# frozen_string_literal: true # BigBlueButton open source conferencing system - http://www.bigbluebutton.org/. # # Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below). # # This program is free software; you can redistribute it and/or modify it under the # terms of the GNU Lesser General Public License as published by the Free Software # Foundation; either version 3.0 of the License, or (at your option) any later # version. # # BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License along # with BigBlueButton; if not, see . class Role < ApplicationRecord has_and_belongs_to_many :users, join_table: :users_roles has_many :role_permissions default_scope { order(:priority) } scope :by_priority, -> { order(:priority) } scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) } RESERVED_ROLE_NAMES = %w[super_admin admin pending denied user] def self.duplicate_name(name, provider) RESERVED_ROLE_NAMES.include?(name) || Role.exists?(name: name, provider: provider) end def self.create_default_roles(provider) Role.create(name: "user", provider: provider, priority: 1, colour: "#868e96") .update_all_role_permissions(can_create_rooms: true) Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f") .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true, can_edit_roles: true, can_manage_users: true) Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40").update_all_role_permissions Role.create(name: "super_admin", provider: provider, priority: -2, colour: "#cd201f") .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true, can_edit_roles: true, can_manage_users: true, can_appear_in_share_list: true) end def self.create_new_role(role_name, provider) # Create the new role with the second highest priority # This means that it will only be more important than the user role # This also updates the user role to have the highest priority role = Role.create(name: role_name, provider: provider) user_role = Role.find_by(name: 'user', provider: provider) role.priority = user_role.priority user_role.priority += 1 role.save! user_role.save! role end def update_all_role_permissions(permissions = {}) update_permission("can_create_rooms", permissions[:can_create_rooms].to_s) update_permission("send_promoted_email", permissions[:send_promoted_email].to_s) update_permission("send_demoted_email", permissions[:send_demoted_email].to_s) update_permission("can_edit_site_settings", permissions[:can_edit_site_settings].to_s) update_permission("can_edit_roles", permissions[:can_edit_roles].to_s) update_permission("can_manage_users", permissions[:can_manage_users].to_s) update_permission("can_manage_rooms_recordings", permissions[:can_manage_rooms_recordings].to_s) update_permission("can_appear_in_share_list", permissions[:can_appear_in_share_list].to_s) end # Updates the value of the permission and enables it def update_permission(name, value) permission = role_permissions.find_or_create_by!(name: name) permission.update_attributes(value: value, enabled: true) end # Returns the value if enabled or the default if not enabled def get_permission(name, return_boolean = true) permission = role_permissions.find_or_create_by!(name: name) value = if permission[:enabled] permission[:value] else case name when "can_appear_in_share_list" Rails.configuration.shared_access_default.to_s else "false" end end if return_boolean value == "true" else value end end end