bigbluebutton_rails 1.3.0 → 1.4.0.beta1

data/Rakefile

@@ -31,30 +31,23 @@ namespace :rails_app do
   desc 'Setup rails app used in tests.'
   task :install do |app|
     cd File.join(File.dirname(__FILE__), "spec", "rails_app")
-    sh "rails destroy bigbluebutton_rails:install"
-    sh "rails generate bigbluebutton_rails:install"
+    sh "bundle exec rails destroy bigbluebutton_rails:install"
+    sh "bundle exec rails generate bigbluebutton_rails:install"
     cd File.dirname(__FILE__)
   end
 
   desc 'Setup the db in the rails app used in tests.'
   task :db do
     cd File.join(File.dirname(__FILE__), "spec", "rails_app")
-    # base
-    sh "rake db:drop:all"
-    sh "rake db:create:all"
-    # development
-    sh "rake db:migrate RAILS_ENV=development"
-    sh "rake db:seed RAILS_ENV=development"
-    # test
-    sh "rake db:migrate RAILS_ENV=test"
-    sh "rake db:test:prepare RAILS_ENV=test"
+    sh "bundle exec rake db:drop db:create db:migrate db:seed RAILS_ENV=development"
+    sh "bundle exec rake db:drop db:create db:migrate db:test:prepare RAILS_ENV=test"
     cd File.dirname(__FILE__)
   end
 
   desc 'Populate the db in the test app'
   task :populate do
     cd "spec/rails_app/"
-    sh "rake db:populate"
+    sh "bundle exec rake db:populate"
     cd "../.."
   end
 
@@ -62,7 +55,7 @@ namespace :rails_app do
     desc 'Updates the recordings'
     task :update do
       cd "spec/rails_app/"
-      sh "rake bigbluebutton_rails:recordings:update"
+      sh "bundle exec rake bigbluebutton_rails:recordings:update"
       cd "../.."
     end
   end
@@ -71,12 +64,12 @@ end
 task :cucumber do
   if File.exists? "features/"
     puts "* Gem features"
-    sh "cucumber features/"
+    sh "bundle exec cucumber features/"
   end
 
   puts "* Dummy app features"
   cd File.join(File.dirname(__FILE__), "spec", "rails_app")
-  sh "cucumber features/"
+  sh "bundle exec cucumber features/"
   cd File.dirname(__FILE__)
 end
 
@@ -89,28 +82,32 @@ desc 'Setup the rails_app using the migration files created when upgrading the g
 namespace :spec do
   task :migrations do |app|
     cd "spec/rails_app/"
-    sh "rails destroy bigbluebutton_rails:install"
-    sh "rails generate bigbluebutton_rails:install 0.0.4"
-    sh "rails generate bigbluebutton_rails:install 0.0.5 --migration-only"
+    sh "bundle exec rails destroy bigbluebutton_rails:install"
+    sh "bundle exec rails generate bigbluebutton_rails:install 0.0.4"
+    sh "bundle exec rails generate bigbluebutton_rails:install 0.0.5 --migration-only"
+    sh "bundle exec rails generate bigbluebutton_rails:install 1.3.0 --migration-only"
+    sh "bundle exec rails generate bigbluebutton_rails:install 1.4.0 --migration-only"
 
-    sh "rake db:drop RAILS_ENV=test"
-    sh "rake db:create RAILS_ENV=test"
-    sh "rake db:migrate RAILS_ENV=test"
-    sh "rake db:test:prepare RAILS_ENV=test"
+    sh "bundle exec rake db:drop RAILS_ENV=test"
+    sh "bundle exec rake db:create RAILS_ENV=test"
+    sh "bundle exec rake db:migrate RAILS_ENV=test"
+    sh "bundle exec rake db:test:prepare RAILS_ENV=test"
 
     cd "../.."
     Rake::Task["spec"].invoke
     Rake::Task["cucumber"].invoke
 
     cd "spec/rails_app/"
-    sh "rails destroy bigbluebutton_rails:install 0.0.5 --migration-only"
-    sh "rails destroy bigbluebutton_rails:install 0.0.4"
+    sh "bundle exec rails destroy bigbluebutton_rails:install 1.4.0 --migration-only"
+    sh "bundle exec rails destroy bigbluebutton_rails:install 1.3.0 --migration-only"
+    sh "bundle exec rails destroy bigbluebutton_rails:install 0.0.5 --migration-only"
+    sh "bundle exec rails destroy bigbluebutton_rails:install 0.0.4"
   end
 end
 
 desc 'Generate the best practices report'
 task :best_practices do |app|
-  sh "rails_best_practices -f html --spec &>/dev/null"
+  sh "bundle exec rails_best_practices -f html --spec &>/dev/null"
   puts
   puts "Output will be in the file rails_best_practices_output.html"
   puts

data/{TODO_08 → TODO.rdoc}

@@ -1,12 +1,16 @@
-TODOs for BigBlueButton 0.8:
-
 TODO:
 * Pre-upload of slides
 * 'userID' argument in 'join' and in the respone of 'getMeetingInfo'.
 * 'createTime' argument in 'join' and in the response of 'create'.
 * New return values (e.g). 'createTime'.
 * We don't need to randomize the meeting_id anymore (to confirm)
+* Options 'redirectClient' and 'clientURL' on 'create'
+* Options 'configToken' and 'avatarURL' on 'join'
+* 'getDefaultConfigXML' and 'setConfigXML'. They are already used when a user joins a meeting,
+  to set the custom options configured in the target room. But these API methods cannot be called
+  individually yet.
 
 See:
+* https://code.google.com/p/bigbluebutton/wiki/API#Updates_to_API_in_BigBlueButton_0.81
 * http://code.google.com/p/bigbluebutton/wiki/API#Version_0.80
 * http://groups.google.com/group/bigbluebutton-dev/browse_thread/thread/c214cbe9bdb2268a?pli=1

data/app/controllers/bigbluebutton/recordings_controller.rb

@@ -1,4 +1,5 @@
 class Bigbluebutton::RecordingsController < ApplicationController
+  include BigbluebuttonRails::InternalControllerMethods
 
   respond_to :html
   respond_to :json, :only => [:index, :show, :update, :destroy, :publish, :unpublish]
@@ -19,14 +20,14 @@ class Bigbluebutton::RecordingsController < ApplicationController
 
   def update
     respond_with @recording do |format|
-      if @recording.update_attributes(params[:bigbluebutton_recording])
+      if @recording.update_attributes(recording_params)
         format.html {
           message = t('bigbluebutton_rails.recordings.notice.update.success')
-          redirect_to(@recording, :notice => message)
+          redirect_to_using_params @recording, :notice => message
         }
-        format.json { head :ok }
+        format.json { render :json => true, :status => :ok }
       else
-        format.html { render :edit }
+        format.html { redirect_to_params_or_render :edit }
         format.json { render :json => @recording.errors.full_messages, :status => :unprocessable_entity }
       end
     end
@@ -52,14 +53,14 @@ class Bigbluebutton::RecordingsController < ApplicationController
       format.html {
         if error
           flash[:error] = message
-          redirect_to params[:redir_url] ||= bigbluebutton_recordings_url
+          redirect_to_using_params bigbluebutton_recordings_url
         else
-          redirect_to params[:redir_url] ||= bigbluebutton_recordings_url, :notice => message
+          redirect_to_using_params bigbluebutton_recordings_url, :notice => message
         end
       }
       format.json {
         if error
-         render :json => { :message => message }, :status => :error
+          render :json => { :message => message }, :status => :error
         else
           render :json => { :message => message }
         end
@@ -79,7 +80,7 @@ class Bigbluebutton::RecordingsController < ApplicationController
           redirect_to playback.url
         else
           flash[:error] = t('bigbluebutton_rails.recordings.errors.play.no_format')
-          redirect_to bigbluebutton_recording_url(@recording)
+          redirect_to_using_params bigbluebutton_recording_url(@recording)
         end
       }
     end
@@ -125,18 +126,32 @@ class Bigbluebutton::RecordingsController < ApplicationController
         else
           message = t('bigbluebutton_rails.recordings.notice.unpublish.success')
         end
-        format.html { redirect_to(bigbluebutton_recording_path(@recording), :notice => message) }
+        format.html {
+          redirect_to_using_params bigbluebutton_recording_path(@recording), :notice => message
+        }
         format.json { render :json => message }
       end
     rescue BigBlueButton::BigBlueButtonException => e
       respond_with do |format|
         format.html {
           flash[:error] = e.to_s[0..200]
-          redirect_to bigbluebutton_recording_path(@recording)
+          redirect_to_using_params bigbluebutton_recording_path(@recording)
         }
         format.json { render :json => e.to_s[0..200], :status => :error }
       end
     end
   end
 
+  def recording_params
+    unless params[:bigbluebutton_recording].nil?
+      params[:bigbluebutton_recording].permit(*recording_allowed_params)
+    else
+      []
+    end
+  end
+
+  def recording_allowed_params
+    [ :recordid, :meetingid, :name, :published, :start_time, :end_time, :available, :description ]
+  end
+
 end

data/app/controllers/bigbluebutton/rooms_controller.rb

@@ -1,12 +1,18 @@
+# -*- coding: utf-8 -*-
 require 'bigbluebutton_api'
 
 class Bigbluebutton::RoomsController < ApplicationController
+  include BigbluebuttonRails::InternalControllerMethods
 
-  before_filter :find_room, :except => [:index, :create, :new, :auth, :external, :external_auth]
-  before_filter :find_server, :only => [:external, :external_auth]
+  before_filter :find_room, :except => [:index, :create, :new, :join]
 
   # set headers only in actions that might trigger api calls
-  before_filter :set_request_headers, :only => [:join_mobile, :end, :running, :join, :destroy, :auth, :external_auth]
+  before_filter :set_request_headers, :only => [:join_mobile, :end, :running, :join, :destroy]
+
+  before_filter :join_check_room, :only => :join
+  before_filter :join_user_params, :only => :join
+  before_filter :join_check_can_create, :only => :join
+  before_filter :join_check_redirect_to_mobile, :only => :join
 
   respond_to :html, :except => :running
   respond_to :json, :only => [:running, :show, :new, :index, :create, :update]
@@ -28,10 +34,11 @@ class Bigbluebutton::RoomsController < ApplicationController
   end
 
   def create
-    @room = BigbluebuttonRoom.new(params[:bigbluebutton_room])
+    @room = BigbluebuttonRoom.new(room_params)
 
-    if !params[:bigbluebutton_room].has_key?(:meetingid) or
-        params[:bigbluebutton_room][:meetingid].blank?
+    if params[:bigbluebutton_room] and
+        (not params[:bigbluebutton_room].has_key?(:meetingid) or
+         params[:bigbluebutton_room][:meetingid].blank?)
       @room.meetingid = @room.name
     end
 
@@ -39,17 +46,15 @@ class Bigbluebutton::RoomsController < ApplicationController
       if @room.save
         message = t('bigbluebutton_rails.rooms.notice.create.success')
         format.html {
-          redirect_to params[:redir_url] ||= bigbluebutton_room_path(@room), :notice => message
+          redirect_to_using_params bigbluebutton_room_path(@room), :notice => message
+        }
+        format.json {
+          render :json => { :message => message }, :status => :created
         }
-        format.json { render :json => { :message => message }, :status => :created }
       else
         format.html {
-          unless params[:redir_url].blank?
-            message = t('bigbluebutton_rails.rooms.notice.create.failure')
-            redirect_to params[:redir_url], :error => message
-          else
-            render :new
-          end
+          message = t('bigbluebutton_rails.rooms.notice.create.failure')
+          redirect_to_params_or_render :new, :error => message
         }
         format.json { render :json => @room.errors.full_messages, :status => :unprocessable_entity }
       end
@@ -58,20 +63,16 @@ class Bigbluebutton::RoomsController < ApplicationController
 
   def update
     respond_with @room do |format|
-      if @room.update_attributes(params[:bigbluebutton_room])
+      if @room.update_attributes(room_params)
         message = t('bigbluebutton_rails.rooms.notice.update.success')
         format.html {
-          redirect_to params[:redir_url] ||= bigbluebutton_room_path(@room), :notice => message
+          redirect_to_using_params bigbluebutton_room_path(@room), :notice => message
         }
         format.json { render :json => { :message => message } }
       else
         format.html {
-          unless params[:redir_url].blank?
-            flash[:error] = t('bigbluebutton_rails.rooms.notice.update.failure')
-            redirect_to params[:redir_url]
-          else
-            render :edit
-          end
+          message = t('bigbluebutton_rails.rooms.notice.update.failure')
+          redirect_to_params_or_render :edit, :error => message
         }
         format.json { render :json => @room.errors.full_messages, :status => :unprocessable_entity }
       end
@@ -95,7 +96,7 @@ class Bigbluebutton::RoomsController < ApplicationController
     respond_with do |format|
       format.html {
         flash[:error] = message if error
-        redirect_to params[:redir_url] ||= bigbluebutton_rooms_url
+        redirect_to_using_params bigbluebutton_rooms_url
       }
       format.json {
         if error
@@ -107,19 +108,10 @@ class Bigbluebutton::RoomsController < ApplicationController
     end
   end
 
-  # Used by logged users to join public rooms.
+  # Used to join users into a meeting. Most of the work is done in before filters.
+  # Can be called via GET or POST and accepts parameters both in the POST data and URL.
   def join
-    @user_role = bigbluebutton_role(@room)
-    if @user_role.nil?
-      raise BigbluebuttonRails::RoomAccessDenied.new
-
-    # anonymous users or users with the role :password join through #invite
-    elsif bigbluebutton_user.nil? or @user_role == :password
-      redirect_to :action => :invite, :mobile => params[:mobile]
-
-    else
-      join_internal(bigbluebutton_user.name, @user_role, bigbluebutton_user.id, :join)
-    end
+    join_internal(@user_name, @user_role, @user_id)
   end
 
   # Used to join private rooms or to invite anonymous users (not logged)
@@ -136,82 +128,6 @@ class Bigbluebutton::RoomsController < ApplicationController
     end
   end
 
-  # Authenticates an user using name and password passed in the params from #invite
-  # Uses params[:id] to get the target room
-  def auth
-    @room = BigbluebuttonRoom.find_by_param(params[:id]) unless params[:id].blank?
-    if @room.nil?
-      message = t('bigbluebutton_rails.rooms.errors.auth.wrong_params')
-      redirect_to :back, :notice => message
-      return
-    end
-
-    # gets the user information, given priority to a possible logged user
-    name = bigbluebutton_user.nil? ? params[:user][:name] : bigbluebutton_user.name
-    id = bigbluebutton_user.nil? ? nil : bigbluebutton_user.id
-    # the role: nil means access denied, :password means check the room
-    # password, otherwise just use it
-    @user_role = bigbluebutton_role(@room)
-    if @user_role.nil?
-      raise BigbluebuttonRails::RoomAccessDenied.new
-    elsif @user_role == :password
-      role = @room.user_role(params[:user])
-    else
-      role = @user_role
-    end
-
-    unless role.nil? or name.nil? or name.empty?
-      join_internal(name, role, id, :invite)
-    else
-      flash[:error] = t('bigbluebutton_rails.rooms.errors.auth.failure')
-      render :invite, :status => :unauthorized
-    end
-  end
-
-  # receives :server_id to indicate the server and :meeting to indicate the
-  # MeetingID of the meeting that should be joined
-  def external
-    if params[:meeting].blank?
-      message = t('bigbluebutton_rails.rooms.errors.external.blank_meetingid')
-      redirect_to params[:redir_url] ||= bigbluebutton_rooms_path, :notice => message
-    end
-    @room = BigbluebuttonRoom.new(:server => @server, :meetingid => params[:meeting])
-  end
-
-  # Authenticates an user using name and password passed in the params from #external
-  # Uses params[:meeting] to get the meetingID of the target room
-  def external_auth
-    # check :meeting and :user
-    if !params[:meeting].blank? && !params[:user].blank?
-      @server.fetch_meetings
-      @room = @server.meetings.select{ |r| r.meetingid == params[:meeting] }.first
-      message = t('bigbluebutton_rails.rooms.errors.external.inexistent_meeting') if @room.nil?
-    else
-      message = t('bigbluebutton_rails.rooms.errors.external.wrong_params')
-    end
-
-    unless message.nil?
-      @room = nil
-      redirect_to :back, :notice => message
-      return
-    end
-
-    # This is just to check if the room is not blocked, not to get the actual role
-    raise BigbluebuttonRails::RoomAccessDenied.new if bigbluebutton_role(@room).nil?
-
-    # if there's a user logged, use his name instead of the name in the params
-    name = bigbluebutton_user.nil? ? params[:user][:name] : bigbluebutton_user.name
-    id = bigbluebutton_user.nil? ? nil : bigbluebutton_user.id
-    role = @room.user_role(params[:user])
-
-    unless role.nil? or name.nil? or name.empty?
-      join_internal(name, role, id, :external)
-    else
-      flash[:error] = t('bigbluebutton_rails.rooms.errors.auth.failure')
-      render :external, :status => :unauthorized
-    end
-  end
-
   def running
     begin
       @room.fetch_is_running?
@@ -243,14 +159,14 @@ class Bigbluebutton::RoomsController < ApplicationController
       respond_with do |format|
         format.html {
           flash[:error] = message
-          redirect_to :back
+          redirect_to_using_params :back
         }
         format.json { render :json => message, :status => :error }
       end
     else
       respond_with do |format|
         format.html {
-          redirect_to(params[:redir_url] || bigbluebutton_room_path(@room), :notice => message)
+          redirect_to_using_params bigbluebutton_room_path(@room), :notice => message
         }
         format.json { render :json => message }
       end
@@ -259,13 +175,9 @@ class Bigbluebutton::RoomsController < ApplicationController
   end
 
   def join_mobile
-    @join_url = join_bigbluebutton_room_url(@room, :mobile => '1')
-    @join_url.gsub!(/http:\/\//i, "bigbluebutton://")
-
-    # TODO: we can't use the mconf url because the mobile client scanning the qrcode is not
-    # logged. so we are using the full BBB url for now.
-    @qrcode_url = @room.join_url(bigbluebutton_user.name, bigbluebutton_role(@room))
-    @qrcode_url.gsub!(/http:\/\//i, "bigbluebutton://")
+    filtered_params = select_params_for_join_mobile(params.clone)
+    @join_mobile = join_bigbluebutton_room_url(@room, filtered_params.merge({:auto_join => '1' }))
+    @join_desktop = join_bigbluebutton_room_url(@room, filtered_params.merge({:desktop => '1' }))
   end
 
   def fetch_recordings
@@ -273,7 +185,7 @@ class Bigbluebutton::RoomsController < ApplicationController
 
     if @room.server.nil?
       error = true
-      message = t('bigbluebutton_rails.rooms.error.fetch_recordings.no_server')
+      message = t('bigbluebutton_rails.rooms.errors.fetch_recordings.no_server')
     else
       begin
         # filter only recordings created by this room
@@ -289,13 +201,13 @@ class Bigbluebutton::RoomsController < ApplicationController
     respond_with do |format|
       format.html {
         flash[error ? :error : :notice] = message
-        redirect_to bigbluebutton_room_path(@room)
+        redirect_to_using_params bigbluebutton_room_path(@room)
       }
       format.json {
         if error
           render :json => { :message => message }, :status => :error
         else
-          head :ok
+          render :json => true, :status => :ok
         end
       }
     end
@@ -311,47 +223,152 @@ class Bigbluebutton::RoomsController < ApplicationController
     @room = BigbluebuttonRoom.find_by_param(params[:id])
   end
 
-  def find_server
-    @server = BigbluebuttonServer.find(params[:server_id])
-  end
-
   def set_request_headers
     unless @room.nil?
       @room.request_headers["x-forwarded-for"] = request.remote_ip
     end
   end
 
-  def join_internal(username, role, id, wait_action)
+  def join_check_room
+    @room = BigbluebuttonRoom.find_by_param(params[:id]) unless params[:id].blank?
+    if @room.nil?
+      message = t('bigbluebutton_rails.rooms.errors.join.wrong_params')
+      redirect_to :back, :notice => message
+    end
+  end
+
+  # Checks the parameters received when calling `join` and sets them in variables to
+  # be accessed by other methods. Sets the user's name, id and role. Gives priority to
+  # a logged user over the information provided in the params.
+  def join_user_params
+    # gets the user information, given priority to a possible logged user
+    if bigbluebutton_user.nil?
+      @user_name = params[:user].blank? ? nil : params[:user][:name]
+      @user_id = nil
+    else
+      @user_name = bigbluebutton_user.name
+      @user_id = bigbluebutton_user.id
+    end
+
+    # the role: nil means access denied, :password means check the room
+    # password, otherwise just use it
+    @user_role = bigbluebutton_role(@room)
+    if @user_role.nil?
+      raise BigbluebuttonRails::RoomAccessDenied.new
+    elsif @user_role == :password
+      @user_role = @room.user_role(params[:user])
+    end
+
+    if @user_role.nil? or @user_name.blank?
+      flash[:error] = t('bigbluebutton_rails.rooms.errors.join.failure')
+      redirect_to_on_join_error
+    end
+  end
+
+  # Aborts and redirects to an error if the user can't create a meeting in
+  # the room and it needs to be created.
+  def join_check_can_create
+    begin
+      unless @room.fetch_is_running?
+        unless bigbluebutton_can_create?(@room, @user_role)
+          flash[:error] = t('bigbluebutton_rails.rooms.errors.join.cannot_create')
+          redirect_to_on_join_error
+        end
+      end
+    rescue BigBlueButton::BigBlueButtonException => e
+      flash[:error] = e.to_s[0..200]
+      redirect_to_on_join_error
+    end
+  end
+
+  # If the user called the join from a mobile device, he will be redirected to
+  # an intermediary page with information about the mobile client. A few flags set
+  # in the params can override this behavior and skip this intermediary page.
+  def join_check_redirect_to_mobile
+    if browser.mobile? &&
+        !BigbluebuttonRails::value_to_boolean(params[:auto_join]) &&
+        !BigbluebuttonRails::value_to_boolean(params[:desktop])
+
+      # since we're redirecting to an intermediary page, we set in the params the params
+      # we received, including the referer, so we can go back to the previous page if needed
+      filtered_params = select_params_for_join_mobile(params.clone)
+      begin
+        filtered_params[:redir_url] = Addressable::URI.parse(request.env["HTTP_REFERER"]).path
+      rescue
+      end
+
+      redirect_to join_mobile_bigbluebutton_room_path(@room, filtered_params)
+    end
+  end
+
+  # Selects the params from `params` that should be passed in a redirect to `join_mobile` and
+  # adds new parameters that might be needed.
+  def select_params_for_join_mobile(params)
+    params.blank? ? {} : params.slice("user", "redir_url")
+  end
+
+  # Default method to redirect after an error in the action `join`.
+  def redirect_to_on_join_error
+    redirect_to_using_params_or_back(invite_bigbluebutton_room_path(@room))
+  end
+
+  # The internal process to join a meeting.
+  def join_internal(username, role, id)
     begin
       # first check if we have to create the room and if the user can do it
-      @room.fetch_is_running?
-      unless @room.is_running?
+      unless @room.fetch_is_running?
         if bigbluebutton_can_create?(@room, role)
-          @room.create_meeting(username, id, request)
+          user_opts = bigbluebutton_create_options(@room)
+          @room.create_meeting(bigbluebutton_user, request, user_opts)
         else
-          flash[:error] = t('bigbluebutton_rails.rooms.errors.auth.cannot_create')
-          render wait_action, :status => :unauthorized
+          flash[:error] = t('bigbluebutton_rails.rooms.errors.join.cannot_create')
+          redirect_to_on_join_error
           return
         end
       end
 
+      # gets the token with the configurations for this user/room
+      token = @room.fetch_new_token
+      options = if token.nil? then {} else { :configToken => token } end
+
       # room created and running, try to join it
-      url = @room.join_url(username, role)
+      url = @room.join_url(username, role, nil, options)
       unless url.nil?
-        # change the protocol to join with BBB-Android/Mconf-Mobile if set
-        if BigbluebuttonRails::value_to_boolean(params[:mobile])
-          url.gsub!(/http:\/\//i, "bigbluebutton://")
+
+        # change the protocol to join with a mobile device
+        if browser.mobile? && !BigbluebuttonRails::value_to_boolean(params[:desktop])
+          url.gsub!(/^[^:]*:\/\//i, "bigbluebutton://")
         end
-        redirect_to(url)
+
+        # enqueue an update in the meetings for later on
+        # note: this is the only update that is not in the model, but has to be here
+        # because the model doesn't know when a user joined a room
+        Resque.enqueue(::BigbluebuttonMeetingUpdater, @room.id, 15.seconds)
+
+        redirect_to url
       else
-        flash[:error] = t('bigbluebutton_rails.rooms.errors.auth.not_running')
-        render wait_action
+        flash[:error] = t('bigbluebutton_rails.rooms.errors.join.not_running')
+        redirect_to_on_join_error
       end
 
     rescue BigBlueButton::BigBlueButtonException => e
       flash[:error] = e.to_s[0..200]
-      redirect_to :back
+      redirect_to_on_join_error
     end
   end
 
+  def room_params
+    unless params[:bigbluebutton_room].nil?
+      params[:bigbluebutton_room].permit(*room_allowed_params)
+    else
+      []
+    end
+  end
+
+  def room_allowed_params
+    [ :name, :server_id, :meetingid, :attendee_password, :moderator_password, :welcome_msg,
+      :private, :logout_url, :dial_number, :voice_bridge, :max_participants, :owner_id,
+      :owner_type, :external, :param, :record, :duration, :default_layout, :presenter_share_only,
+      :auto_start_video, :auto_start_audio, :metadata_attributes => [ :id, :name, :content, :_destroy, :owner_id ] ]
+  end
 end