From 9868323a83ce415584740abe8aa8f916896eeea8 Mon Sep 17 00:00:00 2001
From: Thomas Feldtkeller <thomas.feldtkeller@dataport.de>
Date: Fri, 13 Dec 2024 15:10:20 +0100
Subject: [PATCH] take admin rights away from editors

---
 .../mikro-orm/Migration20241210152600.ts      |  6 ++--
 .../api/test/room-add-members.api.spec.ts     |  7 ++++-
 .../api/test/room-remove-members.api.spec.ts  | 30 +++++++++----------
 backup/setup/roles.json                       |  4 +--
 4 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts b/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts
index 37933e2d0c..4bd331b505 100644
--- a/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts
+++ b/apps/server/src/migrations/mikro-orm/Migration20241210152600.ts
@@ -6,15 +6,13 @@ export class Migration20241210152600 extends Migration {
 			{ name: 'roomeditor' },
 			{
 				$set: {
-					permissions: ['ROOM_VIEW', 'ROOM_EDIT', 'ROOM_MEMBERS_ADD', 'ROOM_MEMBERS_REMOVE'],
+					permissions: ['ROOM_VIEW', 'ROOM_EDIT'],
 				},
 			}
 		);
 
 		if (roomEditorRoleUpdate.modifiedCount > 0) {
-			console.info(
-				'Permission ROOM_DELETE removed from and ROOM_MEMBERS_ADD and ROOM_MEMBERS_REMOVE added to role roomeditor.'
-			);
+			console.info('Permission ROOM_DELETE removed from role roomeditor.');
 		}
 	}
 
diff --git a/apps/server/src/modules/room/api/test/room-add-members.api.spec.ts b/apps/server/src/modules/room/api/test/room-add-members.api.spec.ts
index ab1d9b64da..d4d5761ad5 100644
--- a/apps/server/src/modules/room/api/test/room-add-members.api.spec.ts
+++ b/apps/server/src/modules/room/api/test/room-add-members.api.spec.ts
@@ -54,7 +54,7 @@ describe('Room Controller (API)', () => {
 			const teacherGuestRole = roleFactory.buildWithId({ name: RoleName.GUESTTEACHER });
 			const studentGuestRole = roleFactory.buildWithId({ name: RoleName.GUESTSTUDENT });
 			const role = roleFactory.buildWithId({
-				name: RoleName.ROOMEDITOR,
+				name: RoleName.ROOMADMIN,
 				permissions: [
 					Permission.ROOM_VIEW,
 					Permission.ROOM_EDIT,
@@ -62,6 +62,10 @@ describe('Room Controller (API)', () => {
 					Permission.ROOM_MEMBERS_REMOVE,
 				],
 			});
+			const roomEditorRole = roleFactory.buildWithId({
+				name: RoleName.ROOMEDITOR,
+				permissions: [Permission.ROOM_VIEW, Permission.ROOM_EDIT],
+			});
 			// TODO: add more than one user
 			const userGroupEntity = groupEntityFactory.buildWithId({
 				users: [{ role, user: teacherUser }],
@@ -82,6 +86,7 @@ describe('Room Controller (API)', () => {
 				teacherUser,
 				teacherGuestRole,
 				studentGuestRole,
+				roomEditorRole,
 				otherTeacherUser,
 				otherTeacherAccount,
 				userGroupEntity,
diff --git a/apps/server/src/modules/room/api/test/room-remove-members.api.spec.ts b/apps/server/src/modules/room/api/test/room-remove-members.api.spec.ts
index 0ecae7d548..f52dfc0bf2 100644
--- a/apps/server/src/modules/room/api/test/room-remove-members.api.spec.ts
+++ b/apps/server/src/modules/room/api/test/room-remove-members.api.spec.ts
@@ -52,16 +52,16 @@ describe('Room Controller (API)', () => {
 					Permission.ROOM_VIEW,
 					Permission.ROOM_EDIT,
 					Permission.ROOM_DELETE,
-					Permission.ROOM_MEMBERS_ADD, // for now room_editors have these two rights as room_admins are not yet available
+					Permission.ROOM_MEMBERS_ADD,
 					Permission.ROOM_MEMBERS_REMOVE,
 				],
 			});
-			const editorRole = roleFactory.buildWithId({
-				name: RoleName.ROOMEDITOR,
+			const adminRole = roleFactory.buildWithId({
+				name: RoleName.ROOMADMIN,
 				permissions: [
 					Permission.ROOM_VIEW,
 					Permission.ROOM_EDIT,
-					Permission.ROOM_MEMBERS_ADD, // for now room_editors have these two rights as room_admins are not yet available
+					Permission.ROOM_MEMBERS_ADD,
 					Permission.ROOM_MEMBERS_REMOVE,
 				],
 			});
@@ -69,7 +69,7 @@ describe('Room Controller (API)', () => {
 				name: RoleName.ROOMVIEWER,
 				permissions: [Permission.ROOM_VIEW],
 			});
-			return { ownerRole, editorRole, viewerRole };
+			return { ownerRole, adminRole, viewerRole };
 		};
 
 		const setupRoomWithMembers = async () => {
@@ -77,17 +77,17 @@ describe('Room Controller (API)', () => {
 			const room = roomEntityFactory.buildWithId({ schoolId: school.id });
 
 			const { teacherAccount, teacherUser } = UserAndAccountTestFactory.buildTeacher({ school });
-			const { teacherUser: inRoomEditor2 } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
-			const { teacherUser: inRoomEditor3 } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
+			const { teacherUser: inRoomAdmin2 } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
+			const { teacherUser: inRoomAdmin3 } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
 			const { teacherUser: inRoomViewer } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
 			const { teacherUser: outTeacher } = UserAndAccountTestFactory.buildTeacher({ school: teacherUser.school });
 
-			const users = { teacherUser, inRoomEditor2, inRoomEditor3, inRoomViewer, outTeacher };
+			const users = { teacherUser, inRoomAdmin2, inRoomAdmin3, inRoomViewer, outTeacher };
 
-			const { ownerRole, editorRole, viewerRole } = setupRoomRoles();
+			const { ownerRole, adminRole, viewerRole } = setupRoomRoles();
 
-			const roomUsers = [teacherUser, inRoomEditor2, inRoomEditor3].map((user) => {
-				return { role: editorRole, user };
+			const roomUsers = [teacherUser, inRoomAdmin2, inRoomAdmin3].map((user) => {
+				return { role: adminRole, user };
 			});
 			roomUsers.push({ role: viewerRole, user: inRoomViewer });
 
@@ -159,9 +159,9 @@ describe('Room Controller (API)', () => {
 		describe('when the user has the required permissions', () => {
 			describe('when removing a user from the room', () => {
 				it('should return OK', async () => {
-					const { loggedInClient, room, inRoomEditor2 } = await setupRoomWithMembers();
+					const { loggedInClient, room, inRoomAdmin2 } = await setupRoomWithMembers();
 
-					const userIds = [inRoomEditor2.id];
+					const userIds = [inRoomAdmin2.id];
 					const response = await loggedInClient.patch(`/${room.id}/members/remove`, { userIds });
 
 					expect(response.status).toBe(HttpStatus.OK);
@@ -170,9 +170,9 @@ describe('Room Controller (API)', () => {
 
 			describe('when removing several users from the room', () => {
 				it('should return OK', async () => {
-					const { loggedInClient, room, inRoomEditor2, inRoomEditor3 } = await setupRoomWithMembers();
+					const { loggedInClient, room, inRoomAdmin2, inRoomAdmin3 } = await setupRoomWithMembers();
 
-					const userIds = [inRoomEditor2.id, inRoomEditor3.id];
+					const userIds = [inRoomAdmin2.id, inRoomAdmin3.id];
 					const response = await loggedInClient.patch(`/${room.id}/members/remove`, { userIds });
 
 					expect(response.status).toBe(HttpStatus.OK);
diff --git a/backup/setup/roles.json b/backup/setup/roles.json
index fab489dd12..0c494cb441 100644
--- a/backup/setup/roles.json
+++ b/backup/setup/roles.json
@@ -599,9 +599,7 @@
 		"name": "roomeditor",
 		"permissions": [
 			"ROOM_VIEW",
-			"ROOM_EDIT",
-			"ROOM_MEMBERS_ADD",
-			"ROOM_MEMBERS_REMOVE"
+			"ROOM_EDIT"
 		]
 	},
 	{