RoomsController.verify_user_not_admin() - Code Metrics - Inspection of "Merge pull request #621 from bigbluebutton/v2.2-al..." - bigbluebutton/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ce2c9c...5a8758 )

by Jesus

created 2019-07-10 16:08 UTC

RoomsController.verify_user_not_admin() A

↳ Parent: RoomsController

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
dl	0
loc	3
rs	10
c	0
b	0
f	0

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class RoomsController < ApplicationController
  include RecordingsHelper
  include Pagy::Backend

  before_action :validate_accepted_terms, unless: -> { !Rails.configuration.terms }
  before_action :validate_verified_email, except: [:show, :join],
                unless: -> { !Rails.configuration.enable_email_verification }
  before_action :find_room, except: :create
  before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
  before_action :verify_room_owner_verified, only: [:show, :join],
                unless: -> { !Rails.configuration.enable_email_verification }
  before_action :verify_user_not_admin, only: [:show]

  # POST /
  def create
    redirect_to(root_path) && return unless current_user

    return redirect_to current_user.main_room, flash: { alert: I18n.t("room.room_limit") } if room_limit_exceeded

    @room = Room.new(name: room_params[:name])
    @room.owner = current_user
    @room.room_settings = create_room_settings_string(room_params[:mute_on_join], room_params[:client])

    if @room.save
      if room_params[:auto_join] == "1"
        start
      else
        flash[:success] = I18n.t("room.create_room_success")
        redirect_to @room
      end
    else
      flash[:alert] = I18n.t("room.create_room_error")
      redirect_to current_user.main_room
    end
  end

  # GET /:room_uid
  def show
    if current_user && @room.owned_by?(current_user)
      @search, @order_column, @order_direction, recs =
        @room.recordings(params.permit(:search, :column, :direction), true)

      @pagy, @recordings = pagy_array(recs)

      @is_running = @room.running?
    else
      # Get users name
      @name = if current_user
        current_user.name
      elsif cookies.encrypted[:greenlight_name]
        cookies.encrypted[:greenlight_name]
      else
        ""
      end

      @search, @order_column, @order_direction, pub_recs =
        @room.public_recordings(params.permit(:search, :column, :direction), true)

      @pagy, @public_recordings = pagy_array(pub_recs)

      render :join
    end
  end

  # PATCH /:room_uid
  def update
    if params[:setting] == "rename_block"
      @room = Room.find_by!(uid: params[:room_block_uid])
      update_room_attributes("name")
    elsif params[:setting] == "rename_header"
      update_room_attributes("name")
    elsif params[:setting] == "rename_recording"
      @room.update_recording(params[:record_id], "meta_name" => params[:record_name])
    end

    if request.referrer
      redirect_to request.referrer
    else
      redirect_to room_path
    end
  end

  # POST /:room_uid
  def join
    return redirect_to root_path,
      flash: { alert: I18n.t("administrator.site_settings.authentication.user-info") } if auth_required

    opts = default_meeting_options
    unless @room.owned_by?(current_user)
      # Assign join name if passed.
      if params[@room.invite_path]
        @join_name = params[@room.invite_path][:join_name]
      elsif !params[:join_name]
        # Join name not passed.
        return
      end
    end

    # create or update cookie with join name
    cookies.encrypted[:greenlight_name] = @join_name unless cookies.encrypted[:greenlight_name] == @join_name

    if @room.running? || @room.owned_by?(current_user)
      # Determine if the user needs to join as a moderator.
      opts[:user_is_moderator] = @room.owned_by?(current_user)

      # Check if the user has specified which client to use
      room_settings = JSON.parse(@room[:room_settings])
      opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]

      if current_user
        redirect_to @room.join_path(current_user.name, opts, current_user.uid)
      else
        join_name = params[:join_name] || params[@room.invite_path][:join_name]
        redirect_to @room.join_path(join_name, opts)
      end
    else

      search_params = params[@room.invite_path] || params
      @search, @order_column, @order_direction, pub_recs =
        @room.public_recordings(search_params.permit(:search, :column, :direction), true)

      @pagy, @public_recordings = pagy_array(pub_recs)

      # They need to wait until the meeting begins.
      render :wait
    end
  end

  # DELETE /:room_uid
  def destroy
    # Don't delete the users home room.
    @room.destroy if @room.owned_by?(current_user) && @room != current_user.main_room

    redirect_to current_user.main_room
  end

  # POST /:room_uid/start
  def start
    # Join the user in and start the meeting.
    opts = default_meeting_options
    opts[:user_is_moderator] = true

    # Include the user's choices for the room settings
    room_settings = JSON.parse(@room[:room_settings])
    opts[:mute_on_start] = room_settings["muteOnStart"] if room_settings["muteOnStart"]
    opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]

    begin
      redirect_to @room.join_path(current_user.name, opts, current_user.uid)
    rescue BigBlueButton::BigBlueButtonException => e
      redirect_to room_path, alert: I18n.t(e.key.to_s.underscore, default: I18n.t("bigbluebutton_exception"))
    end

    # Notify users that the room has started.
    # Delay 5 seconds to allow for server start, although the request will retry until it succeeds.
    NotifyUserWaitingJob.set(wait: 5.seconds).perform_later(@room)
  end

  # POST /:room_uid/update_settings
  def update_settings
    begin
      raise "Room name can't be blank" if room_params[:name].empty?

      @room = Room.find_by!(uid: params[:room_uid])
      # Update the rooms settings
      update_room_attributes("settings")
      # Update the rooms name if it has been changed
      update_room_attributes("name") if @room.name != room_params[:name]
    rescue StandardError
      flash[:alert] = I18n.t("room.update_settings_error")
    else
      flash[:success] = I18n.t("room.update_settings_success")
    end
    redirect_to room_path
  end

  # GET /:room_uid/logout
  def logout
    # Redirect the correct page.
    redirect_to @room
  end

  private

  def update_room_attributes(update_type)
    if @room.owned_by?(current_user) && @room != current_user.main_room
      if update_type.eql? "name"
        @room.update_attributes(name: params[:room_name] || room_params[:name])
      elsif update_type.eql? "settings"
        room_settings_string = create_room_settings_string(room_params[:mute_on_join], room_params[:client])
        @room.update_attributes(room_settings: room_settings_string)
      end
    end
  end

  def create_room_settings_string(mute_res, client_res)
    room_settings = {}
    room_settings["muteOnStart"] = mute_res == "1"

    if client_res.eql? "html5"
      room_settings["joinViaHtml5"] = true
    elsif client_res.eql? "flash"
      room_settings["joinViaHtml5"] = false
    end

    room_settings.to_json
  end

  def room_params
    params.require(:room).permit(:name, :auto_join, :mute_on_join, :client)
  end

  # Find the room from the uid.
  def find_room
    @room = Room.find_by!(uid: params[:room_uid])
  end

  # Ensure the user is logged into the room they are accessing.
  def verify_room_ownership
    bring_to_room unless @room.owned_by?(current_user)
  end

  # Redirects a user to their room.
  def bring_to_room
    if current_user
      # Redirect authenticated users to their room.
      redirect_to room_path(current_user.main_room)
    else
      # Redirect unauthenticated users to root.
      redirect_to root_path
    end
  end

  def validate_accepted_terms
    if current_user
      redirect_to terms_path unless current_user.accepted_terms
    end
  end

  def validate_verified_email
    if current_user
      redirect_to account_activation_path(current_user) unless current_user.activated?
    end
  end

  def verify_room_owner_verified
    unless @room.owner.activated?
      flash[:alert] = t("room.unavailable")

      if current_user && [email protected]_by?(current_user)
        redirect_to current_user.main_room
      else
        redirect_to root_path
      end
    end
  end

  def verify_user_not_admin
    redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
  end

  def auth_required

    Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" &&
      current_user.nil?
  end

  def room_limit_exceeded

    limit = Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i

    # Does not apply to admin
    # 15+ option is used as unlimited
    return false if current_user&.has_role?(:admin) || limit == 15

    current_user.rooms.count >= limit
  end
end


1		# frozen_string_literal: true
2
3		# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4		#
5		# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6		#
7		# This program is free software; you can redistribute it and/or modify it under the
8		# terms of the GNU Lesser General Public License as published by the Free Software
9		# Foundation; either version 3.0 of the License, or (at your option) any later
10		# version.
11		#
12		# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13		# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14		# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15		#
16		# You should have received a copy of the GNU Lesser General Public License along
17		# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19		class RoomsController < ApplicationController
20		include RecordingsHelper
21		include Pagy::Backend
22
23		before_action :validate_accepted_terms, unless: -> { !Rails.configuration.terms }
24		before_action :validate_verified_email, except: [:show, :join],
25		unless: -> { !Rails.configuration.enable_email_verification }
26		before_action :find_room, except: :create
27		before_action :verify_room_ownership, except: [:create, :show, :join, :logout]
28		before_action :verify_room_owner_verified, only: [:show, :join],
29		unless: -> { !Rails.configuration.enable_email_verification }
30		before_action :verify_user_not_admin, only: [:show]
31
32		# POST /
33		def create
34		redirect_to(root_path) && return unless current_user
35
36		return redirect_to current_user.main_room, flash: { alert: I18n.t("room.room_limit") } if room_limit_exceeded
37
38		@room = Room.new(name: room_params[:name])
39		@room.owner = current_user
40		@room.room_settings = create_room_settings_string(room_params[:mute_on_join], room_params[:client])
41
42		if @room.save
43		if room_params[:auto_join] == "1"
44		start
45		else
46		flash[:success] = I18n.t("room.create_room_success")
47		redirect_to @room
48		end
49		else
50		flash[:alert] = I18n.t("room.create_room_error")
51		redirect_to current_user.main_room
52		end
53		end
54
55		# GET /:room_uid
56		def show
57		if current_user && @room.owned_by?(current_user)
58		@search, @order_column, @order_direction, recs =
59		@room.recordings(params.permit(:search, :column, :direction), true)
60
61		@pagy, @recordings = pagy_array(recs)
62
63		@is_running = @room.running?
64		else
65		# Get users name
66		@name = if current_user
67		current_user.name
68		elsif cookies.encrypted[:greenlight_name]
69		cookies.encrypted[:greenlight_name]
70		else
71		""
72		end
73
74		@search, @order_column, @order_direction, pub_recs =
75		@room.public_recordings(params.permit(:search, :column, :direction), true)
76
77		@pagy, @public_recordings = pagy_array(pub_recs)
78
79		render :join
80		end
81		end
82
83		# PATCH /:room_uid
84		def update
85		if params[:setting] == "rename_block"
86		@room = Room.find_by!(uid: params[:room_block_uid])
87		update_room_attributes("name")
88		elsif params[:setting] == "rename_header"
89		update_room_attributes("name")
90		elsif params[:setting] == "rename_recording"
91		@room.update_recording(params[:record_id], "meta_name" => params[:record_name])
92		end
93
94		if request.referrer
95		redirect_to request.referrer
96		else
97		redirect_to room_path
98		end
99		end
100
101		# POST /:room_uid
102		def join
103		return redirect_to root_path,
104		flash: { alert: I18n.t("administrator.site_settings.authentication.user-info") } if auth_required
105
106		opts = default_meeting_options
107		unless @room.owned_by?(current_user)
108		# Assign join name if passed.
109		if params[@room.invite_path]
110		@join_name = params[@room.invite_path][:join_name]
111		elsif !params[:join_name]
112		# Join name not passed.
113		return
114		end
115		end
116
117		# create or update cookie with join name
118		cookies.encrypted[:greenlight_name] = @join_name unless cookies.encrypted[:greenlight_name] == @join_name
119
120		if @room.running? \|\| @room.owned_by?(current_user)
121		# Determine if the user needs to join as a moderator.
122		opts[:user_is_moderator] = @room.owned_by?(current_user)
123
124		# Check if the user has specified which client to use
125		room_settings = JSON.parse(@room[:room_settings])
126		opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]
127
128		if current_user
129		redirect_to @room.join_path(current_user.name, opts, current_user.uid)
130		else
131		join_name = params[:join_name] \|\| params[@room.invite_path][:join_name]
132		redirect_to @room.join_path(join_name, opts)
133		end
134		else
135
136		search_params = params[@room.invite_path] \|\| params
137		@search, @order_column, @order_direction, pub_recs =
138		@room.public_recordings(search_params.permit(:search, :column, :direction), true)
139
140		@pagy, @public_recordings = pagy_array(pub_recs)
141
142		# They need to wait until the meeting begins.
143		render :wait
144		end
145		end
146
147		# DELETE /:room_uid
148		def destroy
149		# Don't delete the users home room.
150		@room.destroy if @room.owned_by?(current_user) && @room != current_user.main_room
151
152		redirect_to current_user.main_room
153		end
154
155		# POST /:room_uid/start
156		def start
157		# Join the user in and start the meeting.
158		opts = default_meeting_options
159		opts[:user_is_moderator] = true
160
161		# Include the user's choices for the room settings
162		room_settings = JSON.parse(@room[:room_settings])
163		opts[:mute_on_start] = room_settings["muteOnStart"] if room_settings["muteOnStart"]
164		opts[:join_via_html5] = room_settings["joinViaHtml5"] if room_settings["joinViaHtml5"]
165
166		begin
167		redirect_to @room.join_path(current_user.name, opts, current_user.uid)
168		rescue BigBlueButton::BigBlueButtonException => e
169		redirect_to room_path, alert: I18n.t(e.key.to_s.underscore, default: I18n.t("bigbluebutton_exception"))
170		end
171
172		# Notify users that the room has started.
173		# Delay 5 seconds to allow for server start, although the request will retry until it succeeds.
174		NotifyUserWaitingJob.set(wait: 5.seconds).perform_later(@room)
175		end
176
177		# POST /:room_uid/update_settings
178		def update_settings
179		begin
180		raise "Room name can't be blank" if room_params[:name].empty?
181
182		@room = Room.find_by!(uid: params[:room_uid])
183		# Update the rooms settings
184		update_room_attributes("settings")
185		# Update the rooms name if it has been changed
186		update_room_attributes("name") if @room.name != room_params[:name]
187		rescue StandardError
188		flash[:alert] = I18n.t("room.update_settings_error")
189		else
190		flash[:success] = I18n.t("room.update_settings_success")
191		end
192		redirect_to room_path
193		end
194
195		# GET /:room_uid/logout
196		def logout
197		# Redirect the correct page.
198		redirect_to @room
199		end
200
201		private
202
203		def update_room_attributes(update_type)
204		if @room.owned_by?(current_user) && @room != current_user.main_room
205		if update_type.eql? "name"
206		@room.update_attributes(name: params[:room_name] \|\| room_params[:name])
207		elsif update_type.eql? "settings"
208		room_settings_string = create_room_settings_string(room_params[:mute_on_join], room_params[:client])
209		@room.update_attributes(room_settings: room_settings_string)
210		end
211		end
212		end
213
214		def create_room_settings_string(mute_res, client_res)
215		room_settings = {}
216		room_settings["muteOnStart"] = mute_res == "1"
217
218		if client_res.eql? "html5"
219		room_settings["joinViaHtml5"] = true
220		elsif client_res.eql? "flash"
221		room_settings["joinViaHtml5"] = false
222		end
223
224		room_settings.to_json
225		end
226
227		def room_params
228		params.require(:room).permit(:name, :auto_join, :mute_on_join, :client)
229		end
230
231		# Find the room from the uid.
232		def find_room
233		@room = Room.find_by!(uid: params[:room_uid])
234		end
235
236		# Ensure the user is logged into the room they are accessing.
237		def verify_room_ownership
238		bring_to_room unless @room.owned_by?(current_user)
239		end
240
241		# Redirects a user to their room.
242		def bring_to_room
243		if current_user
244		# Redirect authenticated users to their room.
245		redirect_to room_path(current_user.main_room)
246		else
247		# Redirect unauthenticated users to root.
248		redirect_to root_path
249		end
250		end
251
252		def validate_accepted_terms
253		if current_user
254		redirect_to terms_path unless current_user.accepted_terms
255		end
256		end
257
258		def validate_verified_email
259		if current_user
260		redirect_to account_activation_path(current_user) unless current_user.activated?
261		end
262		end
263
264		def verify_room_owner_verified
265		unless @room.owner.activated?
266		flash[:alert] = t("room.unavailable")
267
268		if current_user && [email protected]_by?(current_user)
269		redirect_to current_user.main_room
270		else
271		redirect_to root_path
272		end
273		end
274		end
275
276		def verify_user_not_admin
277		redirect_to admins_path if current_user && current_user&.has_role?(:super_admin)
278		end
279
280	View Code Duplication	def auth_required
		0 ignored issues – show Duplication introduced 2019-05-24 15:47 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
281		Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Authentication") == "true" &&
282		current_user.nil?
283		end
284
285	View Code Duplication	def room_limit_exceeded
		0 ignored issues – show Duplication introduced 2019-07-10 16:06 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
286		limit = Setting.find_or_create_by!(provider: user_settings_provider).get_value("Room Limit").to_i
287
288		# Does not apply to admin
289		# 15+ option is used as unlimited
290		return false if current_user&.has_role?(:admin) \|\| limit == 15
291
292		current_user.rooms.count >= limit
293		end
294		end
295

bigbluebutton / greenlight

GitHub Access Token became invalid

Push — master ( ce2c9c...5a8758 )

RoomsController.verify_user_not_admin() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like