Merge branch 'master' into SIP

app/assets/locales/el.json

@@ -319,7 +319,10 @@
           "open": "Ενεργοποίηση εγγραφών",
           "invite": "Συμμετοχή με πρόσκληση",
           "approval": "Έγκριση/Απόρριψη"
-        }
+        },
+        "allowed_domains": "Επιτρέπονται τα email ονομάτων τομεα",
+        "allowed_domains_signup_description": "Επιτρέπονται συγκεκριμένα email ονομάτων τομεα για εγγραφή. Η μορφή πρέπει να είναι @test.com,domain.com",
+        "enter_allowed_domains_rule" : "Προσθηκη επιτρεπόμενου ονόματος τομέα "
       }
     },
     "room_configuration": {
@@ -420,7 +423,8 @@
         "privacy_policy_updated": "Η πολιτική απορρήτου ενημερώθηκε.",
         "helpcenter_updated": "Ο σύνδεσμος για το Κέντρο βοήθειας ενημερώθηκε. ",
         "terms_of_service_updated": "Οι όριο χρήσης ενημερώθηκαν.",
-        "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε."
+        "maintenance_updated": "Το μήνυμα της λειτουργίας συντήρησης ενημερώθηκε.",
+        "allowed_domains_signup_updated": "Τα επιτρεπόμενα ονόματα τομέα ενημερώθηκαν"
       },
       "recording": {
         "recording_visibility_updated": "Η εμφάνιση καταγραφής ενημερώθηκε.",

app/assets/locales/en.json

@@ -326,7 +326,10 @@
           "open": "Open Registration",
           "invite": "Join by Invitation",
           "approval": "Approve/Decline"
-        }
+        },
+        "allowed_domains": "Allowed Email Domains",
+        "allowed_domains_signup_description": "Allow specific email domains to sign up. Format must be: @test.com,domain.com",
+        "enter_allowed_domains_rule" : "Enter the allowed domains"
       }
     },
     "room_configuration": {
@@ -428,7 +431,8 @@
         "privacy_policy_updated": "The privacy notice has been updated.",
         "helpcenter_updated": "The help center link has been updated.",
         "terms_of_service_updated": "The terms of service have been updated.",
-        "maintenance_updated": "The maintenance banner has been updated."
+        "maintenance_updated": "The maintenance banner has been updated.",
+        "allowed_domains_signup_updated": "The allowed email domains have been updated."
       },
       "recording": {
         "recording_visibility_updated": "The recording visibility has been updated.",

app/assets/locales/ja.json

@@ -164,6 +164,10 @@
       "wrong_access_code": "誤った接続コード",
       "generate_viewers_access_code": "視聴者用接続コードを作成する",
       "generate_mods_access_code": "司会者用接続コードを作成する",
+      "server_tag": "この会議室のサーバタイプを選択",
+      "default_tag_name": "通常",
+      "server_tag_desired": "最適",
+      "server_tag_required": "最小",
       "are_you_sure_delete_room": "本当にこの会議室を削除しますか？"
     }
   },
@@ -274,8 +278,8 @@
       "administration": {
         "administration": "法的根拠",
         "terms": "利用規約",
-        "privacy": "プライバシーポリシー",
-        "privacy_policy": "プライバシーポリシー",
+        "privacy": "プライバシーに関する告知",
+        "privacy_policy": "プライバシーに関する告知",
         "change_term_links": "ページ下方の利用規約へのリンクを変更する",
         "change_privacy_link": "ページ下方のプライバシーポリシーへのリンクを変更する",
         "helpcenter": "ヘルプセンター",
@@ -315,7 +319,10 @@
           "open": "誰でも自由に登録",
           "invite": "招待制",
           "approval": "承認制"
-        }
+        },
+        "allowed_domains": "許可するEmailのドメイン",
+        "allowed_domains_signup_description": "特定のEmailドメインのみからのサインアップを許可します。@test.com や domain.com のような形式で記入してください。",
+        "enter_allowed_domains_rule" : "許可するドメインを入力"
       }
     },
     "room_configuration": {
@@ -413,10 +420,11 @@
         "brand_color_updated": "サイトの基調色がアップデートされました。",
         "brand_image_updated": "ブランド画像がアップデートされました。",
         "brand_image_deleted": "ブランド画像が消去されました。",
-        "privacy_policy_updated": "プライバシーポリシーがアップデートされました。",
+        "privacy_policy_updated": "プライバシーに関する告知がアップデートされました。",
         "helpcenter_updated": "ヘルプセンターのリンクが更新されました。",
         "terms_of_service_updated": "利用規約が更新されました。",
-        "maintenance_updated": "メンテナンスバナーが更新されました。"
+        "maintenance_updated": "メンテナンスバナーが更新されました。",
+        "allowed_domains_signup_updated": "許可するEmailのドメインが更新されました。"
       },
       "recording": {
         "recording_visibility_updated": "録画の公開度が更新されました。",
@@ -437,6 +445,7 @@
     },
     "error": {
       "problem_completing_action": "操作をうまく完了できませんでした。\nもう一度やってみてください。",
+      "server_type_unavailable": "希望されたサーバタイプは利用できません。別のタイプを部屋の設定から選んでください。",
       "file_type_not_supported": "ファイルの形式がサポートされていません。",
       "file_size_too_large": "ファイルが大きすぎます。",
       "file_upload_error": "ファイルがアップロードできません。",
@@ -533,6 +542,11 @@
       },
       "url": {
         "invalid": "無効なURL"
+      },
+      "text_form": {
+        "value": {
+          "required": "何かメッセージを入力してください"
+        }
       }
     },
     "room": {

app/assets/locales/tr.json

@@ -14,6 +14,7 @@
   "report": "Bildir",
   "share": "Paylaş",
   "cancel": "İptal",
+  "reset":   "Sıfırla",
   "close": "Kapat",
   "delete": "Sil",
   "copy": "Kopyala",
@@ -163,6 +164,10 @@
       "wrong_access_code": "Erişim kodu yanlış",
       "generate_viewers_access_code": "İzleyiciler için erişim kodu oluştur",
       "generate_mods_access_code": "Sorumlular için erişim kodu oluştur",
+      "server_tag": "Bu oda için bir sunucu türü seçin",
+      "default_tag_name": "Varsayılan",
+      "server_tag_desired": "İstenilen",
+      "server_tag_required": "Zorunlu",
       "are_you_sure_delete_room": "Bu odayı silmek istediğinize emin misiniz?"
     }
   },
@@ -229,7 +234,8 @@
       "empty_invited_users_subtext": "Durumu çağrılmış olarak değiştirilen kullanıcılar burada görüntülenir.",
       "invited": {
         "time_sent": "Gönderilme zamanı",
-        "valid": "Geçerli"
+        "valid": "Geçerli",
+        "revoke": "Geçersiz kıl"
       }
     },
     "server_rooms": {
@@ -272,8 +278,8 @@
       "administration": {
         "administration": "Yönetim",
         "terms": "Hüküm ve koşullar",
-        "privacy": "Gizlilik ilkesi",
-        "privacy_policy": "Gizlilik ilkesi",
+        "privacy": "Gizlilik bildirimi",
+        "privacy_policy": "Gizlilik bildirimi",
         "change_term_links": "Sayfanın altında görüntülenecek koşullar bağlantısını değiştir",
         "change_privacy_link": "Sayfanın altında görüntülenecek gizlilik bağlantısını değiştir",
         "helpcenter": "Yardım merkezi",
@@ -301,7 +307,7 @@
       "registration": {
         "registration": "Hesap açma",
         "role_mapping_by_email": "Roller e-postaya göre eşleştirilsin",
-        "role_mapping_by_email_description": "Kullanıcı rollerini e-postalarına göre belirler. rol1?e-posta1, rol2=e-posta2 biçiminde olmalıdır",
+        "role_mapping_by_email_description": "Kullanıcı rollerini e-postalarına göre belirler. rol1?e-posta1,rol2=e-posta2 biçiminde olmalıdır",
         "enter_role_mapping_rule": "Bir rol eşleştirme kuralı yazın",
         "resync_on_login": "Kullanıcı verileri her oturum açıldığında eşitlensin",
         "resync_on_login_description": "Bir kullanıcının bilgilerini her oturum açtığından yeniden eşitleyerek, Greenlight üzerindeki bilgilerin her zaman dış kimlik doğrulama hizmeti sağlayıcısındakiler ile aynı olmasını sağlar",
@@ -411,7 +417,7 @@
         "brand_color_updated": "Marka rengi güncellendi.",
         "brand_image_updated": "Marka görseli güncellendi.",
         "brand_image_deleted": "Marka görseli silindi.",
-        "privacy_policy_updated": "Gizlilik ilkesi güncellendi.",
+        "privacy_policy_updated": "Gizlilik bildirimi güncellendi.",
         "helpcenter_updated": "Yardım merkezi bağlantısı güncellendi.",
         "terms_of_service_updated": "Hizmet koşulları güncellendi.",
         "maintenance_updated": "Bakım duyurusu güncellendi."
@@ -429,11 +435,13 @@
         "role_permission_updated": "Rol yetkileri güncellendi."
       },
       "invitations": {
-        "invitation_sent": "Çağrı gönderildi"
+        "invitation_sent": "Çağrı gönderildi",
+        "invitation_revoked": "Bir çağrı geçersiz kılındı"
       }
     },
     "error": {
       "problem_completing_action": "Bu işlem yapılırken bir sorun çıktı.\nLütfen yeniden deneyin.",
+      "server_type_unavailable": "İstenilen sunucu türü kullanılamıyor. Lütfen oda ayarlarında başka bir tür seçin.",
       "file_type_not_supported": "Dosya türü desteklenmiyor.",
       "file_size_too_large": "Dosya boyutu çok büyük.",
       "file_upload_error": "Dosya yüklenemedi.",
@@ -530,6 +538,11 @@
       },
       "url": {
         "invalid": "Adres geçersiz"
+      },
+      "text_form": {
+        "value": {
+          "required": "Lütfen bir ileti yazın"
+        }
       }
     },
     "room": {

app/controllers/api/v1/meetings_controller.rb

@@ -37,6 +37,7 @@ def start
         render_data data: BigBlueButtonApi.new(provider: current_provider).join_meeting(
           room: @room,
           name: current_user.name,
+          user_id: fetch_bbb_user_id,
           avatar_url: current_user.avatar.attached? ? url_for(current_user.avatar) : nil,
           role: 'Moderator'
         ), status: :created
@@ -81,6 +82,7 @@ def status
           data[:joinUrl] = BigBlueButtonApi.new(provider: current_provider).join_meeting(
             room: @room,
             name: current_user ? current_user.name : params[:name],
+            user_id: fetch_bbb_user_id,
             avatar_url: current_user&.avatar&.attached? ? url_for(current_user.avatar) : nil,
             role: bbb_role
           )
@@ -145,6 +147,21 @@ def infer_bbb_role(mod_code:, viewer_code:, anyone_join_as_mod:)
           'Viewer'
         end
       end
+
+      def fetch_bbb_user_id
+        return "gl-#{current_user.id}" if current_user
+
+        return cookies[:guest_id] if cookies[:guest_id].present?
+
+        guest_id = "gl-guest-#{SecureRandom.hex(12)}"
+
+        cookies[:guest_id] = {
+          value: guest_id,
+          expires: 1.day.from_now
+        }
+
+        guest_id
+      end
     end
   end
 end

app/controllers/api/v1/users_controller.rb

@@ -61,6 +61,9 @@ def create
         # Users created by a user will have the creator language by default with a fallback to the server configured default_locale.
         create_user_params[:language] = current_user&.language || I18n.default_locale if create_user_params[:language].blank?
 
+        # renders an error if the user is signing up with an invalid domain based off site settings
+        return render_error errors: Rails.configuration.custom_error_msgs[:unauthorized], status: :forbidden unless valid_domain?
+
         user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call
 
         smtp_enabled = ENV['SMTP_SERVER'].present?
@@ -184,6 +187,17 @@ def valid_invite_token
         Invitation.destroy_by(email: create_user_params[:email].downcase, provider: current_provider,
                               token: create_user_params[:invite_token]).present?
       end
+
+      def valid_domain?
+        allowed_domains_emails = SettingGetter.new(setting_name: 'AllowedDomains', provider: current_provider).call
+        return true if allowed_domains_emails.blank?
+
+        domains = allowed_domains_emails.split(',')
+        domains.each do |domain|
+          return true if create_user_params[:email].end_with?(domain)
+        end
+        false
+      end
     end
   end
 end

app/controllers/external_controller.rb

@@ -41,6 +41,8 @@ def create_user
       return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:invite_token_invalid])
     end
 
+    return render_error status: :forbidden unless valid_domain?(user_info[:email])
+
     # Create the user if they dont exist
     if new_user
       user = UserCreator.new(user_params: user_info, provider: current_provider, role: default_role).call
@@ -164,4 +166,15 @@ def build_user_info(credentials)
       verified: true
     }
   end
+
+  def valid_domain?(email)
+    allowed_domain_emails = SettingGetter.new(setting_name: 'AllowedDomains', provider: current_provider).call
+    return true if allowed_domain_emails.blank?
+
+    domains = allowed_domain_emails.split(',')
+    domains.each do |domain|
+      return true if email.end_with?(domain)
+    end
+    false
+  end
 end

app/javascript/components/admin/site_settings/administration/LinksForm.jsx

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Lesser General Public License along
 // with Greenlight; if not, see <http://www.gnu.org/licenses/>.
 
-import React, { useEffect } from 'react';
+import React, { useCallback, useEffect, useRef } from 'react';
 import PropTypes from 'prop-types';
 import { Button } from 'react-bootstrap';
 import { useTranslation } from 'react-i18next';
@@ -29,13 +29,28 @@ export default function LinksForm({ id, value, mutation: useUpdateSiteSettingsAP
 
   const { methods, fields } = useLinksForm({ defaultValues: { value } });
 
+  const formText = useRef('');
+
   useEffect(() => {
-    if (!methods) { return; }
-    methods.reset({ value });
+    if (methods) {
+      methods.reset({ value });
+      formText.current = value;
+    }
   }, [methods, value]);
 
+  const handleSubmit = useCallback(
+    (formData) => {
+      if (formText.current !== formData[`${fields.value.hookForm.id}`]) {
+        formText.current = formData[`${fields.value.hookForm.id}`];
+        return updateSiteSettingsAPI.mutate(formData);
+      }
+      return null;
+    },
+    [updateSiteSettingsAPI.mutate],
+  );
+
   return (
-    <Form id={id} methods={methods} onSubmit={updateSiteSettingsAPI.mutate}>
+    <Form id={id} methods={methods} onSubmit={handleSubmit}>
       <FormControl
         field={fields.value}
         aria-describedby={`${id}-submit-btn`}

app/javascript/components/admin/site_settings/registration/Registration.jsx

@@ -28,11 +28,12 @@ import useRoles from '../../../../hooks/queries/admin/roles/useRoles';
 export default function Registration() {
   const { t } = useTranslation();
   const { data: env } = useEnv();
-  const { data: siteSettings } = useSiteSettings(['RoleMapping', 'DefaultRole', 'ResyncOnLogin', 'RegistrationMethod']);
+  const { data: siteSettings } = useSiteSettings(['RoleMapping', 'DefaultRole', 'ResyncOnLogin', 'RegistrationMethod', 'AllowedDomains']);
   const { data: roles } = useRoles();
   const updateRegistrationMethod = useUpdateSiteSetting('RegistrationMethod');
   const updateDefaultRole = useUpdateSiteSetting('DefaultRole');
   const updateRoleMapping = useUpdateSiteSetting('RoleMapping');
+  const updateDomainSignUp = useUpdateSiteSetting('AllowedDomains');
 
   return (
     <>
@@ -99,6 +100,24 @@ export default function Registration() {
           </Button>
         </Stack>
       </Row>
+
+      <Row className="mb-3">
+        <strong> {t('admin.site_settings.registration.allowed_domains')} </strong>
+        <p className="text-muted">{t('admin.site_settings.registration.allowed_domains_signup_description')}</p>
+        <Stack direction="horizontal">
+          <input
+            className="form-control"
+            placeholder={t('admin.site_settings.registration.enter_allowed_domains_rule')}
+          />
+          <Button
+            variant="brand"
+            className="ms-2"
+            onClick={(e) => updateDomainSignUp.mutate({ value: e.target.previousSibling.value })}
+          >
+            {t('update')}
+          </Button>
+        </Stack>
+      </Row>
     </>
   );
 }

app/javascript/hooks/mutations/admin/site_settings/useUpdateSiteSetting.jsx

@@ -63,6 +63,9 @@ export default function useUpdateSiteSetting(name) {
       case 'Maintenance':
         toast.success(t('toast.success.site_settings.maintenance_updated'));
         break;
+      case 'AllowedDomains':
+        toast.success(t('toast.success.site_settings.allowed_domains_signup_updated'));
+        break;
       default:
         toast.success(t('toast.success.site_settings.site_setting_updated'));
     }

app/services/big_blue_button_api.rb

@@ -44,12 +44,13 @@ def start_meeting(room:, options: {}, presentation_url: nil)
     end
   end
 
-  def join_meeting(room:, role:, name: nil, avatar_url: nil)
+  def join_meeting(room:, role:, user_id:, name: nil, avatar_url: nil)
     bbb_server.join_meeting_url(
       room.meeting_id,
       name,
       '', # empty password -> use the role passed ing
       {
+        userId: user_id,
         role:,
         avatarURL: avatar_url,
         createTime: room.last_session&.to_datetime&.strftime('%Q')