From 03598be668ef9f03e1ef8b41d02cc7961d5feda7 Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Wed, 18 Oct 2023 15:04:48 -0400
Subject: [PATCH] Fix for superadmins when changing pages (#5470)

* Fix for superadmins when changing pages

* eslint
---
 app/controllers/application_controller.rb   |  1 +
 app/javascript/routes/AuthenticatedOnly.jsx |  9 ++++++--
 config/initializers/session_store.rb        | 23 +++++++++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 config/initializers/session_store.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 69093e9b..69795c8d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -78,6 +78,7 @@ class ApplicationController < ActionController::Base
   def invalid_session?(user)
     return true if user&.session_token != session[:session_token]
     return true if user&.session_expiry && DateTime.now > user&.session_expiry
+    return true if !user.super_admin? && user.provider != current_provider
 
     false
   end
diff --git a/app/javascript/routes/AuthenticatedOnly.jsx b/app/javascript/routes/AuthenticatedOnly.jsx
index 4f5c5654..f8fde5ed 100644
--- a/app/javascript/routes/AuthenticatedOnly.jsx
+++ b/app/javascript/routes/AuthenticatedOnly.jsx
@@ -27,7 +27,8 @@ export default function AuthenticatedOnly() {
   const { t } = useTranslation();
   const currentUser = useAuth();
   const location = useLocation();
-  const match = useMatch('/rooms/:friendlyId');
+  const roomsMatch = useMatch('/rooms/:friendlyId');
+  const superAdminMatch = useMatch('/admin/*');
   const deleteSession = useDeleteSession({ showToast: false });
 
   // User is either pending or banned
@@ -44,10 +45,14 @@ export default function AuthenticatedOnly() {
   }
 
   // Custom logic to redirect from Rooms page to join page if the user isn't signed in
-  if (!currentUser.signed_in && match) {
+  if (!currentUser.signed_in && roomsMatch) {
     return <Navigate to={`${location.pathname}/join`} />;
   }
 
+  if (currentUser.signed_in && currentUser.isSuperAdmin && !superAdminMatch) {
+    return <Navigate to="/admin/users" />;
+  }
+
   if (!currentUser.signed_in) {
     toast.error(t('toast.error.signin_required'));
     return <Navigate to="/" />;
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
new file mode 100644
index 00000000..10565e2b
--- /dev/null
+++ b/config/initializers/session_store.rb
@@ -0,0 +1,23 @@
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
+#
+# Copyright (c) 2022 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# Greenlight is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with Greenlight; if not, see <http://www.gnu.org/licenses/>.
+
+# frozen_string_literal: true
+
+if ENV['LOADBALANCER_ENDPOINT'].present?
+  Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session', domain: ENV.fetch('SESSION_DOMAIN_NAME', nil)
+else
+  Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session'
+end
-- 
GitLab