bigbluebutton / greenlight

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.

#

# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).

#

# This program is free software; you can redistribute it and/or modify it under the

# terms of the GNU Lesser General Public License as published by the Free Software

# Foundation; either version 3.0 of the License, or (at your option) any later

# version.

#

# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY

# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

#

# You should have received a copy of the GNU Lesser General Public License along

# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class Role < ApplicationRecord

  has_and_belongs_to_many :users, join_table: :users_roles

  has_many :role_permissions

  default_scope { order(:priority) }

  scope :by_priority, -> { order(:priority) }

  scope :editable_roles, ->(provider) { where(provider: provider).where.not(name: %w[super_admin denied pending]) }

  RESERVED_ROLE_NAMES = %w[super_admin admin pending denied user]

  def self.duplicate_name(name, provider)

    RESERVED_ROLE_NAMES.include?(name) || Role.exists?(name: name, provider: provider)

  end

  def self.create_default_roles(provider)

    Role.create(name: "user", provider: provider, priority: 1, colour: "#868e96")

        .update_all_role_permissions(can_create_rooms: true)

    Role.create(name: "admin", provider: provider, priority: 0, colour: "#f1c40f")

        .update_all_role_permissions(can_create_rooms: true, send_promoted_email: true,

      send_demoted_email: true, can_edit_site_settings: true,

      can_edit_roles: true, can_manage_users: true)

    Role.create(name: "pending", provider: provider, priority: -1, colour: "#17a2b8").update_all_role_permissions

    Role.create(name: "denied", provider: provider, priority: -1, colour: "#343a40").update_all_role_permissions

    Role.create(name: "super_admin", provider: provider, priority: -2, colour: "#cd201f")

        .update_all_role_permissions(can_create_rooms: true,

      send_promoted_email: true, send_demoted_email: true, can_edit_site_settings: true,

      can_edit_roles: true, can_manage_users: true)

  end

  def self.create_new_role(role_name, provider)

    # Create the new role with the second highest priority

    # This means that it will only be more important than the user role

    # This also updates the user role to have the highest priority

    role = Role.create(name: role_name, provider: provider)

    user_role = Role.find_by(name: 'user', provider: provider)

    role.priority = user_role.priority

    user_role.priority += 1

    role.save!

    user_role.save!

    role

  end

  def update_all_role_permissions(permissions = {})

    update_permission("can_create_rooms", permissions[:can_create_rooms].to_s)

    update_permission("send_promoted_email", permissions[:send_promoted_email].to_s)

    update_permission("send_demoted_email", permissions[:send_demoted_email].to_s)

    update_permission("can_edit_site_settings", permissions[:can_edit_site_settings].to_s)

    update_permission("can_edit_roles", permissions[:can_edit_roles].to_s)

    update_permission("can_manage_users", permissions[:can_manage_users].to_s)

  end

  # Updates the value of the permission and enables it

  def update_permission(name, value)

    permission = role_permissions.find_or_create_by!(name: name)

    permission.update_attributes(value: value, enabled: true)

  end

  # Returns the value if enabled or the default if not enabled