forked from External/greenlight
9f74b0e2c0
* Added the administrator role and functionality that comes with it (#403) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * Update user.rb * Update admins.js * GRN-15: Added the ability to change color and image from admin interface (#425) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Update user.rb * Update user.rb * Update routes.rb * Update admins_controller.rb * GRN-87:Added a super admin role and made changes to how to the design works (#430) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * Update user.rb * Update themes_controller_spec.rb * Update routes.rb * Update admins_controller.rb * Removed duplicated code that broke the build after last merge * GRN-78: Restructured some of the views to make the UI more consistent and responsive (#435) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * GRN-78: Cleaned up buttons and moved signin to its own page * GRN-78: Moved the Rooms and Recordings link to nav bar * Merge fix * Views restructure fix (#458) * Added cache to gitlab-ci.yml * Restructured seed * GRN2-99 -> GRN2-106: UI cleanup and refactoring (#478) * GRN2-98: Change Fullname to Full name * GRN2-105: Changed View Users to Manage Users * GRN2-101/103: Updated email to match branding * GRN2-100: Updated Email Sent flash to be more descriptive * GRN2-104: Redirect user to sign in page w/ flash after clicking activation link * GRN2-102: Changed the wording in the verification email * GRN2-99: Added email form validation * GRN2-106: Cleaned up Users list front end * Fixes to rake and admin password validator for passing rubocop * GRN2-113: Fixed issues with admin panel (#479) * GRN2-116: Code clean up after restructure of views (#482) * Removed unused references * Rubocop * Added pagination to admin view (#483) * GRN2-114: Added the ability for admins to ban/unban users (#487) * Added the ability for admins to ban and unban users * Update sessions_helper.rb * Merge branch 'master' into admin-panel (#492) * Updated rubocop gem * Updated rubocop and fixed issues (#490) * Rubocop fixes * GRN2-122: Updated sign in flow for admins and switch design tab to site settings (#489) * Switched design tab to site settings * Update _header with spaces instead of tabs * Added more test cases to increase coverage (#494)
282 lines
8.5 KiB
Ruby
282 lines
8.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
|
|
#
|
|
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU Lesser General Public License as published by the Free Software
|
|
# Foundation; either version 3.0 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public License along
|
|
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
require "rails_helper"
|
|
|
|
def random_valid_user_params
|
|
pass = Faker::Internet.password(8)
|
|
{
|
|
user: {
|
|
name: Faker::Name.first_name,
|
|
email: Faker::Internet.email,
|
|
password: pass,
|
|
password_confirmation: pass,
|
|
accepted_terms: true,
|
|
email_verified: true,
|
|
},
|
|
}
|
|
end
|
|
|
|
describe UsersController, type: :controller do
|
|
let(:invalid_params) do
|
|
{
|
|
user: {
|
|
name: "Invalid",
|
|
email: "example.com",
|
|
password: "pass",
|
|
password_confirmation: "invalid",
|
|
accepted_terms: false,
|
|
email_verified: false,
|
|
},
|
|
}
|
|
end
|
|
|
|
describe "GET #new" do
|
|
it "assigns a blank user to the view" do
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(true)
|
|
|
|
get :new
|
|
expect(assigns(:user)).to be_a_new(User)
|
|
end
|
|
|
|
it "redirects to root if allow_user_signup is false" do
|
|
allow(Rails.configuration).to receive(:allow_user_signup).and_return(false)
|
|
|
|
get :new
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
describe "GET #edit" do
|
|
it "renders the edit template" do
|
|
user = create(:user)
|
|
|
|
@request.session[:user_id] = user.id
|
|
|
|
get :edit, params: { user_uid: user.uid }
|
|
|
|
expect(response).to render_template(:edit)
|
|
end
|
|
|
|
it "does not allow you to edit other users if you're not an admin" do
|
|
user = create(:user)
|
|
user2 = create(:user)
|
|
|
|
@request.session[:user_id] = user.id
|
|
|
|
get :edit, params: { user_uid: user2.uid }
|
|
|
|
expect(response).to redirect_to(user.main_room)
|
|
end
|
|
|
|
it "allows admins to edit other users" do
|
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
|
|
|
user = create(:user, provider: "provider1")
|
|
user.add_role :admin
|
|
user2 = create(:user, provider: "provider1")
|
|
|
|
@request.session[:user_id] = user.id
|
|
|
|
get :edit, params: { user_uid: user2.uid }
|
|
|
|
expect(response).to render_template(:edit)
|
|
end
|
|
|
|
it "redirect to root if user isn't signed in" do
|
|
user = create(:user)
|
|
|
|
get :edit, params: { user_uid: user }
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
describe "POST #create" do
|
|
context "allow greenlight accounts" do
|
|
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
|
|
before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(false) }
|
|
|
|
it "redirects to user room on successful create" do
|
|
params = random_valid_user_params
|
|
post :create, params: params
|
|
|
|
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
|
|
|
|
expect(u).to_not be_nil
|
|
expect(u.name).to eql(params[:user][:name])
|
|
|
|
expect(response).to redirect_to(room_path(u.main_room))
|
|
end
|
|
|
|
it "user saves with greenlight provider" do
|
|
params = random_valid_user_params
|
|
post :create, params: params
|
|
|
|
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
|
|
|
|
expect(u.provider).to eql("greenlight")
|
|
end
|
|
|
|
it "renders #new on unsuccessful save" do
|
|
post :create, params: invalid_params
|
|
|
|
expect(response).to render_template(:new)
|
|
end
|
|
|
|
it "sends activation email if email verification is on" do
|
|
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
|
|
|
|
params = random_valid_user_params
|
|
expect { post :create, params: params }.to change { ActionMailer::Base.deliveries.count }.by(1)
|
|
|
|
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
|
|
|
|
expect(u).to_not be_nil
|
|
expect(u.name).to eql(params[:user][:name])
|
|
|
|
expect(flash[:success]).to be_present
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
context "disallow greenlight accounts" do
|
|
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(false) }
|
|
|
|
it "redirect to root on attempted create" do
|
|
params = random_valid_user_params
|
|
post :create, params: params
|
|
|
|
u = User.find_by(name: params[:user][:name], email: params[:user][:email])
|
|
|
|
expect(u).to be_nil
|
|
end
|
|
end
|
|
|
|
context "allow email verification" do
|
|
before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(true) }
|
|
|
|
it "should raise if there there is a delivery failure" do
|
|
params = random_valid_user_params
|
|
|
|
expect do
|
|
post :create, params: params
|
|
raise :anyerror
|
|
end.to raise_error { :anyerror }
|
|
end
|
|
end
|
|
|
|
it "redirects to main room if already authenticated" do
|
|
user = create(:user)
|
|
@request.session[:user_id] = user.id
|
|
|
|
post :create, params: random_valid_user_params
|
|
expect(response).to redirect_to(room_path(user.main_room))
|
|
end
|
|
end
|
|
|
|
describe "PATCH #update" do
|
|
it "properly updates user attributes" do
|
|
user = create(:user)
|
|
|
|
params = random_valid_user_params
|
|
patch :update, params: params.merge!(user_uid: user)
|
|
user.reload
|
|
|
|
expect(user.name).to eql(params[:user][:name])
|
|
expect(user.email).to eql(params[:user][:email])
|
|
expect(flash[:success]).to be_present
|
|
expect(response).to redirect_to(edit_user_path(user))
|
|
end
|
|
|
|
it "renders #edit on unsuccessful save" do
|
|
@user = create(:user)
|
|
|
|
patch :update, params: invalid_params.merge!(user_uid: @user)
|
|
expect(response).to render_template(:edit)
|
|
end
|
|
end
|
|
|
|
describe "DELETE #user" do
|
|
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
|
|
|
|
it "properly deletes user" do
|
|
user = create(:user)
|
|
@request.session[:user_id] = user.id
|
|
|
|
delete :destroy, params: { user_uid: user.uid }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
|
|
it "allows admins to delete users" do
|
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
|
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
|
|
|
|
user = create(:user, provider: "provider1")
|
|
admin = create(:user, provider: "provider1")
|
|
admin.add_role :admin
|
|
@request.session[:user_id] = admin.id
|
|
|
|
delete :destroy, params: { user_uid: user.uid }
|
|
|
|
expect(flash[:success]).to be_present
|
|
expect(response).to redirect_to(admins_path)
|
|
end
|
|
|
|
it "doesn't allow admins of other providers to delete users" do
|
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
|
|
|
user = create(:user, provider: "provider1")
|
|
admin = create(:user, provider: "provider2")
|
|
admin.add_role :admin
|
|
@request.session[:user_id] = admin.id
|
|
|
|
delete :destroy, params: { user_uid: user.uid }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
|
|
describe "GET | POST #terms" do
|
|
before { allow(Rails.configuration).to receive(:allow_user_signup).and_return(true) }
|
|
before { allow(Rails.configuration).to receive(:terms).and_return(false) }
|
|
|
|
it "Redirects to 404 if terms is disabled" do
|
|
post :terms, params: { accept: "false" }
|
|
|
|
expect(response).to redirect_to('/404')
|
|
end
|
|
end
|
|
|
|
describe "GET #recordings" do
|
|
before do
|
|
@user1 = create(:user)
|
|
@user2 = create(:user)
|
|
end
|
|
|
|
it "redirects to root if the incorrect user tries to access the page" do
|
|
get :recordings, params: { current_user: @user2, user_uid: @user1.uid }
|
|
|
|
expect(response).to redirect_to(root_path)
|
|
end
|
|
end
|
|
end
|