Commit b3ac214a authored by David Lucadou's avatar David Lucadou

Hid edit/delete message on chat log for non-admins

parent bb198077
Pipeline #61546640 failed with stage
in 6 minutes and 17 seconds
......@@ -6,6 +6,8 @@ All notable changes to this project will be documented in this file.
- Three new themes - Minty, Midnight, and Whiteout
- Tests for the new themes
- Tests for chat log permissions
- Ability to disable Oauth entirely via config file (#7)
- Ability to disable specific Oauth providers via config file (#7)
- Ability to update the TOS via admin console (#13)
......@@ -25,6 +27,7 @@ All notable changes to this project will be documented in this file.
- Tests for U2F based 2FA
### Changed
- Hid edit/delete chat log button for non-admin users
- Case sensitive field now defaults to false instead of nil (#64)
- Centralized escaped regex handling (#71)
......
......@@ -10,7 +10,7 @@ class ChatLogsController < ApplicationController
before_action :set_chat_log, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!
before_action :verify_permissions
# Controller methods
# GET /chat_logs
......@@ -75,39 +75,37 @@ class ChatLogsController < ApplicationController
#else
# query_type = :browse
end
# Clear previous page
session.delete(:return_to)
user ||= Current.user
# Set timezone offset varaible for view to reference
@UserTZOffset = current_user.user_preference.tz_offset if !current_user.user_preference.tz_offset.match(PreferencesHelper.tz_utc_regex)
# If offset is +00:00 or -00:00, it doesn't show the offset since that
# is already UTC.
# Extract variables from params
channel = params[:channel]
sender = params[:sender]
basic_search = params[:query]
advanced_search = params[:advanced_query]
case_sensitive = params[:case_sensitive]
base_id = params[:base_id].to_i if !params[:base_id].nil?
start_id = params[:start_id].to_i if !params[:start_id].nil?
end_id = params[:end_id].to_i if !params[:end_id].nil?
start_time = params[:start_time].to_i if !params[:start_time].nil?
end_time = params[:end_time].to_i if !params[:end_time].nil?
if !params[:per_page].nil? && (params[:per_page].to_i < 10 || params[:per_page].to_i > 1000)
flash[:error] = "Invalid search results: must be a number from 10 to 1000. Defaulting to #{per_page} (changeable in the Appearance & Localization settings menu)."
# per_page can be specified in advanced searches. If it is not
# specified, there is a method in ApplicationHelper, per_page,
# which gets the per_page setting for the user.
end
order = "#{chatlog_sort_column} #{sort_direction}"
if !base_id.nil? && ChatLog.find_by_id(base_id)
base_chat_log = ChatLog.find(base_id)
base_time = base_chat_log.date
......@@ -117,12 +115,12 @@ class ChatLogsController < ApplicationController
elsif !base_id.nil? && ChatLog.where(id: base_id).count == 0
flash[:error] = "Unable to find message with ID #{base_id}"
end
# Display error for blank basic searches
flash[:notice] = "No search terms given; executed empty search." if params[:query] && params[:query].length == 0
flash.discard # Clear any flashes so the user only sees them on the index/search results page
begin
query_time = Benchmark.realtime {
@chat_logs = ChatLog.search(channel: channel, sender: sender, basic_search: basic_search, advanced_search: advanced_search, case_sensitive: case_sensitive, start_id: start_id, end_id: end_id, start_time: start_time, end_time: end_time)
......@@ -150,7 +148,7 @@ class ChatLogsController < ApplicationController
# Regex errors are weird. The regex that caused this error was:
# /timoh(?i)/
end
# Log search
if query_type
custom_per_page = per_page == params[:per_page]
......@@ -171,7 +169,7 @@ class ChatLogsController < ApplicationController
else
logger.error "Could not create Search record - unrecognized query_type: #{query_type}."
end
@chat_logs = @chat_logs.order("#{chatlog_sort_column} #{sort_direction}").page(params[:page]).per(per_page) # sort results with results per page specified by the user
end
......@@ -185,7 +183,7 @@ class ChatLogsController < ApplicationController
request.referer != request.original_url &&
request.referer.index(edit_chat_log_path(ChatLog.find(params[:id]))).nil?
end
# GET /chat_logs/advanced_search
# GET /chat_logs/advanced_search.json
# POST /chat_logs/advanced_search
......@@ -193,19 +191,19 @@ class ChatLogsController < ApplicationController
# Set results per page variable for view to reference
user_id = Current.user.id
@UserSearchResults = current_user.user_preference.search_results
# Set timezone offset varaible for view to reference
@UserTZOffset = current_user.user_preference.tz_offset if !current_user.user_preference.tz_offset.match(PreferencesHelper.tz_utc_regex)
# If offset is +00:00 or -00:00, it doesn't show the offset since that
# is already UTC.
# Set datetime format variable for date picker in view to reference
@UserDTFormat = date_format = date_formats(action: :match, format_value: user_datetime_format(user_id, format: :date)).to_s
@UserDTFormat << " "
@UserDTFormat << time_format(format: :momentjs, use_24hr_time: current_user.user_preference.use_24hr_time, seconds: false)
# https://tempusdominus.github.io/bootstrap-4/Options/#format
# http://momentjs.com/docs/#/displaying/format/
# Set datetime format variable for help menu in view to reference
if @UserDTFormat.end_with?(" A")
@InfoDTFormat = @UserDTFormat[0...@UserDTFormat.length - 1]
......@@ -227,7 +225,7 @@ class ChatLogsController < ApplicationController
errors << "Sender name is in an invalid format - #{chatlog_sender_regex_description}"
end
message = params[:message] if !params[:message].nil? && params[:message].length > 0
# ID range
begin
#start_id = if params[:start_id].length > 0 then Integer(params[:start_id]) else nil end
......@@ -270,7 +268,7 @@ class ChatLogsController < ApplicationController
errors << "Ending ID must be less than or equal to #{ChatLogsHelper.chatlog_max_id}"
end
end
# if start_id.nil?
# end_id = params[:end_id].to_i if !params[:end_id].nil? && params[:end_id].to_i > 0
# else
......@@ -288,7 +286,7 @@ class ChatLogsController < ApplicationController
# end
# # I don't need to check if start_id or end_id are valid numbers
# # because 'notANum'.to_i returns 0, and 0 < 1 so it will not be used.
# Results per page
if params[:per_page] && params[:per_page].length > 0
per_page = Integer(params[:per_page]) rescue nil
......@@ -298,10 +296,10 @@ class ChatLogsController < ApplicationController
errors << "Invalid search results: must be a number from 10 to 1000."
end
end
# Convert case sensitive from 1/0 to true/false
case_sensitive = (params[:case_sensitive] == '1') if !message.nil? && message.length > 0 # No nil check needed because it is "0" if unchecked.
# Convert start & end time to epoch timestamps
time_format = user_datetime_format(user_id, seconds: false)
start_time_has_seconds = false
......@@ -337,23 +335,23 @@ class ChatLogsController < ApplicationController
errors << "Invalid format for ending time; parameter ignored (please use \"#{@InfoDTFormat}\" in the future)."
end
end
if (start_time && end_time && start_time >= end_time)
errors << "Starting time must come before ending time"
end
# if (errors.length > 0)
# flash[:error] = errors.join("<br>").html_safe
# @errors = errors
# end
# If no variables are set, this variable will be used to flash a message
# that they submitted a blank form & no search has been performed in the
# index controller method
is_search = [channel, sender, message, case_sensitive, start_time, end_time, start_id, end_id, per_page].compact.length > 0
# array.compact removes all nil values, so [nil nil nil].compact =>
# [], and [].length == 0
if errors.length == 0 && is_search
redirect_to chat_logs_path(:channel => channel, :sender => sender, :advanced_query => message, :case_sensitive => case_sensitive, :start_time => start_time, :end_time => end_time, :start_id => start_id, :end_id => end_id, :per_page => per_page)
elsif errors.length == 0
......@@ -449,9 +447,9 @@ class ChatLogsController < ApplicationController
def chat_log_params
params.require(:chat_log).permit(:channel, :sender, :message, :date)
end
def verify_permissions
if permissions_list[action_name.to_sym]&.index(current_user.role.to_sym).nil?
if UserHelper.permissions_list[action_name.to_sym]&.index(current_user.role.to_sym).nil?
# action_name is a Rails method for the controller method name
# ( https://stackoverflow.com/a/4274222 )
# Safe navigation operator (&) only calls if not nil.
......@@ -463,8 +461,4 @@ class ChatLogsController < ApplicationController
# user who never has to see an unformatted redirect page.
end
end
def permissions_list
{ :index => [:admin, :user], :show => [:admin, :user], :advanced_search => [:admin, :user], :new => [:admin], :edit => [:admin], :create => [:admin], :update => [:admin], :destroy => [:admin] }
end
end
module UserHelper
def self.permissions_list
{ :index => [:admin, :user], :show => [:admin, :user], :advanced_search => [:admin, :user], :new => [:admin], :edit => [:admin], :create => [:admin], :update => [:admin], :destroy => [:admin] }
end
def permission_list
UserHelper.permissions_list
end
end
......@@ -32,7 +32,9 @@
<div>
<%= link_to 'Context', chat_logs_path(:channel => @chat_log.channel, :base_id => @chat_log.id, :highlight => @chat_log.id), :class => "btn btn-secondary" %>
<%= link_to 'Edit/Delete Message', edit_chat_log_path(@chat_log), :class => "btn btn-danger float-right" %>
<%- if UserHelper.permissions_list[:edit].index(current_user.role.to_sym) %>
<%= link_to 'Edit/Delete Message', edit_chat_log_path(@chat_log), :class => "btn btn-danger float-right" %>
<% end -%>
<%= link_to 'Report Message', new_report_path(:msg_id => @chat_log.id), :class => "btn btn-warning float-right" %>
</div>
</div>
......
......@@ -13,5 +13,9 @@ Rails.application.config.assets.paths << Rails.root.join('node_modules')
# folder are already added.
# Rails.application.config.assets.precompile += %w( admin.js admin.css )
Rails.application.config.assets.precompile += %w( application_dark.css )
Rails.application.config.assets.precompile += %w( application_midnight.css )
Rails.application.config.assets.precompile += %w( application_minty.css )
Rails.application.config.assets.precompile += %w( application_solarized.css )
Rails.application.config.assets.precompile += %w( application_ubuntu.css )
Rails.application.config.assets.precompile += %w( application_whiteout.css )
......@@ -13,7 +13,7 @@ class CreateUserPreferences < ActiveRecord::Migration[5.2]
t.string :default_sort_col, null: false, default: "date"
t.string :default_sort_order, null: false, default: "desc"
t.integer :search_results, null: false, default: 10
t.string :theme, null: false, default: "Light"
t.string :theme, null: false, default: "Light (Default)"
# Notification settings
t.boolean :notify_pwchange_pri, null: false, default: true
......
......@@ -112,7 +112,7 @@ ActiveRecord::Schema.define(version: 2019_03_09_182145) do
t.string "default_sort_col", default: "date", null: false
t.string "default_sort_order", default: "desc", null: false
t.integer "search_results", default: 10, null: false
t.string "theme", default: "Light", null: false
t.string "theme", default: "Light (Default)", null: false
t.boolean "notify_pwchange_pri", default: true, null: false
t.boolean "notify_pwchange_bkp", default: false, null: false
t.boolean "notify_pwreset_pri", default: true, null: false
......
require 'rails_helper'
# Specs in this file have access to a helper object that includes
# the UserHelper. For example:
#
# describe UserHelper do
# describe "string concat" do
# it "concats two strings with spaces" do
# expect(helper.concat_strings("this","that")).to eq("this that")
# end
# end
# end
RSpec.describe UserHelper, type: :helper do
pending "add some examples to (or delete) #{__FILE__}"
end
require 'rails_helper'
require AuthenticationHelpers
RSpec.describe "UserAccountPermissions", type: :request do
before :each do
name = 'Test User 1'
@email = 'testuser@domain.test'
@password = 'CorrectHorseBatteryStaple'
sign_up_with(name, @email, @password, @password)
sign_in_with(@email, @password)
@user = User.where(email: @email).first
visit account_security_path
expect(page).to have_content("Enable TOTP")
end
describe "User can" do
it "browse chat logs"
it "view chat logs"
it "search for chat logs"
it "report chat logs"
end
describe "User cannot" do
it "edit chat logs"
it "delete chat logs"
# note to self: make an admin permissions spec file as well
# note: on the view message details page, i should not see edit/delete msg
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment