GRN2-xx: Users can no longer join a room whose owner is banned or pending (Fixed #902) (#922)

* Users can no longer join a room whose owner is banned or pending * Changed flash message * rubocop fix
2020-01-22 16:45:57 -05:00 · 2020-01-22 16:45:57 -05:00 · 8cbfc3f730
parent df1705d9ea
commit 8cbfc3f730
3 changed files with 44 additions and 4 deletions
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -28,6 +28,7 @@ class RoomsController < ApplicationController
  before_action :verify_room_ownership_or_admin, only: [:start, :update_settings, :destroy]
  before_action :verify_room_owner_verified, only: [:show, :join],
                unless: -> { !Rails.configuration.enable_email_verification }
+  before_action :verify_room_owner_valid, only: [:show, :join]
  before_action :verify_user_not_admin, only: [:show]

  # POST /
@ -242,10 +243,12 @@ class RoomsController < ApplicationController
  end

  def verify_room_owner_verified
-    unless @room.owner.activated?
-      flash[:alert] = t("room.unavailable")
-      redirect_to root_path
-    end
+    redirect_to root_path, alert: t("room.unavailable") unless @room.owner.activated?
+  end
+
+  # Check to make sure the room owner is not pending or banned
+  def verify_room_owner_valid
+    redirect_to root_path, alert: t("room.owner_banned") if @room.owner.has_role?(:pending) || @room.owner.has_role?(:denied)
  end

  def verify_user_not_admin
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -444,6 +444,7 @@ en:
    last_session: Last session on %{session}
    login: Enter
    owner: Owner
+    owner_banned: This room is currently unavailable
    no_room:
      description: Enter the room url or the room id for the room you want to join.
      edit_profile: Edit User Profile
--- a/spec/controllers/rooms_controller_spec.rb
+++ b/spec/controllers/rooms_controller_spec.rb
@ -137,6 +137,24 @@ describe RoomsController, type: :controller do
      expect(flash[:alert]).to be_present
      expect(response).to redirect_to(root_path)
    end
+
+    it "redirects to root if owner is pending" do
+      @request.session[:user_id] = @owner.id
+      @owner.add_role :pending
+
+      get :show, params: { room_uid: @owner.main_room, search: :none }
+
+      expect(response).to redirect_to(root_path)
+    end
+
+    it "redirects to root if owner is banned" do
+      @request.session[:user_id] = @owner.id
+      @owner.add_role :denied
+
+      get :show, params: { room_uid: @owner.main_room, search: :none }
+
+      expect(response).to redirect_to(root_path)
+    end
  end

  describe "POST #create" do
@ -310,6 +328,24 @@ describe RoomsController, type: :controller do
      expect(flash[:alert]).to be_present
      expect(response).to redirect_to(root_path)
    end
+
+    it "redirects to root if owner is pending" do
+      @request.session[:user_id] = @owner.id
+      @owner.add_role :pending
+
+      post :join, params: { room_uid: @room }
+
+      expect(response).to redirect_to(root_path)
+    end
+
+    it "redirects to root if owner is banned" do
+      @request.session[:user_id] = @owner.id
+      @owner.add_role :denied
+
+      post :join, params: { room_uid: @room }
+
+      expect(response).to redirect_to(root_path)
+    end
  end

  describe "DELETE #destroy" do