Rolify.update_permissions() - Code Metrics - jfederico/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Rolify.update_permissions() B
last analyzed 2020-01-09 18:27 UTC

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	8
dl	0
loc	36
rs	7.1493
c	1
b	0
f	0

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

module Rolify
  extend ActiveSupport::Concern

  # Gets all roles
  def all_roles(selected_role)
    @roles = Role.editable_roles(@user_domain)

    if @roles.count.zero?
      Role.create_default_roles(@user_domain)
      @roles = Role.editable_roles(@user_domain)
    end

    @selected_role = if selected_role.nil?
      @roles.find_by(name: 'user')
    else
      @roles.find(selected_role)
    end

    @roles
  end

  # Creates a new role
  def create_role(new_role_name)
    # Make sure that the role name isn't a duplicate or a reserved name like super_admin or empty
    return nil if Role.duplicate_name(new_role_name, @user_domain) || new_role_name.strip.empty?

    Role.create_new_role(new_role_name, @user_domain)
  end

  # Updates a user's roles
  def update_roles(roles)
    # Check that the user can manage users
    return true unless current_user.highest_priority_role.get_permission("can_manage_users")

    new_roles = roles.split(' ').map(&:to_i)
    old_roles = @user.roles.pluck(:id)

    added_role_ids = new_roles - old_roles
    removed_role_ids = old_roles - new_roles

    added_roles = []
    removed_roles = []
    current_user_role = current_user.highest_priority_role

    # Check that the user has the permissions to add all the new roles
    added_role_ids.each do |id|
      role = Role.find(id)

      # Admins are able to add the admin role to other users. All other roles may only
      # add roles with a higher priority
      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
         role.provider == @user_domain
        added_roles << role
      else
        return false
      end
    end

    # Check that the user has the permissions to remove all the deleted roles
    removed_role_ids.each do |id|
      role = Role.find(id)

      # Admins are able to remove the admin role from other users. All other roles may only
      # remove roles with a higher priority
      if (role.priority > current_user_role.priority || current_user_role.name == "admin") &&
         role.provider == @user_domain
        removed_roles << role
      else
        return false
      end
    end

    # Send promoted/demoted emails
    added_roles.each { |role| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
    removed_roles.each { |role| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }

    # Update the roles
    @user.roles.delete(removed_roles)
    @user.roles << added_roles

    # Make sure each user always has at least the user role
    @user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?

    @user.save!
  end

  # Updates a roles priority
  def update_priority(role_to_update)
    user_role = Role.find_by(name: "user", provider: @user_domain)
    admin_role = Role.find_by(name: "admin", provider: @user_domain)

    current_user_role = current_user.highest_priority_role

    # Users aren't allowed to update the priority of the admin or user roles
    return false if role_to_update.include?(user_role.id.to_s) || role_to_update.include?(admin_role.id.to_s)

    # Restrict users to only updating the priority for roles in their domain with a higher
    # priority
    role_to_update.each do |id|
      role = Role.find(id)
      return false if role.priority <= current_user_role.priority || role.provider != @user_domain
    end

    # Update the roles priority including the user role
    top_priority = 0

    role_to_update.each_with_index do |id, index|
      new_priority = index + [current_user_role.priority, 0].max + 1
      top_priority = new_priority
      Role.where(id: id).update_all(priority: new_priority)
    end

    user_role.priority = top_priority + 1
    user_role.save!
  end

  # Update Permissions
  def update_permissions(role)
    current_user_role = current_user.highest_priority_role

    # Checks that it is valid for the provider to update the role
    return false if role.priority <= current_user_role.priority || role.provider != @user_domain

    role_params = params.require(:role).permit(:name)
    permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
      :send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :colour)

    permission_params.transform_values! do |v|
      if v == "0"
        "false"
      elsif v == "1"
        "true"
      else
        v
      end
    end

    # Role is a default role so users can't change the name
    role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)

    # Make sure if the user is updating the role name that the role name is valid
    if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
       !role_params[:name].strip.empty?
      role.name = role_params[:name]
    elsif role.name != role_params[:name]
      return false
    end

    role.update(colour: permission_params[:colour])
    role.update_all_role_permissions(permission_params)

    role.save!
  end
end


1			# frozen_string_literal: true
2
3			# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4			#
5			# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6			#
7			# This program is free software; you can redistribute it and/or modify it under the
8			# terms of the GNU Lesser General Public License as published by the Free Software
9			# Foundation; either version 3.0 of the License, or (at your option) any later
10			# version.
11			#
12			# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13			# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14			# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15			#
16			# You should have received a copy of the GNU Lesser General Public License along
17			# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19			module Rolify
20			extend ActiveSupport::Concern
21
22			# Gets all roles
23			def all_roles(selected_role)
24			@roles = Role.editable_roles(@user_domain)
25
26			if @roles.count.zero?
27			Role.create_default_roles(@user_domain)
28			@roles = Role.editable_roles(@user_domain)
29			end
30
31			@selected_role = if selected_role.nil?
32			@roles.find_by(name: 'user')
33			else
34			@roles.find(selected_role)
35			end
36
37			@roles
38			end
39
40			# Creates a new role
41			def create_role(new_role_name)
42			# Make sure that the role name isn't a duplicate or a reserved name like super_admin or empty
43			return nil if Role.duplicate_name(new_role_name, @user_domain) \|\| new_role_name.strip.empty?
44
45			Role.create_new_role(new_role_name, @user_domain)
46			end
47
48			# Updates a user's roles
49			def update_roles(roles)
50			# Check that the user can manage users
51			return true unless current_user.highest_priority_role.get_permission("can_manage_users")
52
53			new_roles = roles.split(' ').map(&:to_i)
54			old_roles = @user.roles.pluck(:id)
55
56			added_role_ids = new_roles - old_roles
57			removed_role_ids = old_roles - new_roles
58
59			added_roles = []
60			removed_roles = []
61			current_user_role = current_user.highest_priority_role
62
63			# Check that the user has the permissions to add all the new roles
64			added_role_ids.each do \|id\|
65			role = Role.find(id)
66
67			# Admins are able to add the admin role to other users. All other roles may only
68			# add roles with a higher priority
69			if (role.priority > current_user_role.priority \|\| current_user_role.name == "admin") &&
70			role.provider == @user_domain
71			added_roles << role
72			else
73			return false
74			end
75			end
76
77			# Check that the user has the permissions to remove all the deleted roles
78			removed_role_ids.each do \|id\|
79			role = Role.find(id)
80
81			# Admins are able to remove the admin role from other users. All other roles may only
82			# remove roles with a higher priority
83			if (role.priority > current_user_role.priority \|\| current_user_role.name == "admin") &&
84			role.provider == @user_domain
85			removed_roles << role
86			else
87			return false
88			end
89			end
90
91			# Send promoted/demoted emails
92			added_roles.each { \|role\| send_user_promoted_email(@user, role) if role.get_permission("send_promoted_email") }
93			removed_roles.each { \|role\| send_user_demoted_email(@user, role) if role.get_permission("send_demoted_email") }
94
95			# Update the roles
96			@user.roles.delete(removed_roles)
97			@user.roles << added_roles
98
99			# Make sure each user always has at least the user role
100			@user.roles = [Role.find_by(name: "user", provider: @user_domain)] if @user.roles.count.zero?
101
102			@user.save!
103			end
104
105			# Updates a roles priority
106			def update_priority(role_to_update)
107			user_role = Role.find_by(name: "user", provider: @user_domain)
108			admin_role = Role.find_by(name: "admin", provider: @user_domain)
109
110			current_user_role = current_user.highest_priority_role
111
112			# Users aren't allowed to update the priority of the admin or user roles
113			return false if role_to_update.include?(user_role.id.to_s) \|\| role_to_update.include?(admin_role.id.to_s)
114
115			# Restrict users to only updating the priority for roles in their domain with a higher
116			# priority
117			role_to_update.each do \|id\|
118			role = Role.find(id)
119			return false if role.priority <= current_user_role.priority \|\| role.provider != @user_domain
120			end
121
122			# Update the roles priority including the user role
123			top_priority = 0
124
125			role_to_update.each_with_index do \|id, index\|
126			new_priority = index + [current_user_role.priority, 0].max + 1
127			top_priority = new_priority
128			Role.where(id: id).update_all(priority: new_priority)
129			end
130
131			user_role.priority = top_priority + 1
132			user_role.save!
133			end
134
135			# Update Permissions
136			def update_permissions(role)
137			current_user_role = current_user.highest_priority_role
138
139			# Checks that it is valid for the provider to update the role
140			return false if role.priority <= current_user_role.priority \|\| role.provider != @user_domain
141
142			role_params = params.require(:role).permit(:name)
143			permission_params = params.require(:role).permit(:can_create_rooms, :send_promoted_email,
144			:send_demoted_email, :can_edit_site_settings, :can_edit_roles, :can_manage_users, :colour)
145
146			permission_params.transform_values! do \|v\|
147			if v == "0"
148			"false"
149			elsif v == "1"
150			"true"
151			else
152			v
153			end
154			end
155
156			# Role is a default role so users can't change the name
157			role_params[:name] = role.name if Role::RESERVED_ROLE_NAMES.include?(role.name)
158
159			# Make sure if the user is updating the role name that the role name is valid
160			if role.name != role_params[:name] && !Role.duplicate_name(role_params[:name], @user_domain) &&
161			!role_params[:name].strip.empty?
162			role.name = role_params[:name]
163			elsif role.name != role_params[:name]
164			return false
165			end
166
167			role.update(colour: permission_params[:colour])
168			role.update_all_role_permissions(permission_params)
169
170			role.save!
171			end
172			end
173

jfederico / greenlight

Rolify.update_permissions() B last analyzed 2020-01-09 18:27 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

Rolify.update_permissions() B
last analyzed 2020-01-09 18:27 UTC