Skip to content

Commit

Permalink
LTI-403: Prevent form submission with empty shared_code (#342)
Browse files Browse the repository at this point in the history
Co-authored-by: Jesus Federico <jesus@123it.ca>
  • Loading branch information
Mariam05 and jfederico authored Aug 13, 2024
1 parent c8767a2 commit aa4e5fa
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 35 deletions.
7 changes: 1 addition & 6 deletions app/controllers/rooms_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -103,16 +103,11 @@ def create
# PATCH/PUT /rooms/1.json
def update
respond_to do |format|
# block update if shared_code doesn't exist
shared_code = room_params[:shared_code]
code_found = shared_code.blank? ? true : Room.where(code: shared_code, tenant: @room.tenant).exists?

if code_found && @room.update(room_params)
if @room.update(room_params)
format.html { redirect_to(room_path(@room, launch_nonce: params[:launch_nonce]), notice: t('default.room.updated')) }
format.json { render(:show, status: :ok, location: @room) }
else
# If the room wasn't updated because a code was not found then show an error message
flash.now[:alert] = code_found ? nil : t('error.room.codenotfound.message')
format.html { render(:edit) }
format.json { render(json: @error, status: :unprocessable_entity) }
end
Expand Down
24 changes: 12 additions & 12 deletions app/javascript/packs/edit.js
Original file line number Diff line number Diff line change
Expand Up @@ -135,17 +135,17 @@ $(document).on('turbolinks:load', function () {
checkSharedCodeCheckboxStatus();


// Show loading indicator when 'Update' or 'Cancel' buttons are pressed
const updateButton = $('#form-update-btn');
updateButton.on('click', (event) => {
event.preventDefault();
updateButton.attr('value', 'Loading...');
$('#edit-form').trigger('submit');
})

const cancelButton = $(this.getElementsByName('cancel'));
cancelButton.on('click', (event) => {
cancelButton.text('Loading...');
})
// Show loading indicator when 'Update' or 'Cancel' buttons are pressed
const updateButton = $('#form-update-btn');
updateButton.on('click', (event) => {
event.preventDefault();
updateButton.attr('value', 'Loading...');
$('#edit-form').trigger('submit');
})

const cancelButton = $(this.getElementsByName('cancel'));
cancelButton.on('click', (event) => {
cancelButton.text('Loading...');
})

});
12 changes: 11 additions & 1 deletion app/models/room.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
class Room < ApplicationRecord
include BrokerHelper

before_save :default_values

store_accessor :settings, %i[lockSettingsDisableCam lockSettingsDisableMic lockSettingsDisablePrivateChat lockSettingsDisablePublicChat lockSettingsDisableNote]
Expand All @@ -27,7 +29,7 @@ class Room < ApplicationRecord

attr_accessor :can_grade

include BrokerHelper
validate :shared_code_presence, if: -> { use_shared_code }

RECORDING_SETTINGS = [:record, :autoStartRecording, :allowStartStopRecording].freeze
ROOM_SETTINGS = [:guestPolicy, :allModerators].freeze
Expand Down Expand Up @@ -148,3 +150,11 @@ def generate_unique_code
end
end
end

def shared_code_presence
errors.add(:shared_code, "The shared code can't be blank when 'Use Shared Code' is enabled") && return if shared_code.blank?

return if Room.where(code: shared_code, tenant: tenant).exists?

errors.add(:shared_code, 'A room with this code could not be found')
end
14 changes: 4 additions & 10 deletions app/views/rooms/_form.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,7 @@
<%= form_with(model: room, local: true, class: "form fill", :url => room_path(@room, :launch_nonce => @launch_nonce), name: 'edit-form', id: 'edit-form' ) do |form| %>
<% if room.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(room.errors.count, "error") %> prohibited this room from being saved:</h2>

<ul>
<% room.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
<h2><%= pluralize(room.errors.count, "error") %> prohibited this room from being saved.</h2>
</div>
<% end %>

Expand Down Expand Up @@ -152,9 +146,9 @@
</div>
</div>

<% unless flash[:alert] == nil %>
<div class="ml-3 text-sm font-medium text-red-500">
<%= flash.alert %>
<% if @room.errors[:shared_code].any? %>
<div class="text-sm font-medium text-red-500">
<%= @room.errors[:shared_code].first %>
</div>
<% end %>
<div class="field form-group input-group">
Expand Down
11 changes: 5 additions & 6 deletions app/views/shared/_room.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
%>

<% room = @room.use_shared_code ? @shared_room : @room %>
<div id="chosenRoomId" ></div>

<div id="access-alert" style="background-color: #fffacd;" class="mb-4 p-4 rounded-lg hidden">
Expand Down Expand Up @@ -115,8 +114,8 @@
<div class="">
<div class="flex justify-between items-center pt-2">
<div class="flex justify-start items-center">
<% unless room.hide_name %>
<p class="text-4xl font-sans inline-block font-light"><%= room.name %></p>
<% unless @chosen_room.hide_name %>
<p class="text-4xl font-sans inline-block font-light"><%= @chosen_room.name %></p>
<% end %>
</div>

Expand All @@ -139,7 +138,7 @@
class: "font-sans text-center text-red-600 border ml-2 border-red-600 px-4 py-2 w-50 mb-0 bg-white rounded hover:text-white hover:bg-red-600",
id: 'end-meeting-btn',
style: visible,
data: {url: meeting_end_path(room, :launch_nonce => @launch_nonce), room: room.id} %>
data: {url: meeting_end_path(@chosen_room, :launch_nonce => @launch_nonce), room: @chosen_room.id} %>
<% end %>
</div>
</div>
Expand All @@ -148,8 +147,8 @@

<!-- Row 3: Room description -->
<div class="pt-3 pb-5">
<% unless room.hide_description %>
<p class= "leading-loose text-md w-1/2"><%= room.description %></p>
<% unless @chosen_room.hide_description %>
<p class= "leading-loose text-md w-1/2"><%= @chosen_room.description %></p>
<% end %>
</div>

Expand Down

0 comments on commit aa4e5fa

Please sign in to comment.