lino.jorzick/greenlight
1
0
Fork 0
forked from External/greenlight
Code Issues Pull Requests Projects Releases Wiki Activity

GRN2-180: First stages of refactoring code for v2.4 (#748)

Browse Source 
* Email rescues and authenticator concern

* Application controller and helper clean up

* Moved controller code out of helpers

* More helper and email clean up

* Cleaned up remaining helpers and create omniauth_options

* Controller code clean up

* restructured views structure

* Restructured role code

* Restructured profile and code clean up

* Master merge

* Added bbb server concern to deal with bbb calls

* Bug fixes and changes after changes

* rspec

* More rubocop fixes
This commit is contained in:
farhatahmad
2019-08-19 11:28:48 -04:00
committed by farhatahmad
parent 194b5ddfa0
commit fd6077696d
76 changed files with 1187 additions and 1430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
app/controllers/account_activations_controller.rb
View File

@ -24,46 +24,45 @@ class AccountActivationsController < ApplicationController
# GET /account_activations
def show
render :verify
end
# GET /account_activations/edit
def edit
# If the user exists and is not verified and provided the correct token
if @user && !@user.activated? && @user.authenticated?(:activation, params[:token])
# Verify user
@user.activate
# Redirect user to root with account pending flash if account is still pending
return redirect_to root_path,
flash: { success: I18n.t("registration.approval.signup") } if @user.has_role?(:pending)
flash[:success] = I18n.t("verify.activated") + " " + I18n.t("verify.signin")
redirect_to signin_path
# Redirect user to sign in path with success flash
redirect_to signin_path, flash: { success: I18n.t("verify.activated") + " " + I18n.t("verify.signin") }
else
flash[:alert] = I18n.t("verify.invalid")
redirect_to root_path
redirect_to root_path, flash: { alert: I18n.t("verify.invalid") }
end
end
# GET /account_activations/resend
def resend
if @user.activated?
# User is already verified
flash[:alert] = I18n.t("verify.already_verified")
else
begin
send_activation_email(@user)
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
end
# Resend
send_activation_email(@user)
end
redirect_to(root_path)
redirect_to root_path
end
private
def find_user
@user = User.find_by!(email: params[:email], provider: @user_domain)
end
def ensure_unauthenticated
redirect_to current_user.main_room if current_user
end
@ -71,8 +70,4 @@ class AccountActivationsController < ApplicationController
def email_params
params.require(:email).permit(:email, :token)
end
def find_user
@user = User.find_by!(email: params[:email], provider: @user_domain)
end
end

199
app/controllers/admins_controller.rb
View File

@ -21,18 +21,17 @@ class AdminsController < ApplicationController
include Themer
include Emailer
include Recorder
include Rolify
manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve, :reset]
site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken,
:registration_method, :room_authentication, :room_limit, :default_recording_visibility]
authorize_resource class: false
before_action :find_user, only: manage_users
before_action :verify_admin_of_user, only: manage_users
before_action :find_setting, only: site_settings
# GET /admins
def index
# Initializa the data manipulation variables
@search = params[:search] || ""
@order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
@order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
@ -49,13 +48,14 @@ class AdminsController < ApplicationController
# GET /admins/server_recordings
def server_recordings
server_rooms = if Rails.configuration.loadbalanced_configuration
Room.includes(:owner).where(users: { provider: user_settings_provider }).pluck(:bbb_id)
Room.includes(:owner).where(users: { provider: @user_domain }).pluck(:bbb_id)
else
Room.pluck(:bbb_id)
end
@search, @order_column, @order_direction, recs =
all_recordings(server_rooms, @user_domain, params.permit(:search, :column, :direction), true, true)
all_recordings(server_rooms, params.permit(:search, :column, :direction), true, true)
@pagy, @recordings = pagy_array(recs)
end
@ -92,17 +92,10 @@ class AdminsController < ApplicationController
def invite
emails = params[:invite_user][:email].split(",")
begin
emails.each do |email|
invitation = create_or_update_invite(email)
emails.each do |email|
invitation = create_or_update_invite(email)
send_invitation_email(current_user.name, email, invitation.invite_token)
end
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("administrator.flash.invite", email: emails.join(', '))
send_invitation_email(current_user.name, email, invitation.invite_token)
end
redirect_to admins_path
@ -118,39 +111,30 @@ class AdminsController < ApplicationController
end
# SITE SETTINGS
# POST /admins/branding
def branding
@settings.update_value("Branding Image", params[:url])
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
# POST /admins/update_settings
def update_settings
@settings.update_value(params[:setting], params[:value])
flash_message = I18n.t("administrator.flash.settings")
if params[:value] == "Default Recording Visibility"
flash_message += ". " + I18n.t("administrator.site_settings.recording_visibility.warning")
end
redirect_to admin_site_settings_path, flash: { success: flash_message }
end
# POST /admins/color
def coloring
@settings.update_value("Primary Color", params[:color])
@settings.update_value("Primary Color Lighten", color_lighten(params[:color]))
@settings.update_value("Primary Color Darken", color_darken(params[:color]))
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
def coloring_lighten
@settings.update_value("Primary Color Lighten", params[:color])
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
def coloring_darken
@settings.update_value("Primary Color Darken", params[:color])
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
# POST /admins/room_authentication
def room_authentication
@settings.update_value("Room Authentication", params[:value])
@settings.update_value("Primary Color", params[:value])
@settings.update_value("Primary Color Lighten", color_lighten(params[:value]))
@settings.update_value("Primary Color Darken", color_darken(params[:value]))
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
# POST /admins/registration_method/:method
def registration_method
new_method = Rails.configuration.registration_methods[params[:method].to_sym]
new_method = Rails.configuration.registration_methods[params[:value].to_sym]
# Only allow change to Join by Invitation if user has emails enabled
if !Rails.configuration.enable_email_verification && new_method == Rails.configuration.registration_methods[:invite]
@ -163,67 +147,19 @@ class AdminsController < ApplicationController
end
end
# POST /admins/room_limit
def room_limit
@settings.update_value("Room Limit", params[:limit])
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
# POST /admins/default_recording_visibility
def default_recording_visibility
@settings.update_value("Default Recording Visibility", params[:visibility])
redirect_to admin_site_settings_path, flash: {
success: I18n.t("administrator.flash.settings") + ". " +
I18n.t("administrator.site_settings.recording_visibility.warning")
}
end
# POST /admins/clear_cache
def clear_cache
Rails.cache.delete("#{@user_domain}/getUser")
Rails.cache.delete("#{@user_domain}/getUserGreenlightCredentials")
redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
end
# ROLES
# GET /admins/roles
def roles
@roles = Role.editable_roles(@user_domain)
if @roles.count.zero?
Role.create_default_roles(@user_domain)
@roles = Role.editable_roles(@user_domain)
end
@selected_role = if params[:selected_role].nil?
@roles.find_by(name: 'user')
else
@roles.find(params[:selected_role])
end
@roles = all_roles(params[:selected_role])
end
# POST /admin/role
# This method creates a new role scope to the users provider
# POST /admins/role
# This method creates a new role scoped to the users provider
def new_role
new_role_name = params[:role][:name]
new_role = create_role(params[:role][:name])
# Make sure that the role name isn't a duplicate or a reserved name like super_admin
if Role.duplicate_name(new_role_name, @user_domain)
flash[:alert] = I18n.t("administrator.roles.duplicate_name")
return redirect_to admin_roles_path
end
# Make sure the role name isn't empty
if new_role_name.strip.empty?
flash[:alert] = I18n.t("administrator.roles.empty_name")
return redirect_to admin_roles_path
end
new_role = Role.create_new_role(new_role_name, @user_domain)
return redirect_to admin_roles_path, flash: { alert: I18n.t("administrator.roles.invalid_create") } if new_role.nil?
redirect_to admin_roles_path(selected_role: new_role.id)
end
@ -232,82 +168,16 @@ class AdminsController < ApplicationController
# This updates the priority of a site's roles
# Note: A lower priority role will always get used before a higher priority one
def change_role_order
user_role = Role.find_by(name: "user", provider: @user_domain)
admin_role = Role.find_by(name: "admin", provider: @user_domain)
current_user_role = current_user.highest_priority_role
# Users aren't allowed to update the priority of the admin or user roles
if params[:role].include?(user_role.id.to_s) || params[:role].include?(admin_role.id.to_s)
flash[:alert] = I18n.t("administrator.roles.invalid_order")
return redirect_to admin_roles_path
unless update_priority(params[:role])
redirect_to admin_roles_path, flash: { alert: I18n.t("administrator.roles.invalid_order") }
end
# Restrict users to only updating the priority for roles in their domain with a higher
# priority
params[:role].each do |id|
role = Role.find(id)
if role.priority <= current_user_role.priority || role.provider != @user_domain
flash[:alert] = I18n.t("administrator.roles.invalid_update")
return redirect_to admin_roles_path
end
end
# Update the roles priority including the user role
top_priority = 0
params[:role].each_with_index do |id, index|
new_priority = index + [current_user_role.priority, 0].max + 1
top_priority = new_priority
Role.where(id: id).update_all(priority: new_priority)
end
user_role.priority = top_priority + 1
user_role.save!
end
# POST /admin/role/:role_id
# This method updates the permissions assigned to a role
def update_role
role = Role.find(params[:role_id])
current_user_role = current_user.highest_priority_role
# Checks that it is valid for the provider to update the role
if role.priority <= current_user_role.priority || role.provider != @user_domain
flash[:alert] = I18n.t("administrator.roles.invalid_update")
return redirect_to admin_roles_path(selected_role: role.id)
end
role_params = params.require(:role).permit(:name)
permission_params = params.require(:role)
.permit(
:can_create_rooms,
:send_promoted_email,
:send_demoted_email,
:can_edit_site_settings,
:can_edit_roles,
:can_manage_users,
:colour
)
# Role is a default role so users can't change the name
role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)
# Make sure if the user is updating the role name that the role name is valid
if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
!role_params[:name].strip.empty?
role.name = role_params[:name]
elsif role.name != role_params[:name]
flash[:alert] = I18n.t("administrator.roles.duplicate_name")
return redirect_to admin_roles_path(selected_role: role.id)
end
role.update(permission_params)
role.save!
flash[:alert] = I18n.t("administrator.roles.invalid_update") unless update_permissions(role)
redirect_to admin_roles_path(selected_role: role.id)
end
@ -337,10 +207,7 @@ class AdminsController < ApplicationController
@user = User.where(uid: params[:user_uid]).includes(:roles).first
end
def find_setting
@settings = Setting.find_or_create_by!(provider: user_settings_provider)
end
# Verifies that admin is an administrator of the user in the action
def verify_admin_of_user
redirect_to admins_path,
flash: { alert: I18n.t("administrator.flash.unauthorized") } unless current_user.admin_of?(@user)
@ -355,7 +222,7 @@ class AdminsController < ApplicationController
end
if Rails.configuration.loadbalanced_configuration
initial_list.where(provider: user_settings_provider)
initial_list.where(provider: @user_domain)
.admins_search(@search, @role)
.admins_order(@order_column, @order_direction)
else

224
app/controllers/application_controller.rb
View File

@ -16,35 +16,65 @@
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
require 'bigbluebutton_api'
class ApplicationController < ActionController::Base
include ApplicationHelper
include SessionsHelper
include BbbServer
include ThemingHelper
# Force SSL for loadbalancer configurations.
before_action :redirect_to_https
before_action :set_user_domain
before_action :set_user_settings
before_action :maintenance_mode?
before_action :migration_error?
before_action :set_locale
before_action :user_locale
before_action :check_admin_password
before_action :check_user_role
# Manually handle BigBlueButton errors
rescue_from BigBlueButton::BigBlueButtonException, with: :handle_bigbluebutton_error
protect_from_forgery with: :exception
protect_from_forgery with: :exceptions
MEETING_NAME_LIMIT = 90
USER_NAME_LIMIT = 32
# Retrieves the current user.
def current_user
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
# Include user domain in lograge logs
def append_info_to_payload(payload)
super
payload[:host] = @user_domain
if Rails.configuration.loadbalanced_configuration
if @current_user && !@current_user.has_role?(:super_admin) &&
@current_user.provider != @user_domain
@current_user = nil
session.clear
end
end
@current_user
end
helper_method :current_user
def bbb_server
@bbb_server ||= Rails.configuration.loadbalanced_configuration ? bbb(@user_domain) : bbb("greenlight")
end
# Force SSL
def redirect_to_https
if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
redirect_to protocol: "https://"
end
end
# Sets the user domain variable
def set_user_domain
if Rails.env.test? || !Rails.configuration.loadbalanced_configuration
@user_domain = "greenlight"
else
@user_domain = parse_user_domain(request.host)
check_provider_exists
end
end
# Sets the settinfs variable
def set_user_settings
@settings = Setting.find_or_create_by(provider: @user_domain)
end
# Show an information page when migration fails and there is a version error.
@ -52,8 +82,40 @@ class ApplicationController < ActionController::Base
render :migration_error, status: 500 unless ENV["DB_MIGRATE_FAILED"].blank?
end
# Sets the appropriate locale.
def user_locale(user = current_user)
locale = if user && user.language != 'default'
user.language
else
http_accept_language.language_region_compatible_from(I18n.available_locales)
end
I18n.locale = locale.tr('-', '_') unless locale.nil?
end
# Checks to make sure that the admin has changed his password from the default
def check_admin_password
if current_user&.has_role?(:admin) && current_user.email == "admin@example.com" &&
current_user&.greenlight_account? && current_user&.authenticate(Rails.configuration.admin_password_default)
flash.now[:alert] = I18n.t("default_admin",
edit_link: edit_user_path(user_uid: current_user.uid) + "?setting=password").html_safe
end
end
# Checks if the user is banned and logs him out if he is
def check_user_role
if current_user&.has_role? :denied
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
elsif current_user&.has_role? :pending
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
end
end
# Redirects the user to a Maintenance page if turned on
def maintenance_mode?
if Rails.configuration.maintenance_mode
if ENV["MAINTENANCE_MODE"] == "true"
render "errors/greenlight_error", status: 503, formats: :html,
locals: {
status_code: 503,
@ -68,30 +130,6 @@ class ApplicationController < ActionController::Base
end
end
# Sets the appropriate locale.
def set_locale
update_locale(current_user)
end
def update_locale(user)
locale = if user && user.language != 'default'
user.language
else
http_accept_language.language_region_compatible_from(I18n.available_locales)
end
I18n.locale = locale.tr('-', '_') unless locale.nil?
end
def meeting_name_limit
MEETING_NAME_LIMIT
end
helper_method :meeting_name_limit
def user_name_limit
USER_NAME_LIMIT
end
helper_method :user_name_limit
# Relative root helper (when deploying to subdirectory).
def relative_root
Rails.configuration.relative_url_root || ""
@ -105,34 +143,53 @@ class ApplicationController < ActionController::Base
end
helper_method :bigbluebutton_endpoint_default?
def recording_thumbnails?
Rails.configuration.recording_thumbnails
def allow_greenlight_accounts?
return Rails.configuration.allow_user_signup unless Rails.configuration.loadbalanced_configuration
return false unless @user_domain && !@user_domain.empty? && Rails.configuration.allow_user_signup
return false if @user_domain == "greenlight"
# Proceed with retrieving the provider info
begin
provider_info = retrieve_provider_info(@user_domain, 'api2', 'getUserGreenlightCredentials')
provider_info['provider'] == 'greenlight'
rescue => e
logger.error "Error in checking if greenlight accounts are allowed: #{e}"
false
end
end
helper_method :recording_thumbnails?
helper_method :allow_greenlight_accounts?
def allow_greenlight_users?
allow_greenlight_accounts?
# Determine if Greenlight is configured to allow user signups.
def allow_user_signup?
Rails.configuration.allow_user_signup
end
helper_method :allow_greenlight_users?
helper_method :allow_user_signup?
# Determines if a form field needs the is-invalid class.
def form_is_invalid?(obj, key)
'is-invalid' unless obj.errors.messages[key].empty?
# Gets all configured omniauth providers.
def configured_providers
Rails.configuration.providers.select do |provider|
Rails.configuration.send("omniauth_#{provider}")
end
end
helper_method :form_is_invalid?
helper_method :configured_providers
# Default, unconfigured meeting options.
def default_meeting_options
invite_msg = I18n.t("invite_message")
{
user_is_moderator: false,
meeting_logout_url: request.base_url + logout_room_path(@room),
meeting_recorded: true,
moderator_message: "#{invite_msg}\n\n#{request.base_url + room_path(@room)}",
host: request.host,
recording_default_visibility: Setting.find_or_create_by!(provider: user_settings_provider)
.get_value("Default Recording Visibility") == "public"
}
# Parses the url for the user domain
def parse_user_domain(hostname)
return hostname.split('.').first if Rails.configuration.url_host.empty?
Rails.configuration.url_host.split(',').each do |url_host|
return hostname.chomp(url_host).chomp('.') if hostname.include?(url_host)
end
''
end
# Include user domain in lograge logs
def append_info_to_payload(payload)
super
payload[:host] = @user_domain
end
# Manually Handle BigBlueButton errors
def handle_bigbluebutton_error
render "errors/bigbluebutton_error"
end
# Manually deal with 401 errors
@ -140,50 +197,6 @@ class ApplicationController < ActionController::Base
render "errors/greenlight_error"
end
# Checks to make sure that the admin has changed his password from the default
def check_admin_password
if current_user&.has_role?(:admin) && current_user.email == "admin@example.com" &&
current_user&.greenlight_account? && current_user&.authenticate(Rails.configuration.admin_password_default)
flash.now[:alert] = I18n.t("default_admin",
edit_link: edit_user_path(user_uid: current_user.uid) + "?setting=password").html_safe
end
end
def redirect_to_https
if Rails.configuration.loadbalanced_configuration && request.headers["X-Forwarded-Proto"] == "http"
redirect_to protocol: "https://"
end
end
def set_user_domain
if Rails.env.test? || !Rails.configuration.loadbalanced_configuration
@user_domain = "greenlight"
else
@user_domain = parse_user_domain(request.host)
check_provider_exists
end
end
helper_method :set_user_domain
# Checks if the user is banned and logs him out if he is
def check_user_role
if current_user&.has_role? :denied
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") }
elsif current_user&.has_role? :pending
session.delete(:user_id)
redirect_to root_path, flash: { alert: I18n.t("registration.approval.fail") }
end
end
helper_method :check_user_role
# Manually Handle BigBlueButton errors
def handle_bigbluebutton_error
render "errors/bigbluebutton_error"
end
private
def check_provider_exists
@ -198,6 +211,7 @@ class ApplicationController < ActionController::Base
# Add a session variable if the provider exists
session[:provider_exists] = @user_domain
rescue => e
logger.error "Error in retrieve provider info: #{e}"
# Use the default site settings
@user_domain = "greenlight"

88
app/controllers/concerns/authenticator.rb Normal file
View File

@ -0,0 +1,88 @@
# frozen_string_literal: true
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
module Authenticator
extend ActiveSupport::Concern
# Logs a user into GreenLight.
def login(user)
migrate_twitter_user(user)
session[:user_id] = user.id
# If there are not terms, or the user has accepted them, check for email verification
if !Rails.configuration.terms || user.accepted_terms
check_email_verified(user)
else
redirect_to terms_path
end
end
# If email verification is disabled, or the user has verified, go to their room
def check_email_verified(user)
# Admin users should be redirected to the admin page
if user.has_role? :super_admin
redirect_to admins_path
elsif user.activated?
# Dont redirect to any of these urls
dont_redirect_to = [root_url, signin_url, signup_url, unauthorized_url, internal_error_url, not_found_url]
url = if cookies[:return_to] && !dont_redirect_to.include?(cookies[:return_to])
cookies[:return_to]
else
user.main_room
end
# Delete the cookie if it exists
cookies.delete :return_to if cookies[:return_to]
redirect_to url
else
redirect_to resend_path
end
end
# Logs current user out of GreenLight.
def logout
session.delete(:user_id) if current_user
end
private
# Migrates all of the twitter users rooms to the new account
def migrate_twitter_user(user)
if !session["old_twitter_user_id"].nil? && user.provider != "twitter"
old_user = User.find(session["old_twitter_user_id"])
old_user.rooms.each do |room|
room.owner = user
room.name = "Old " + room.name if room.id == old_user.main_room.id
room.save!
end
# Query for the old user again so the migrated rooms don't get deleted
old_user.reload
old_user.destroy!
session["old_twitter_user_id"] = nil
flash[:success] = I18n.t("registration.deprecated.merge_success")
end
end
end

109
app/controllers/concerns/bbb_server.rb Normal file
View File

@ -0,0 +1,109 @@
# frozen_string_literal: true
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
require 'bigbluebutton_api'
module BbbServer
extend ActiveSupport::Concern
include BbbApi
META_LISTED = "gl-listed"
# Checks if a room is running on the BigBlueButton server.
def room_running?(bbb_id)
bbb_server.is_meeting_running?(bbb_id)
end
def get_recordings(meeting_id)
bbb_server.get_recordings(meetingID: meeting_id)
end
def get_multiple_recordings(meeting_ids)
bbb_server.get_recordings(meetingID: meeting_ids)
end
# Returns a URL to join a user into a meeting.
def join_path(room, name, options = {}, uid = nil)
# Create the meeting, even if it's running
start_session(room, options)
# Determine the password to use when joining.
password = options[:user_is_moderator] ? room.moderator_pw : room.attendee_pw
# Generate the join URL.
join_opts = {}
join_opts[:userID] = uid if uid
join_opts[:join_via_html5] = true
join_opts[:guest] = true if options[:require_moderator_approval] && !options[:user_is_moderator]
bbb_server.join_meeting_url(room.bbb_id, name, password, join_opts)
end
# Creates a meeting on the BigBlueButton server.
def start_session(room, options = {})
create_options = {
record: options[:meeting_recorded].to_s,
logoutURL: options[:meeting_logout_url] || '',
moderatorPW: room.moderator_pw,
attendeePW: room.attendee_pw,
moderatorOnlyMessage: options[:moderator_message],
muteOnStart: options[:mute_on_start] || false,
"meta_#{META_LISTED}": options[:recording_default_visibility] || false,
"meta_bbb-origin-version": Greenlight::Application::VERSION,
"meta_bbb-origin": "Greenlight",
"meta_bbb-origin-server-name": options[:host]
}
create_options[:guestPolicy] = "ASK_MODERATOR" if options[:require_moderator_approval]
# Send the create request.
begin
meeting = bbb_server.create_meeting(room.name, room.bbb_id, create_options)
# Update session info.
unless meeting[:messageKey] == 'duplicateWarning'
room.update_attributes(sessions: room.sessions + 1,
last_session: DateTime.now)
end
rescue BigBlueButton::BigBlueButtonException => e
puts "BigBlueButton failed on create: #{e.key}: #{e.message}"
raise e
end
end
# Gets the number of recordings for this room
def recording_count(bbb_id)
bbb_server.get_recordings(meetingID: bbb_id)[:recordings].length
end
# Update a recording from a room
def update_recording(record_id, meta)
meta[:recordID] = record_id
bbb_server.send_api_request("updateRecordings", meta)
end
# Deletes a recording from a room.
def delete_recording(record_id)
bbb_server.delete_recordings(record_id)
end
# Deletes all recordings associated with the room.
def delete_all_recordings(bbb_id)
record_ids = bbb_server.get_recordings(meetingID: bbb_id)[:recordings].pluck(:recordID)
bbb_server.delete_recordings(record_ids) unless record_ids.empty?
end
end

105
app/controllers/concerns/emailer.rb
View File

@ -21,69 +21,110 @@ module Emailer
# Sends account activation email.
def send_activation_email(user)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
@user = user
UserMailer.verify_email(@user, user_verification_link, logo_image, user_color).deliver
UserMailer.verify_email(user, user_verification_link(user), @settings).deliver
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
end
end
# Sends password reset email.
def send_password_reset_email(user)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
@user = user
UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now
UserMailer.password_reset(user, reset_link(user), @settings).deliver_now
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
end
end
def send_user_promoted_email(user, role)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
UserMailer.user_promoted(user, role, root_url, logo_image, user_color).deliver_now
UserMailer.user_promoted(user, role, root_url, @settings).deliver_now
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
end
end
def send_user_demoted_email(user, role)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
UserMailer.user_demoted(user, role, root_url, logo_image, user_color).deliver_now
UserMailer.user_demoted(user, role, root_url, @settings).deliver_now
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
end
end
# Sends inivitation to join
def send_invitation_email(name, email, token)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
@token = token
UserMailer.invite_email(name, email, invitation_link, logo_image, user_color).deliver_now
UserMailer.invite_email(name, email, invitation_link(token), @settings).deliver_now
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("administrator.flash.invite", email: email)
end
end
def send_user_approved_email(user)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
UserMailer.approve_user(user, root_url, logo_image, user_color).deliver_now
UserMailer.approve_user(user, root_url, @settings).deliver_now
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
end
end
def send_approval_user_signup_email(user)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
admin_emails = admin_emails()
unless admin_emails.empty?
UserMailer.approval_user_signup(user, admins_url, logo_image, user_color, admin_emails).deliver_now
admin_emails = admin_emails()
UserMailer.approval_user_signup(user, admins_url, admin_emails, @settings).deliver_now unless admin_emails.empty?
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
end
end
def send_invite_user_signup_email(user)
return unless Rails.configuration.enable_email_verification
begin
return unless Rails.configuration.enable_email_verification
admin_emails = admin_emails()
unless admin_emails.empty?
UserMailer.invite_user_signup(user, admins_url, logo_image, user_color, admin_emails).deliver_now
admin_emails = admin_emails()
UserMailer.invite_user_signup(user, admins_url, admin_emails, @settings).deliver_now unless admin_emails.empty?
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
end
end
private
# Returns the link the user needs to click to verify their account
def user_verification_link
edit_account_activation_url(token: @user.activation_token, email: @user.email)
def user_verification_link(user)
edit_account_activation_url(token: user.activation_token, email: user.email)
end
def admin_emails
@ -91,21 +132,21 @@ module Emailer
if Rails.configuration.loadbalanced_configuration
admins = admins.without_role(:super_admin)
.where(provider: user_settings_provider)
.where(provider: @user_domain)
end
admins.collect(&:email).join(",")
end
def reset_link
edit_password_reset_url(@user.reset_token, email: @user.email)
def reset_link(user)
edit_password_reset_url(user.reset_token, email: user.email)
end
def invitation_link
if allow_greenlight_users?
signup_url(invite_token: @token)
def invitation_link(token)
if allow_greenlight_accounts?
signup_url(invite_token: token)
else
root_url(invite_token: @token)
root_url(invite_token: token)
end
end
end

14
app/controllers/concerns/recorder.rb
View File

@ -18,29 +18,29 @@
module Recorder
extend ActiveSupport::Concern
include ::BbbApi
include RecordingsHelper
# Fetches all recordings for a room.
def recordings(room_bbb_id, provider, search_params = {}, ret_search_params = false)
res = bbb(provider).get_recordings(meetingID: room_bbb_id)
def recordings(room_bbb_id, search_params = {}, ret_search_params = false)
res = get_recordings(room_bbb_id)
format_recordings(res, search_params, ret_search_params)
end
# Fetches a rooms public recordings.
def public_recordings(room_bbb_id, provider, search_params = {}, ret_search_params = false)
search, order_col, order_dir, recs = recordings(room_bbb_id, provider, search_params, ret_search_params)
def public_recordings(room_bbb_id, search_params = {}, ret_search_params = false)
search, order_col, order_dir, recs = recordings(room_bbb_id, search_params, ret_search_params)
[search, order_col, order_dir, recs.select { |r| r[:metadata][:"gl-listed"] == "true" }]
end
# Makes paginated API calls to get recordings
def all_recordings(room_bbb_ids, provider, search_params = {}, ret_search_params = false, search_name = false)
def all_recordings(room_bbb_ids, search_params = {}, ret_search_params = false, search_name = false)
res = { recordings: [] }
until room_bbb_ids.empty?
# bbb.get_recordings returns an object
# take only the array portion of the object that is returned
full_res = bbb(provider).get_recordings(meetingID: room_bbb_ids.pop(Rails.configuration.pagination_number))
full_res = get_multiple_recordings(room_bbb_ids.pop(Rails.configuration.pagination_number))
res[:recordings].push(*full_res[:recordings])
end

12
app/controllers/concerns/registrar.rb
View File

@ -19,20 +19,12 @@
module Registrar
extend ActiveSupport::Concern
def registration_method
Setting.find_or_create_by!(provider: user_settings_provider).get_value("Registration Method")
end
def open_registration
registration_method == Rails.configuration.registration_methods[:open]
end
def approval_registration
registration_method == Rails.configuration.registration_methods[:approval]
@settings.get_value("Registration Method") == Rails.configuration.registration_methods[:approval]
end
def invite_registration
registration_method == Rails.configuration.registration_methods[:invite]
@settings.get_value("Registration Method") == Rails.configuration.registration_methods[:invite]
end
# Returns a hash containing whether the user has been invited and if they

161
app/controllers/concerns/rolify.rb Normal file
View File

@ -0,0 +1,161 @@
# frozen_string_literal: true
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
module Rolify
extend ActiveSupport::Concern
# Gets all roles
def all_roles(selected_role)
@roles = Role.editable_roles(@user_domain)
if @roles.count.zero?
Role.create_default_roles(@user_domain)
@roles = Role.editable_roles(@user_domain)
end
@selected_role = if selected_role.nil?
@roles.find_by(name: 'user')
else
@roles.find(selected_role)
end
@roles
end
# Creates a new role
def create_role(new_role_name)
# Make sure that the role name isn't a duplicate or a reserved name like super_admin or empty
return nil if Role.duplicate_name(new_role_name, @user_domain) || new_role_name.strip.empty?
Role.create_new_role(new_role_name, @user_domain)
end
# Updates a user's roles
def update_roles(roles)
# Check that the user can manage users
return true unless current_user.highest_priority_role.can_manage_users
new_roles = roles.split(' ').map(&:to_i)
old_roles = @user.roles.pluck(:id)
added_role_ids = new_roles - old_roles
removed_role_ids = old_roles - new_roles
added_roles = []
removed_roles = []
current_user_role = current_user.highest_priority_role
# Check that the user has the permissions to add all the new roles
added_role_ids.each do |id|
role = Role.find(id)
# Admins are able to add the admin role to other users. All other roles may only
# add roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
added_roles << role
else
return false
end
end
# Check that the user has the permissions to remove all the deleted roles
removed_role_ids.each do |id|
role = Role.find(id)
# Admins are able to remove the admin role from other users. All other roles may only
# remove roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
removed_roles << role
else
return false
end
end
# Send promoted/demoted emails
added_roles.each { |role| send_user_promoted_email(@user, role) if role.send_promoted_email }
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.send_demoted_email }
# Update the roles
@user.roles.delete(removed_roles)
@user.roles << added_roles
# Make sure each user always has at least the user role
@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
@user.save!
end
# Updates a roles priority
def update_priority(role_to_update)
user_role = Role.find_by(name: "user", provider: @user_domain)
admin_role = Role.find_by(name: "admin", provider: @user_domain)
current_user_role = current_user.highest_priority_role
# Users aren't allowed to update the priority of the admin or user roles
return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)
# Restrict users to only updating the priority for roles in their domain with a higher
# priority
role_to_update.each do |id|
role = Role.find(id)
return false if role.priority <= current_user_role.priority || role.provider != @user_domain
end
# Update the roles priority including the user role
top_priority = 0
role_to_update.each_with_index do |id, index|
new_priority = index + [current_user_role.priority, 0].max + 1
top_priority = new_priority
Role.where(id: id).update_all(priority: new_priority)
end
user_role.priority = top_priority + 1
user_role.save!
end
# Update Permissions
def update_permissions(role)
current_user_role = current_user.highest_priority_role
# Checks that it is valid for the provider to update the role
return false if role.priority <= current_user_role.priority || role.provider != @user_domain
role_params = params.require(:role).permit(:name)
permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :colour)
# Role is a default role so users can't change the name
role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)
# Make sure if the user is updating the role name that the role name is valid
if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
!role_params[:name].strip.empty?
role.name = role_params[:name]
elsif role.name != role_params[:name]
return false
end
role.update(permission_params)
role.save!
end
end

37
app/controllers/password_resets_controller.rb
View File

@ -20,45 +20,47 @@ class PasswordResetsController < ApplicationController
include Emailer
before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
before_action :find_user, only: [:edit, :update]
before_action :find_user, only: [:edit, :update]
before_action :valid_user, only: [:edit, :update]
before_action :check_expiration, only: [:edit, :update]
def index
# POST /password_resets/new
def new
end
# POST /password_resets
def create
@user = User.find_by(email: params[:password_reset][:email].downcase)
if @user
begin
# Check if user exists and throw an error if he doesn't
@user = User.find_by!(email: params[:password_reset][:email].downcase)
@user.create_reset_digest
send_password_reset_email(@user)
flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
redirect_to root_path
else
flash[:alert] = I18n.t("no_user_email_exists")
redirect_to new_password_reset_path
rescue
# User doesn't exist
redirect_to new_password_reset_path, flash: { alert: I18n.t("no_user_email_exists") }
end
rescue => e
logger.error "Support: Error in email delivery: #{e}"
redirect_to root_path, alert: I18n.t(params[:message], default: I18n.t("delivery_error"))
end
# GET /password_resets/:id/edit
def edit
end
# PATCH /password_resets/:id
def update
# Check if password is valid
if params[:user][:password].empty?
flash.now[:alert] = I18n.t("password_empty_notice")
render 'edit'
elsif params[:user][:password] != params[:user][:password_confirmation]
# Password does not match password confirmation
flash.now[:alert] = I18n.t("password_different_notice")
render 'edit'
elsif @user.update_attributes(user_params)
flash[:success] = I18n.t("password_reset_success")
redirect_to root_path
else
render 'edit'
# Successfully reset password
return redirect_to root_path, flash: { success: I18n.t("password_reset_success") }
end
render 'edit'
end
private
@ -84,6 +86,7 @@ class PasswordResetsController < ApplicationController
end
end
# Redirects to 404 if emails are not enabled
def disable_password_reset
redirect_to '/404'
end

12
app/controllers/recordings_controller.rb
View File

@ -23,23 +23,23 @@ class RecordingsController < ApplicationController
META_LISTED = "gl-listed"
# POST /:meetingID/:record_id
def update_recording
def update
meta = {
"meta_#{META_LISTED}" => (params[:state] == "public"),
}
res = @room.update_recording(params[:record_id], meta)
res = update_recording(params[:record_id], meta)
# Redirects to the page that made the initial request
redirect_to request.referrer if res[:updated]
redirect_back fallback_location: root_path if res[:updated]
end
# DELETE /:meetingID/:record_id
def delete_recording
@room.delete_recording(params[:record_id])
def delete
delete_recording(params[:record_id])
# Redirects to the page that made the initial request
redirect_to request.referrer
redirect_back fallback_location: root_path
end
private

128
app/controllers/rooms_controller.rb
View File

@ -17,7 +17,6 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class RoomsController < ApplicationController
include RecordingsHelper
include Pagy::Backend
include Recorder
@ -32,42 +31,47 @@ class RoomsController < ApplicationController
# POST /
def create
redirect_to(root_path) && return unless current_user
# Return to root if user is not signed in
return redirect_to root_path unless current_user
# Check if the user has not exceeded the room limit
return redirect_to current_user.main_room, flash: { alert: I18n.t("room.room_limit") } if room_limit_exceeded
# Create room
@room = Room.new(name: room_params[:name], access_code: room_params[:access_code])
@room.owner = current_user
@room.room_settings = create_room_settings_string(room_params[:mute_on_join],
room_params[:require_moderator_approval], room_params[:anyone_can_start], room_params[:all_join_moderator])
@room.room_settings = create_room_settings_string(room_params)
# Save the room
if @room.save
logger.info("Support: #{current_user.email} has created a new room #{@room.uid}.")
logger.info "Support: #{current_user.email} has created a new room #{@room.uid}."
# Start the room if auto join was turned on
if room_params[:auto_join] == "1"
start
else
flash[:success] = I18n.t("room.create_room_success")
redirect_to @room
redirect_to @room, flash: { success: I18n.t("room.create_room_success") }
end
else
flash[:alert] = I18n.t("room.create_room_error")
redirect_to current_user.main_room
redirect_to current_user.main_room, flash: { alert: I18n.t("room.create_room_error") }
end
end
# GET /:room_uid
def show
@is_running = @room.running?
@anyone_can_start = JSON.parse(@room[:room_settings])["anyoneCanStart"]
@room_running = room_running?(@room.bbb_id)
# If its the current user's room
if current_user && @room.owned_by?(current_user)
if current_user.highest_priority_role.can_create_rooms
# User is allowed to have rooms
@search, @order_column, @order_direction, recs =
recordings(@room.bbb_id, @user_domain, params.permit(:search, :column, :direction), true)
recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
@pagy, @recordings = pagy_array(recs)
else
# Render view for users that cant create rooms
@recent_rooms = Room.where(id: cookies.encrypted["#{current_user.uid}_recently_joined_rooms"])
render :cant_create_rooms
end
@ -84,7 +88,7 @@ class RoomsController < ApplicationController
end
@search, @order_column, @order_direction, pub_recs =
public_recordings(@room.bbb_id, @user_domain, params.permit(:search, :column, :direction), true)
public_recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)
@pagy, @public_recordings = pagy_array(pub_recs)
@ -94,20 +98,13 @@ class RoomsController < ApplicationController
# PATCH /:room_uid
def update
if params[:setting] == "rename_block"
@room = Room.find_by!(uid: params[:room_block_uid])
update_room_attributes("name")
elsif params[:setting] == "rename_header"
if params[:setting] == "rename_header"
update_room_attributes("name")
elsif params[:setting] == "rename_recording"
@room.update_recording(params[:record_id], "meta_name" => params[:record_name])
update_recording(params[:record_id], "meta_name" => params[:record_name])
end
if request.referrer
redirect_to request.referrer
else
redirect_to room_path
end
redirect_back fallback_location: room_path
end
# POST /:room_uid
@ -115,10 +112,8 @@ class RoomsController < ApplicationController
return redirect_to root_path,
flash: { alert: I18n.t("administrator.site_settings.authentication.user-info") } if auth_required
opts = default_meeting_options
unless @room.owned_by?(current_user)
# Don't allow users to join unless they have a valid access code or the room doesn't
# have an access code
# Don't allow users to join unless they have a valid access code or the room doesn't have an access code
if @room.access_code && !@room.access_code.empty? && @room.access_code != session[:access_code]
return redirect_to room_path(room_uid: params[:room_uid]), flash: { alert: I18n.t("room.access_code_required") }
end
@ -138,41 +133,41 @@ class RoomsController < ApplicationController
if current_user
# create or update cookie to track the three most recent rooms a user joined
recently_joined_rooms = cookies.encrypted["#{current_user.uid}_recently_joined_rooms"].to_a
cookies.encrypted["#{current_user.uid}_recently_joined_rooms"] = recently_joined_rooms.prepend(@room.id)
.uniq[0..2]
cookies.encrypted["#{current_user.uid}_recently_joined_rooms"] =
recently_joined_rooms.prepend(@room.id).uniq[0..2]
end
logger.info("Support: #{current_user.present? ? current_user.email : @join_name} is joining room #{@room.uid}")
join_room(opts)
logger.info "Support: #{current_user.present? ? current_user.email : @join_name} is joining room #{@room.uid}"
join_room(default_meeting_options)
end
# DELETE /:room_uid
def destroy
# Don't delete the users home room.
@room.destroy if @room.owned_by?(current_user) && @room != current_user.main_room
if @room.owned_by?(current_user) && @room != current_user.main_room
@room.destroy
delete_all_recordings(@room.bbb_id)
end
redirect_to current_user.main_room
end
# POST room/join
# POST /room/join
def join_specific_room
room_uid = params[:join_room][:url].split('/').last
begin
@room = Room.find_by(uid: room_uid)
@room = Room.find_by!(uid: room_uid)
rescue ActiveRecord::RecordNotFound
return redirect_to current_user.main_room, alert: I18n.t("room.no_room.invalid_room_uid")
end
return redirect_to current_user.main_room, alert: I18n.t("room.no_room.invalid_room_uid") if @room.nil?
redirect_to room_path(@room)
end
# POST /:room_uid/start
def start
logger.info("Support: #{current_user.email} is starting room #{@room.uid}")
logger.info "Support: #{current_user.email} is starting room #{@room.uid}"
# Join the user in and start the meeting.
opts = default_meeting_options
@ -184,7 +179,7 @@ class RoomsController < ApplicationController
opts[:require_moderator_approval] = room_settings["requireModeratorApproval"]
begin
redirect_to @room.join_path(current_user.name, opts, current_user.uid)
redirect_to join_path(@room, current_user.name, opts, current_user.uid)
rescue BigBlueButton::BigBlueButtonException => e
logger.error("Support: #{@room.uid} start failed: #{e}")
@ -208,7 +203,8 @@ class RoomsController < ApplicationController
update_room_attributes("name") if @room.name != room_params[:name]
# Update the room's access code if it has changed
update_room_attributes("access_code") if @room.access_code != room_params[:access_code]
rescue StandardError
rescue => e
logger.error "Error in updating room settings: #{e}"
flash[:alert] = I18n.t("room.update_settings_error")
else
flash[:success] = I18n.t("room.update_settings_success")
@ -218,7 +214,7 @@ class RoomsController < ApplicationController
# GET /:room_uid/logout
def logout
logger.info("Support: #{current_user.present? ? current_user.email : 'Guest'} has left room #{@room.uid}")
logger.info "Support: #{current_user.present? ? current_user.email : 'Guest'} has left room #{@room.uid}"
# Redirect the correct page.
redirect_to @room
@ -240,8 +236,7 @@ class RoomsController < ApplicationController
if update_type.eql? "name"
@room.update_attributes(name: params[:room_name] || room_params[:name])
elsif update_type.eql? "settings"
room_settings_string = create_room_settings_string(room_params[:mute_on_join],
room_params[:require_moderator_approval], room_params[:anyone_can_start], room_params[:all_join_moderator])
room_settings_string = create_room_settings_string(room_params)
@room.update_attributes(room_settings: room_settings_string)
elsif update_type.eql? "access_code"
@room.update_attributes(access_code: room_params[:access_code])
@ -249,15 +244,15 @@ class RoomsController < ApplicationController
end
end
def create_room_settings_string(mute_res, require_approval_res, start_res, join_mod)
def create_room_settings_string(options)
room_settings = {}
room_settings["muteOnStart"] = mute_res == "1"
room_settings["muteOnStart"] = options[:mute_on_join] == "1"
room_settings["requireModeratorApproval"] = require_approval_res == "1"
room_settings["requireModeratorApproval"] = options[:require_moderator_approval] == "1"
room_settings["anyoneCanStart"] = start_res == "1"
room_settings["anyoneCanStart"] = options[:anyone_can_start] == "1"
room_settings["joinModerator"] = join_mod == "1"
room_settings["joinModerator"] = options[:all_join_moderator] == "1"
room_settings.to_json
end
@ -289,15 +284,11 @@ class RoomsController < ApplicationController
end
def validate_accepted_terms
if current_user
redirect_to terms_path unless current_user.accepted_terms
end
redirect_to terms_path if current_user && !current_user&.accepted_terms
end
def validate_verified_email
if current_user
redirect_to account_activation_path(current_user) unless current_user.activated?
end
redirect_to account_activation_path(current_user) if current_user && !current_user&.activated?
end
def verify_room_owner_verified
@ -313,28 +304,28 @@ class RoomsController < ApplicationController
end
def verify_user_not_admin
redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
redirect_to admins_path if current_user&.has_role?(:super_admin)
end
def auth_required
Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" &&
current_user.nil?
@settings.get_value("Room Authentication") == "true" && current_user.nil?
end
def room_limit_exceeded
limit = Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
limit = @settings.get_value("Room Limit").to_i
# Does not apply to admin
# Does not apply to admin or users that aren't signed in
# 15+ option is used as unlimited
return false if current_user&.has_role?(:admin) || limit == 15
current_user.rooms.count >= limit
current_user.rooms.length >= limit
end
helper_method :room_limit_exceeded
def join_room(opts)
room_settings = JSON.parse(@room[:room_settings])
if @room.running? || @room.owned_by?(current_user) || room_settings["anyoneCanStart"]
if room_running?(@room.bbb_id) || @room.owned_by?(current_user) || room_settings["anyoneCanStart"]
# Determine if the user needs to join as a moderator.
opts[:user_is_moderator] = @room.owned_by?(current_user) || room_settings["joinModerator"]
@ -342,15 +333,15 @@ class RoomsController < ApplicationController
opts[:require_moderator_approval] = room_settings["requireModeratorApproval"]
if current_user
redirect_to @room.join_path(current_user.name, opts, current_user.uid)
redirect_to join_path(@room, current_user.name, opts, current_user.uid)
else
join_name = params[:join_name] || params[@room.invite_path][:join_name]
redirect_to @room.join_path(join_name, opts)
redirect_to join_path(@room, join_name, opts)
end
else
search_params = params[@room.invite_path] || params
@search, @order_column, @order_direction, pub_recs =
public_recordings(@room.bbb_id, @user_domain, search_params.permit(:search, :column, :direction), true)
public_recordings(@room.bbb_id, search_params.permit(:search, :column, :direction), true)
@pagy, @public_recordings = pagy_array(pub_recs)
@ -362,4 +353,17 @@ class RoomsController < ApplicationController
def incorrect_user_domain
Rails.configuration.loadbalanced_configuration && @room.owner.provider != @user_domain
end
# Default, unconfigured meeting options.
def default_meeting_options
invite_msg = I18n.t("invite_message")
{
user_is_moderator: false,
meeting_logout_url: request.base_url + logout_room_path(@room),
meeting_recorded: true,
moderator_message: "#{invite_msg}\n\n#{request.base_url + room_path(@room)}",
host: request.host,
recording_default_visibility: @settings.get_value("Default Recording Visibility") == "public"
}
end
end

109
app/controllers/sessions_controller.rb
View File

@ -17,21 +17,16 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class SessionsController < ApplicationController
include Authenticator
include Registrar
include Emailer
include LdapAuthenticator
skip_before_action :verify_authenticity_token, only: [:omniauth, :fail]
# GET /users/logout
def destroy
logout
redirect_to root_path
end
# POST /users/login
def create
logger.info("Support: #{session_params[:email]} is attempting to login.")
logger.info "Support: #{session_params[:email]} is attempting to login."
admin = User.find_by(email: session_params[:email])
if admin&.has_role? :super_admin
@ -48,11 +43,22 @@ class SessionsController < ApplicationController
login(user)
end
# GET /users/logout
def destroy
logout
redirect_to root_path
end
# GET/POST /auth/:provider/callback
def omniauth
@auth = request.env['omniauth.auth']
process_signin
begin
process_signin
rescue => e
logger.error "Error authenticating via omniauth: #{e}"
omniauth_fail
end
end
# POST /auth/failure
@ -81,15 +87,16 @@ class SessionsController < ApplicationController
result = send_ldap_request(params[:session], ldap_config)
if result
result = result.first
else
return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials"))
return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result
@auth = parse_auth(result.first, ENV['LDAP_ROLE_FIELD'])
begin
process_signin
rescue => e
logger.error "Support: Error authenticating via omniauth: #{e}"
omniauth_fail
end
@auth = parse_auth(result, ENV['LDAP_ROLE_FIELD'])
process_signin
end
private
@ -112,47 +119,39 @@ class SessionsController < ApplicationController
end
def process_signin
begin
@user_exists = check_user_exists
@user_exists = check_user_exists
if !@user_exists && @auth['provider'] == "twitter"
return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
if !@user_exists && @auth['provider'] == "twitter"
return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
end
# If using invitation registration method, make sure user is invited
return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs
user = User.from_omniauth(@auth)
logger.info "Support: Auth user #{user.email} is attempting to login."
# Add pending role if approval method and is a new user
if approval_registration && !@user_exists
user.add_role :pending
# Inform admins that a user signed up if emails are turned on
send_approval_user_signup_email(user)
return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") }
end
send_invite_user_signup_email(user) if invite_registration && !@user_exists
login(user)
if @auth['provider'] == "twitter"
flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
I18n.t("registration.deprecated.twitter_signin", link: signup_path(old_twitter_user_id: user.id))
else
I18n.t("registration.deprecated.twitter_signin", link: signin_path(old_twitter_user_id: user.id))
end
# If using invitation registration method, make sure user is invited
return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs
user = User.from_omniauth(@auth)
logger.info("Support: Auth user #{user.email} is attempting to login.")
# Add pending role if approval method and is a new user
if approval_registration && !@user_exists
user.add_role :pending
# Inform admins that a user signed up if emails are turned on
send_approval_user_signup_email(user) if Rails.configuration.enable_email_verification
return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") }
end
send_invite_user_signup_email(user) if Rails.configuration.enable_email_verification &&
invite_registration && !@user_exists
login(user)
if @auth['provider'] == "twitter"
flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
I18n.t("registration.deprecated.twitter_signin",
link: signup_path(old_twitter_user_id: user.id))
else
I18n.t("registration.deprecated.twitter_signin",
link: signin_path(old_twitter_user_id: user.id))
end
end
rescue => e
logger.error "Support: Error authenticating via omniauth: #{e}"
omniauth_fail
end
end
end

7
app/controllers/themes_controller.rb
View File

@ -18,7 +18,6 @@
class ThemesController < ApplicationController
skip_before_action :maintenance_mode?
before_action :provider_settings
# GET /primary
def index
@ -39,10 +38,4 @@ class ThemesController < ApplicationController
format.css { render body: @compiled }
end
end
private
def provider_settings
@settings = Setting.find_or_create_by(provider: user_settings_provider)
end
end

143
app/controllers/users_controller.rb
View File

@ -17,14 +17,16 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class UsersController < ApplicationController
include RecordingsHelper
include Pagy::Backend
include Authenticator
include Emailer
include Registrar
include Recorder
include Rolify
before_action :find_user, only: [:edit, :update, :destroy]
before_action :find_user, only: [:edit, :change_password, :delete_account, :update, :destroy]
before_action :ensure_unauthenticated, only: [:new, :create, :signin]
before_action :check_admin_of, only: [:edit, :change_password, :delete_account]
# POST /u
def create
@ -43,7 +45,7 @@ class UsersController < ApplicationController
# User has passed all validations required
@user.save
logger.info("Support: #{@user.email} user has been created.")
logger.info "Support: #{@user.email} user has been created."
# Set user to pending and redirect if Approval Registration is set
if approval_registration
@ -53,12 +55,12 @@ class UsersController < ApplicationController
flash: { success: I18n.t("registration.approval.signup") } unless Rails.configuration.enable_email_verification
end
send_registration_email if Rails.configuration.enable_email_verification
send_registration_email
# Sign in automatically if email verification is disabled or if user is already verified.
login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified
send_verification
send_activation_email(@user)
redirect_to root_path
end
@ -109,11 +111,15 @@ class UsersController < ApplicationController
# GET /u/:user_uid/edit
def edit
if current_user
redirect_to current_user.main_room if @user != current_user && !current_user.admin_of?(@user)
else
redirect_to root_path
end
redirect_to root_path unless current_user
end
# GET /u/:user_uid/change_password
def change_password
end
# GET /u/:user_uid/delete_account
def delete_account
end
# PATCH /u/:user_uid/edit
@ -139,31 +145,32 @@ class UsersController < ApplicationController
if errors.empty? && @user.save
# Notify the user that their account has been updated.
flash[:success] = I18n.t("info_update_success")
redirect_to redirect_path
redirect_to redirect_path, flash: { success: I18n.t("info_update_success") }
else
# Append custom errors.
errors.each { |k, v| @user.errors.add(k, v) }
render :edit, params: { settings: params[:settings] }
end
elsif user_params[:email] != @user.email && @user.update_attributes(user_params) && update_roles
@user.update_attributes(email_verified: false)
flash[:success] = I18n.t("info_update_success")
redirect_to redirect_path
elsif @user.update_attributes(user_params) && update_roles
update_locale(@user)
flash[:success] = I18n.t("info_update_success")
redirect_to redirect_path
else
if @user.update_attributes(user_params)
@user.update_attributes(email_verified: false) if user_params[:email] != @user.email
user_locale(@user)
if update_roles(params[:user][:role_ids])
return redirect_to redirect_path, flash: { success: I18n.t("info_update_success") }
else
flash[:alert] = I18n.t("administrator.roles.invalid_assignment")
end
end
render :edit, params: { settings: params[:settings] }
end
end
# DELETE /u/:user_uid
def destroy
logger.info("Support: #{current_user.email} is deleting #{@user.email}.")
logger.info "Support: #{current_user.email} is deleting #{@user.email}."
if current_user && current_user == @user
@user.destroy
@ -186,8 +193,7 @@ class UsersController < ApplicationController
def recordings
if current_user && current_user.uid == params[:user_uid]
@search, @order_column, @order_direction, recs =
all_recordings(current_user.rooms.pluck(:bbb_id), current_user.provider,
params.permit(:search, :column, :direction), true)
all_recordings(current_user.rooms.pluck(:bbb_id), params.permit(:search, :column, :direction), true)
@pagy, @recordings = pagy_array(recs)
else
redirect_to root_path
@ -219,28 +225,11 @@ class UsersController < ApplicationController
:new_password, :provider, :accepted_terms, :language)
end
def send_verification
# Start email verification and redirect to root.
begin
send_activation_email(@user)
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
else
flash[:success] = I18n.t("email_sent", email_type: t("verify.verification"))
end
end
def send_registration_email
begin
if invite_registration
send_invite_user_signup_email(@user)
elsif approval_registration
send_approval_user_signup_email(@user)
end
rescue => e
logger.error "Support: Error in email delivery: #{e}"
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
if invite_registration
send_invite_user_signup_email(@user)
elsif approval_registration
send_approval_user_signup_email(@user)
end
end
@ -264,64 +253,8 @@ class UsersController < ApplicationController
invitation[:present]
end
# Updates as user's roles
def update_roles
# Check that the user can manage users
if current_user.highest_priority_role.can_manage_users
new_roles = params[:user][:role_ids].split(' ').map(&:to_i)
old_roles = @user.roles.pluck(:id)
added_role_ids = new_roles - old_roles
removed_role_ids = old_roles - new_roles
added_roles = []
removed_roles = []
current_user_role = current_user.highest_priority_role
# Check that the user has the permissions to add all the new roles
added_role_ids.each do |id|
role = Role.find(id)
# Admins are able to add the admin role to other users. All other roles may only
# add roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
added_roles << role
else
flash[:alert] = I18n.t("administrator.roles.invalid_assignment")
return false
end
end
# Check that the user has the permissions to remove all the deleted roles
removed_role_ids.each do |id|
role = Role.find(id)
# Admins are able to remove the admin role from other users. All other roles may only
# remove roles with a higher priority
if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
role.provider == @user_domain
removed_roles << role
else
flash[:alert] = I18n.t("administrator.roles.invalid_removal")
return false
end
end
# Send promoted/demoted emails
added_roles.each { |role| send_user_promoted_email(@user, role) if role.send_promoted_email }
removed_roles.each { |role| send_user_demoted_email(@user, role) if role.send_demoted_email }
# Update the roles
@user.roles.delete(removed_roles)
@user.roles << added_roles
# Make sure each user always has at least the user role
@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
@user.save!
else
true
end
# Checks that the user is allowed to edit this user
def check_admin_of
redirect_to current_user.main_room if current_user && @user != current_user && !current_user.admin_of?(@user)
end
end