token, only: [:join]

+  helper_method :perm_to_record_meeting
+
  # POST /
  def create
    # Return to root if user is not signed in
@ -436,9 +438,9 @@ class RoomsController < ApplicationController
  def record_meeting
    # If the require consent setting is checked, then check the room setting, else, set to true
    if recording_consent_required?
-      room_setting_with_config("recording")
+      room_setting_with_config("recording") && current_user&.role&.get_permission("can_launch_recording")
    else
-      true
+      current_user&.role&.get_permission("can_launch_recording")
    end
  end