GRN2-xx: Email and admin fix (#515)

* Email and admin fix

* Redirected super_admins to the admins page

* Small fix

* Update rooms_controller.rb

app/controllers/account_activations_controller.rb

@@ -17,7 +17,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
 class AccountActivationsController < ApplicationController
-  include Verifier
+  include Emailer
 
   before_action :ensure_unauthenticated
   before_action :find_user
@@ -46,7 +46,7 @@ class AccountActivationsController < ApplicationController
       flash[:alert] = I18n.t("verify.already_verified")
     else
       begin
-        @user.send_activation_email(user_verification_link)
+        send_activation_email(@user)
       rescue => e
         logger.error "Error in email delivery: #{e}"
         flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))

app/controllers/concerns/emailer.rb

@@ -16,11 +16,27 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
-module Verifier
+module Emailer
   extend ActiveSupport::Concern
 
+  # Sends account activation email.
+  def send_activation_email(user)
+    @user = user
+    UserMailer.verify_email(@user, user_verification_link, logo_image, user_color).deliver
+  end
+
+  # Sends password reset email.
+  def send_password_reset_email(user)
+    @user = user
+    UserMailer.password_reset(@user, reset_link, logo_image, user_color).deliver_now
+  end
+
   # Returns the link the user needs to click to verify their account
   def user_verification_link
     request.base_url + edit_account_activation_path(token: @user.activation_token, email: @user.email)
   end
+
+  def reset_link
+    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
+  end
 end

app/controllers/password_resets_controller.rb

@@ -17,6 +17,8 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
 class PasswordResetsController < ApplicationController
+  include Emailer
+
   before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
   before_action :find_user,   only: [:edit, :update]
   before_action :valid_user, only: [:edit, :update]
@@ -29,7 +31,7 @@ class PasswordResetsController < ApplicationController
     @user = User.find_by(email: params[:password_reset][:email].downcase)
     if @user
       @user.create_reset_digest
-      @user.send_password_reset_email(reset_link)
+      send_password_reset_email(@user)
       flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
       redirect_to root_path
     else
@@ -78,10 +80,6 @@ class PasswordResetsController < ApplicationController
     redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?
   end
 
-  def reset_link
-    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
-  end
-
   # Confirms a valid user.
   def valid_user
     unless current_user.authenticated?(:reset, params[:id])

app/controllers/rooms_controller.rb

@@ -26,6 +26,7 @@ class RoomsController < ApplicationController
   before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
   before_action :verify_room_owner_verified, only: [:show, :join],
                 unless: -> { !Rails.configuration.enable_email_verification }
+  before_action :verify_user_not_admin, only: [:show]
 
   # POST /
   def create
@@ -244,11 +245,15 @@ class RoomsController < ApplicationController
     unless @room.owner.activated?
       flash[:alert] = t("room.unavailable")
 
-      if current_user
+      if current_user && !@room.owned_by?(current_user)
         redirect_to current_user.main_room
       else
         redirect_to root_path
       end
     end
   end
+
+  def verify_user_not_admin
+    redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
+  end
 end

app/controllers/users_controller.rb

@@ -18,7 +18,7 @@
 
 class UsersController < ApplicationController
   include RecordingsHelper
-  include Verifier
+  include Emailer
 
   before_action :find_user, only: [:edit, :update, :destroy]
   before_action :ensure_unauthenticated, only: [:new, :create]
@@ -46,7 +46,7 @@ class UsersController < ApplicationController
 
     # Start email verification and redirect to root.
     begin
-      @user.send_activation_email(user_verification_link)
+      send_activation_email(@user)
     rescue => e
       logger.error "Error in email delivery: #{e}"
       flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))

app/mailers/user_mailer.rb

@@ -19,15 +19,19 @@
 class UserMailer < ApplicationMailer
   default from: Rails.configuration.smtp_sender
 
-  def verify_email(user, url)
+  def verify_email(user, url, image, color)
     @user = user
     @url = url
+    @image = image
+    @color = color
     mail(to: @user.email, subject: t('landing.welcome'))
   end
 
-  def password_reset(user, url)
+  def password_reset(user, url, image, color)
     @user = user
     @url = url
+    @image = image
+    @color = color
     mail to: user.email, subject: t('reset_password.subtitle')
   end
 end

app/models/user.rb

@@ -103,8 +103,16 @@ class User < ApplicationRecord
   end
 
   def self.admins_search(string)
+    active_database = Rails.configuration.database_configuration[Rails.env]["adapter"]
+    # Postgres requires created_at to be cast to a string
+    created_at_query = if active_database == "postgresql"
+      "created_at::text"
+    else
+      "created_at"
+    end
+
     search_query = "name LIKE :search OR email LIKE :search OR username LIKE :search" \
-                   " OR created_at LIKE :search OR provider LIKE :search"
+                   " OR #{created_at_query} LIKE :search OR provider LIKE :search"
     search_param = "%#{string}%"
     where(search_query, search: search_param)
   end
@@ -149,10 +157,6 @@ class User < ApplicationRecord
     email_verified
   end
 
-  def send_activation_email(url)
-    UserMailer.verify_email(self, url).deliver
-  end
-
   # Sets the password reset attributes.
   def create_reset_digest
     self.reset_token = User.new_token
@@ -160,11 +164,6 @@ class User < ApplicationRecord
     update_attribute(:reset_sent_at, Time.zone.now)
   end
 
-  # Sends password reset email.
-  def send_password_reset_email(url)
-    UserMailer.password_reset(self, url).deliver_now
-  end
-
   # Returns true if the given token matches the digest.
   def authenticated?(attribute, token)
     digest = send("#{attribute}_digest")

app/views/user_mailer/password_reset.html.erb

@@ -17,7 +17,7 @@
 %>
   <div style="text-align:center; font-family:'Source Sans Pro', -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Helvetica Neue', Arial, sans-serif">
     <div style="display:inline-block; background-color:#F5F7FB; border:1px solid #d3d3d3; padding: 25px 70px">
-      <%= image_tag(logo_image, height: '70')%>
+      <%= image_tag(@image, height: '70')%>
 
       <h1 style="margin-bottom:30px">
         <%= t('mailer.user.password_reset.title') %>
@@ -32,7 +32,7 @@
       </p>
 
       <a
-        style="background: <%= user_color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;"
+        style="background: <%= @color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;"
         href="<%= @url %>">
         <%= t('mailer.user.password_reset.reset_link') %>
       </a>

app/views/user_mailer/verify_email.html.erb

@@ -18,7 +18,7 @@
 
   <div style="text-align:center; font-family:'Source Sans Pro', -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Helvetica Neue', Arial, sans-serif">
     <div style="display:inline-block; background-color:#F5F7FB; border:1px solid #d3d3d3; padding: 25px 70px">
-      <%= image_tag(logo_image, height: '70') %>
+      <%= image_tag(@image, height: '70') %>
 
       <h1 style="margin-bottom:30px">
         <%= t('mailer.user.verify_email.welcome', name: @user[:name]) %>
@@ -36,7 +36,7 @@
         <%= t('mailer.user.verify_email.verify') %>
       </p>
 
-      <a style="background: <%= user_color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;" href="<%= @url %>">
+      <a style="background: <%= @color %>;color: #ffffff; padding: 10px 15px; box-shadow: 0 2px 4px 0 rgba(0,0,0,.25);border: 1px solid transparent;text-decoration:none;" href="<%= @url %>">
         <%= t('mailer.user.verify_email.verify_link') %>
       </a>
 

spec/controllers/rooms_controller_spec.rb

@@ -97,6 +97,15 @@ describe RoomsController, type: :controller do
 
       expect(assigns(:name)).to eql("")
     end
+
+    it "redirects to admin if user is a super_admin" do
+      @request.session[:user_id] = @owner.id
+      @owner.add_role :super_admin
+
+      get :show, params: { room_uid: @owner.main_room, search: :none }
+
+      expect(response).to redirect_to(admins_path)
+    end
   end
 
   describe "POST #create" do