GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.
Passed
Push — master ( 3d2a0a...177bf4 )
by Jesus
04:06
created

AdminsController.clear_cache()   A

Complexity

Conditions 1

Size

Total Lines 6

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
c 0
b 0
f 0
dl 0
loc 6
rs 10
1
# frozen_string_literal: true
2
3
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4
#
5
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6
#
7
# This program is free software; you can redistribute it and/or modify it under the
8
# terms of the GNU Lesser General Public License as published by the Free Software
9
# Foundation; either version 3.0 of the License, or (at your option) any later
10
# version.
11
#
12
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15
#
16
# You should have received a copy of the GNU Lesser General Public License along
17
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19
class AdminsController < ApplicationController
20
  include Pagy::Backend
21
  include Themer
22
  include Emailer
23
  include Recorder
24
25
  manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve, :reset]
26
  site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken,
27
                   :registration_method, :room_authentication, :room_limit, :default_recording_visibility]
28
29
  authorize_resource class: false
30
  before_action :find_user, only: manage_users
31
  before_action :verify_admin_of_user, only: manage_users
32
  before_action :find_setting, only: site_settings
33
34
  # GET /admins
35
  def index
36
    @search = params[:search] || ""
37
    @order_column = params[:column] && params[:direction] != "none" ? params[:column] : "created_at"
38
    @order_direction = params[:direction] && params[:direction] != "none" ? params[:direction] : "DESC"
39
40
    @role = params[:role] ? Role.find_by(name: params[:role], provider: @user_domain) : nil
41
42
    @pagy, @users = pagy(user_list)
43
  end
44
45
  # GET /admins/site_settings
46
  def site_settings
47
  end
48
49
  # GET /admins/server_recordings
50
  def server_recordings
51
    server_rooms = if Rails.configuration.loadbalanced_configuration
52
      Room.includes(:owner).where(users: { provider: user_settings_provider }).pluck(:bbb_id)
53
    else
54
      Room.pluck(:bbb_id)
55
    end
56
57
    @search, @order_column, @order_direction, recs =
58
      all_recordings(server_rooms, @user_domain, params.permit(:search, :column, :direction), true, true)
59
    @pagy, @recordings = pagy_array(recs)
60
  end
61
62
  # MANAGE USERS
63
64
  # GET /admins/edit/:user_uid
65
  def edit_user
66
  end
67
68
  # POST /admins/ban/:user_uid
69
  def ban_user
70
    @user.roles = []
71
    @user.add_role :denied
72
    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.banned") }
73
  end
74
75
  # POST /admins/unban/:user_uid
76
  def unban_user
77
    @user.remove_role :denied
78
    @user.add_role :user
79
    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.unbanned") }
80
  end
81
82
  # POST /admins/approve/:user_uid
83
  def approve
84
    @user.remove_role :pending
85
86
    send_user_approved_email(@user)
87
88
    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.approved") }
89
  end
90
91
  # POST /admins/invite
92
  def invite
93
    email = params[:invite_user][:email]
94
95
    begin
96
      invitation = create_or_update_invite(email)
97
98
      send_invitation_email(current_user.name, email, invitation.invite_token)
99
    rescue => e
100
      logger.error "Support: Error in email delivery: #{e}"
101
      flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
102
    else
103
      flash[:success] = I18n.t("administrator.flash.invite", email: email)
104
    end
105
106
    redirect_to admins_path
107
  end
108
109
  # GET /admins/reset
110
  def reset
111
    @user.create_reset_digest
112
113
    send_password_reset_email(@user)
114
115
    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.reset_password") }
116
  end
117
  # SITE SETTINGS
118
119
  # POST /admins/branding
120
  def branding
121
    @settings.update_value("Branding Image", params[:url])
122
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
123
  end
124
125
  # POST /admins/color
126
  def coloring
127
    @settings.update_value("Primary Color", params[:color])
128
    @settings.update_value("Primary Color Lighten", color_lighten(params[:color]))
129
    @settings.update_value("Primary Color Darken", color_darken(params[:color]))
130
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
131
  end
132
133 View Code Duplication
  def coloring_lighten
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated in your project.
Loading history...
134
    @settings.update_value("Primary Color Lighten", params[:color])
135
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
136
  end
137
138 View Code Duplication
  def coloring_darken
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated in your project.
Loading history...
139
    @settings.update_value("Primary Color Darken", params[:color])
140
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
141
  end
142
143
  # POST /admins/room_authentication
144
  def room_authentication
145
    @settings.update_value("Room Authentication", params[:value])
146
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
147
  end
148
149
  # POST /admins/registration_method/:method
150
  def registration_method
151
    new_method = Rails.configuration.registration_methods[params[:method].to_sym]
152
153
    # Only allow change to Join by Invitation if user has emails enabled
154
    if !Rails.configuration.enable_email_verification && new_method == Rails.configuration.registration_methods[:invite]
155
      redirect_to admin_site_settings_path,
156
        flash: { alert: I18n.t("administrator.flash.invite_email_verification") }
157
    else
158
      @settings.update_value("Registration Method", new_method)
159
      redirect_to admin_site_settings_path,
160
        flash: { success: I18n.t("administrator.flash.registration_method_updated") }
161
    end
162
  end
163
164
  # POST /admins/room_limit
165
  def room_limit
166
    @settings.update_value("Room Limit", params[:limit])
167
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
168
  end
169
170
  # POST /admins/default_recording_visibility
171
  def default_recording_visibility
172
    @settings.update_value("Default Recording Visibility", params[:visibility])
173
    redirect_to admin_site_settings_path, flash: {
174
      success: I18n.t("administrator.flash.settings") + ". " +
175
               I18n.t("administrator.site_settings.recording_visibility.warning")
176
    }
177
  end
178
179
  # POST /admins/clear_cache
180
  def clear_cache
181
    Rails.cache.delete("#{@user_domain}/getUser")
182
    Rails.cache.delete("#{@user_domain}/getUserGreenlightCredentials")
183
184
    redirect_to admin_site_settings_path, flash: { success: I18n.t("administrator.flash.settings") }
185
  end
186
187
  # ROLES
188
189
  # GET /admins/roles
190
  def roles
191
    @roles = Role.editable_roles(@user_domain)
192
193
    if @roles.count.zero?
194
      Role.create_default_roles(@user_domain)
195
      @roles = Role.editable_roles(@user_domain)
196
    end
197
198
    @selected_role = if params[:selected_role].nil?
199
                        @roles.find_by(name: 'user')
200
                      else
201
                        @roles.find(params[:selected_role])
202
                     end
203
  end
204
205
  # POST /admin/role
206
  # This method creates a new role scope to the users provider
207
  def new_role
208
    new_role_name = params[:role][:name]
209
210
    # Make sure that the role name isn't a duplicate or a reserved name like super_admin
211
    if Role.duplicate_name(new_role_name, @user_domain)
212
      flash[:alert] = I18n.t("administrator.roles.duplicate_name")
213
214
      return redirect_to admin_roles_path
215
    end
216
217
    # Make sure the role name isn't empty
218
    if new_role_name.strip.empty?
219
      flash[:alert] = I18n.t("administrator.roles.empty_name")
220
221
      return redirect_to admin_roles_path
222
    end
223
224
    new_role = Role.create_new_role(new_role_name, @user_domain)
225
226
    redirect_to admin_roles_path(selected_role: new_role.id)
227
  end
228
229
  # PATCH /admin/roles/order
230
  # This updates the priority of a site's roles
231
  # Note: A lower priority role will always get used before a higher priority one
232
  def change_role_order
233
    user_role = Role.find_by(name: "user", provider: @user_domain)
234
    admin_role = Role.find_by(name: "admin", provider: @user_domain)
235
236
    current_user_role = current_user.highest_priority_role
237
238
    # Users aren't allowed to update the priority of the admin or user roles
239
    if params[:role].include?(user_role.id.to_s) || params[:role].include?(admin_role.id.to_s)
240
      flash[:alert] = I18n.t("administrator.roles.invalid_order")
241
242
      return redirect_to admin_roles_path
243
    end
244
245
    # Restrict users to only updating the priority for roles in their domain with a higher
246
    # priority
247
    params[:role].each do |id|
248
      role = Role.find(id)
249
      if role.priority <= current_user_role.priority || role.provider != @user_domain
250
        flash[:alert] = I18n.t("administrator.roles.invalid_update")
251
        return redirect_to admin_roles_path
252
      end
253
    end
254
255
    # Update the roles priority including the user role
256
    top_priority = 0
257
258
    params[:role].each_with_index do |id, index|
259
      new_priority = index + [current_user_role.priority, 0].max + 1
260
      top_priority = new_priority
261
      Role.where(id: id).update_all(priority: new_priority)
262
    end
263
264
    user_role.priority = top_priority + 1
265
    user_role.save!
266
  end
267
268
  # POST /admin/role/:role_id
269
  # This method updates the permissions assigned to a role
270
  def update_role
271
    role = Role.find(params[:role_id])
272
    current_user_role = current_user.highest_priority_role
273
274
    # Checks that it is valid for the provider to update the role
275
    if role.priority <= current_user_role.priority || role.provider != @user_domain
276
      flash[:alert] = I18n.t("administrator.roles.invalid_update")
277
      return redirect_to admin_roles_path(selected_role: role.id)
278
    end
279
280
    role_params = params.require(:role).permit(:name)
281
    permission_params = params.require(:role)
282
                              .permit(
283
                                :can_create_rooms,
284
                                :send_promoted_email,
285
                                :send_demoted_email,
286
                                :can_edit_site_settings,
287
                                :can_edit_roles,
288
                                :can_manage_users,
289
                                :colour
290
                              )
291
292
    # Role is a default role so users can't change the name
293
    role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)
294
295
    # Make sure if the user is updating the role name that the role name is valid
296
    if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
297
       !role_params[:name].strip.empty?
298
      role.name = role_params[:name]
299
    elsif role.name != role_params[:name]
300
      flash[:alert] = I18n.t("administrator.roles.duplicate_name")
301
302
      return redirect_to admin_roles_path(selected_role: role.id)
303
    end
304
305
    role.update(permission_params)
306
307
    role.save!
308
309
    redirect_to admin_roles_path(selected_role: role.id)
310
  end
311
312
  # DELETE admins/role/:role_id
313
  # This deletes a role
314
  def delete_role
315
    role = Role.find(params[:role_id])
316
317
    # Make sure no users are assigned to the role and the role isn't a reserved role
318
    # before deleting
319
    if role.users.count.positive?
320
      flash[:alert] = I18n.t("administrator.roles.role_has_users", user_count: role.users.count)
321
      return redirect_to admin_roles_path(selected_role: role.id)
322
    elsif Role::RESERVED_ROLE_NAMES.include?(role) || role.provider != @user_domain ||
323
          role.priority <= current_user.highest_priority_role.priority
324
      return redirect_to admin_roles_path(selected_role: role.id)
325
    else
326
      role.delete
327
    end
328
329
    redirect_to admin_roles_path
330
  end
331
332
  private
333
334
  def find_user
335
    @user = User.where(uid: params[:user_uid]).includes(:roles).first
336
  end
337
338
  def find_setting
339
    @settings = Setting.find_or_create_by!(provider: user_settings_provider)
340
  end
341
342
  def verify_admin_of_user
343
    redirect_to admins_path,
344
      flash: { alert: I18n.t("administrator.flash.unauthorized") } unless current_user.admin_of?(@user)
345
  end
346
347
  # Gets the list of users based on your configuration
348
  def user_list
349
    initial_list = if current_user.has_role? :super_admin
350
      User.where.not(id: current_user.id)
351
    else
352
      User.without_role(:super_admin).where.not(id: current_user.id)
353
    end
354
355
    if Rails.configuration.loadbalanced_configuration
356
      initial_list.where(provider: user_settings_provider)
357
                  .admins_search(@search, @role)
358
                  .admins_order(@order_column, @order_direction)
359
    else
360
      initial_list.admins_search(@search, @role)
361
                  .admins_order(@order_column, @order_direction)
362
    end
363
  end
364
365
  # Creates the invite if it doesn't exist, or updates the updated_at time if it does
366
  def create_or_update_invite(email)
367
    invite = Invitation.find_by(email: email, provider: @user_domain)
368
369
    # Invite already exists
370
    if invite.present?
371
      # Updates updated_at to now
372
      invite.touch
373
    else
374
      # Creates invite
375
      invite = Invitation.create(email: email, provider: @user_domain)
376
    end
377
378
    invite
379
  end
380
end
381