lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Feat: recording perm (#2775) 

* fix: comment into code not related - abusive copy/paste

* Add user permission for recording

Add a role permission 'can_launch_record' to users to set the ability to run recording. By default everybody can record, but we can set to the user role without perm to record and create a new role for those who can.
This commit is contained in:
Julien Gribonvald 2021-06-24 00:16:37 +02:00 committed by GitHub
parent e0775122d4
commit a7ecd54381
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 55 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/admins_controller.rb
View File

@ -31,6 +31,8 @@ class AdminsController < ApplicationController
before_action :find_deleted_user, only: manage_deleted_users before_action :find_deleted_user, only: manage_deleted_users
before_action :verify_admin_of_user, only: [manage_users, manage_deleted_users] before_action :verify_admin_of_user, only: [manage_users, manage_deleted_users]
helper_method :perm_to_record_meeting
# GET /admins # GET /admins
def index def index
# Initializa the data manipulation variables # Initializa the data manipulation variables

2
app/controllers/application_controller.rb
View File

@ -180,7 +180,7 @@ class ApplicationController < ActionController::Base
end end
helper_method :shared_access_allowed helper_method :shared_access_allowed
# Indicates whether users are allowed to share rooms # Indicates whether users should consent recoding when joining rooms
def recording_consent_required? def recording_consent_required?
@settings.get_value("Require Recording Consent") == "true" @settings.get_value("Require Recording Consent") == "true"
end end

9
app/controllers/concerns/recorder.rb
View File

@ -123,6 +123,15 @@ module Recorder
end end
end end
def perm_to_record_meeting
# define perm without init config of room setting
if recording_consent_required?
@settings.get_value("Room Configuration Recording") != "disabled" && current_user&.role&.get_permission("can_launch_recording")
else
current_user&.role&.get_permission("can_launch_recording")
end
end
private private
# Gets the email of the room owner to which the recording belongs to # Gets the email of the room owner to which the recording belongs to

2
app/controllers/concerns/rolify.rb
View File

@ -120,7 +120,7 @@ module Rolify
role_params = params.require(:role).permit(:name) role_params = params.require(:role).permit(:name)
permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email, permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users,
:can_manage_rooms_recordings, :can_appear_in_share_list, :colour) :can_launch_recording, :can_manage_rooms_recordings, :can_appear_in_share_list, :colour)
permission_params.transform_values! do |v| permission_params.transform_values! do |v|
case v case v

6
app/controllers/rooms_controller.rb
View File

@ -35,6 +35,8 @@ class RoomsController < ApplicationController
before_action :verify_user_not_admin, only: [:show] before_action :verify_user_not_admin, only: [:show]
skip_before_action :verify_authenticity_token, only: [:join] skip_before_action :verify_authenticity_token, only: [:join]
helper_method :perm_to_record_meeting
# POST / # POST /
def create def create
# Return to root if user is not signed in # Return to root if user is not signed in
@ -436,9 +438,9 @@ class RoomsController < ApplicationController
def record_meeting def record_meeting
# If the require consent setting is checked, then check the room setting, else, set to true # If the require consent setting is checked, then check the room setting, else, set to true
if recording_consent_required? if recording_consent_required?
room_setting_with_config("recording") room_setting_with_config("recording") && current_user&.role&.get_permission("can_launch_recording")
else else
true current_user&.role&.get_permission("can_launch_recording")
end end
end end

9
app/models/role.rb
View File

@ -38,13 +38,13 @@ class Role < ApplicationRecord
Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f") Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f")
.update_all_role_permissions(can_create_rooms: true, send_promoted_email: true, .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true,
send_demoted_email: true, can_edit_site_settings: true, can_manage_rooms_recordings: true, send_demoted_email: true, can_edit_site_settings: true, can_manage_rooms_recordings: true,
can_edit_roles: true, can_manage_users: true) can_launch_recording: true, can_edit_roles: true, can_manage_users: true)
Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions
Role.create(name: "denied", provider: provider, priority: -2, colour: "#343a40").update_all_role_permissions Role.create(name: "denied", provider: provider, priority: -2, colour: "#343a40").update_all_role_permissions
Role.create(name: "super_admin", provider: provider, priority: -3, colour: "#cd201f") Role.create(name: "super_admin", provider: provider, priority: -3, colour: "#cd201f")
.update_all_role_permissions(can_create_rooms: true, .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true,
send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true, send_demoted_email: true, can_edit_site_settings: true, can_manage_rooms_recordings: true,
can_edit_roles: true, can_manage_users: true, can_manage_rooms_recordings: true) can_launch_recording: true, can_edit_roles: true, can_manage_users: true)
end end
def self.create_new_role(role_name, provider) def self.create_new_role(role_name, provider)
@ -72,6 +72,7 @@ class Role < ApplicationRecord
update_permission("can_manage_users", permissions[:can_manage_users].to_s) update_permission("can_manage_users", permissions[:can_manage_users].to_s)
update_permission("can_manage_rooms_recordings", permissions[:can_manage_rooms_recordings].to_s) update_permission("can_manage_rooms_recordings", permissions[:can_manage_rooms_recordings].to_s)
update_permission("can_appear_in_share_list", permissions[:can_appear_in_share_list].to_s) update_permission("can_appear_in_share_list", permissions[:can_appear_in_share_list].to_s)
update_permission("can_launch_recording", permissions[:can_launch_recording].to_s)
end end
# Updates the value of the permission and enables it # Updates the value of the permission and enables it

11
app/views/admins/components/_roles.html.erb
View File

@ -20,8 +20,8 @@
<div class="list-group list-group-transparent mb-0"> <div class="list-group list-group-transparent mb-0">
<div id="rolesSelect" data-url="<%= admin_roles_order_path %>"> <div id="rolesSelect" data-url="<%= admin_roles_order_path %>">
<% @roles.each do |role| %> <% @roles.each do |role| %>
<%= link_to admin_roles_path(selected_role: role.id), <%= link_to admin_roles_path(selected_role: role.id),
class: "#{"sort-disabled" if role.name == "user" || role.name == "admin" || role.priority <= current_role.priority } dropdown-item list-group-item list-group-item-action #{"active" if @selected_role.id == role.id}", class: "#{"sort-disabled" if role.name == "user" || role.name == "admin" || role.priority <= current_role.priority } dropdown-item list-group-item list-group-item-action #{"active" if @selected_role.id == role.id}",
id: dom_id(role) do %> id: dom_id(role) do %>
<%= translated_role_name(role) %> <%= translated_role_name(role) %>
<% end %> <% end %>
@ -36,7 +36,7 @@
<%= form_with model: @selected_role, url: admin_update_role_path(@selected_role.id), method: :post do |f| %> <%= form_with model: @selected_role, url: admin_update_role_path(@selected_role.id), method: :post do |f| %>
<%= f.label :name, t('administrator.roles.name'), class: "form-label" %> <%= f.label :name, t('administrator.roles.name'), class: "form-label" %>
<%= f.text_field :name, class: 'form-control mb-3', value: translated_role_name(@selected_role), readonly: edit_disabled || @selected_role.name == "user" || @selected_role.name == "admin", required: true %> <%= f.text_field :name, class: 'form-control mb-3', value: translated_role_name(@selected_role), readonly: edit_disabled || @selected_role.name == "user" || @selected_role.name == "admin", required: true %>
<%= f.hidden_field :colour, id: "role-colour", value: role_colour(@selected_role) %> <%= f.hidden_field :colour, id: "role-colour", value: role_colour(@selected_role) %>
<div class="form-group"> <div class="form-group">
<label class="form-label"><%= t("administrator.roles.colour.title") %></label> <label class="form-label"><%= t("administrator.roles.colour.title") %></label>
@ -58,6 +58,11 @@
<%= f.check_box :can_manage_users, checked: @selected_role.get_permission("can_manage_users"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_users") %> <%= f.check_box :can_manage_users, checked: @selected_role.get_permission("can_manage_users"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_users") %>
<span class="custom-switch-indicator float-right"></span> <span class="custom-switch-indicator float-right"></span>
</label> </label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_launch_recording") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.can_launch_recording")%></span>
<%= f.check_box :can_launch_recording, checked: @selected_role.get_permission("can_launch_recording"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_launch_recording") %>
<span class="custom-switch-indicator float-right"></span>
</label>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_rooms_recordings") %>"> <label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%="form-disable" if !current_role.get_permission("can_manage_rooms_recordings") %>">
<span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_rooms_recordings")%></span> <span class="ml-0 custom-switch-description"><%= t("administrator.roles.manage_rooms_recordings")%></span>
<%= f.check_box :can_manage_rooms_recordings, checked: @selected_role.get_permission("can_manage_rooms_recordings"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_rooms_recordings") %> <%= f.check_box :can_manage_rooms_recordings, checked: @selected_role.get_permission("can_manage_rooms_recordings"), class: "custom-switch-input", disabled: edit_disabled || !current_role.get_permission("can_manage_rooms_recordings") %>

4
app/views/shared/modals/_create_room_modal.html.erb
View File

@ -73,7 +73,7 @@
<span class="custom-switch-indicator float-right cursor-pointer"></span> <span class="custom-switch-indicator float-right cursor-pointer"></span>
</label> </label>
<% end %> <% end %>
<% any_start = room_configuration("Room Configuration Allow Any Start") %> <% any_start = room_configuration("Room Configuration Allow Any Start") %>
<% if any_start != "disabled" %> <% if any_start != "disabled" %>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%= "enabled-setting" if any_start == "enabled" %>"> <label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%= "enabled-setting" if any_start == "enabled" %>">
@ -91,7 +91,7 @@
</label> </label>
<% end %> <% end %>
<% recording = room_configuration("Room Configuration Recording") %> <% recording = room_configuration("Room Configuration Recording") %>
<% if recording_consent_required? && recording != "disabled" %> <% if recording_consent_required? && recording != "disabled" && perm_to_record_meeting %>
<label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%= "enabled-setting" if recording == "enabled" %>"> <label class="custom-switch pl-0 mt-3 mb-3 w-100 text-left d-inline-block <%= "enabled-setting" if recording == "enabled" %>">
<span class="custom-switch-description"><%= t("modal.room_settings.recording")%></span> <span class="custom-switch-description"><%= t("modal.room_settings.recording")%></span>
<%= f.check_box :recording, class: "not-running-only custom-switch-input", data: { default: recording == "enabled" }, checked: false %> <%= f.check_box :recording, class: "not-running-only custom-switch-input", data: { default: recording == "enabled" }, checked: false %>

1
config/locales/en.yml
View File

@ -145,6 +145,7 @@ en:
roles: roles:
appear_in_share_list: Include users with this role in the dropdown for sharing rooms appear_in_share_list: Include users with this role in the dropdown for sharing rooms
can_create_rooms: Can create rooms can_create_rooms: Can create rooms
can_launch_recording: Allow users with this role to launch recordings
delete: Delete the role delete: Delete the role
invalid_create: There was a problem creating a new role. Please check the role values and try again invalid_create: There was a problem creating a new role. Please check the role values and try again
invalid_order: There was a problem updating the priority of the role. Please check the values and try again invalid_order: There was a problem updating the priority of the role. Please check the values and try again

1
config/locales/fr.yml
View File

@ -145,6 +145,7 @@ fr:
roles: roles:
appear_in_share_list: Inclure les utilisateurs ayant ce rôle dans la liste déroulante de partage des salons appear_in_share_list: Inclure les utilisateurs ayant ce rôle dans la liste déroulante de partage des salons
can_create_rooms: Peut créer des salles can_create_rooms: Peut créer des salles
can_launch_recording: Permet aux utilisateurs ayant ce rôle d'effectuer des enregistrements
delete: Supprimer le rôle delete: Supprimer le rôle
invalid_create: Il y a eu un problème lors de la création du nouveau rôle. Veuillez vérifier les valeurs entrées et réessayer. invalid_create: Il y a eu un problème lors de la création du nouveau rôle. Veuillez vérifier les valeurs entrées et réessayer.
invalid_order: Il y a eu un problème lors de la mise à jour de la priorité du rôle. Veuillez vérifier les valeurs et réessayer. invalid_order: Il y a eu un problème lors de la mise à jour de la priorité du rôle. Veuillez vérifier les valeurs et réessayer.

21
db/migrate/20210319160827_add_can_launch_recording_to_permissions.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class MigrationProduct < ActiveRecord::Base
self.table_name = :roles
end
class SubMigrationProduct < ActiveRecord::Base
self.table_name = :role_permissions
end
class AddCanLaunchRecordingToPermissions < ActiveRecord::Migration[5.2]
def change
reversible do |dir|
dir.up do
MigrationProduct.all.each do |role|
SubMigrationProduct.create(role_id: role.id, name: "can_launch_recording", value: 'true', enabled: true)
end
end
end
end
end