Only allow stopping a recording if you are the owner

ruby/lib/jam_ruby/models/active_music_session.rb

@@ -863,6 +863,10 @@ module JamRuby
       self.save!(:validate => false)
     end
 
+    def in_session?(user)
+      self.users.exists?(user.id)
+    end
+
     def connected_participant_count
       Connection.where(:music_session_id => self.id, 
                        :aasm_state => Connection::CONNECT_STATE.to_s,

ruby/lib/jam_ruby/models/recording.rb

@@ -75,6 +75,11 @@ module JamRuby
       has_stream_mix
     end
 
+    def can_stop?(user)
+      # only allow the starting-user to create (ideally, perhaps, only the client that did it)
+      user == owner
+    end
+
     # this should be a has-one relationship.  until this, this is easiest way to get from recording > mix
     def mix
       self.mixes[0] if self.mixes.length > 0
@@ -214,7 +219,7 @@ module JamRuby
     def has_access?(user)
       return false if user.nil?
 
-      users.exists?(user.id) || attached_with_lesson(user) #|| plays.where("player_id=?", user).count != 0
+      users.exists?(user.id) || attached_with_lesson(user) || (music_session && music_session.in_session?(user))
     end
 
     def attached_with_lesson(user)

web/app/controllers/api_recordings_controller.rb

@@ -187,6 +187,11 @@ class ApiRecordingsController < ApiController
   
   def stop
 
+    # only allow the creator to stop the recording
+    if @recording.can_stop?(current_user) == false
+      raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
+    end
+
     @recording.stop
 
     if @recording.errors.any?

web/config/application.rb

@@ -386,6 +386,7 @@ if defined?(Bundler)
     config.video_available = "full"
     config.alerts_api_enabled = true
 
+    config.show_recording_debug_status = false
     config.gear_check_ignore_high_latency = false
     config.remove_whitespace_credit_card = false
     config.estimate_taxes = true

web/config/initializers/gon.rb

@@ -31,5 +31,6 @@ Gon.global.braintree_token = Rails.application.config.braintree_token
 Gon.global.paypal_admin_only = Rails.application.config.paypal_admin_only
 Gon.global.use_video_conferencing_server = Rails.application.config.use_video_conferencing_server
 Gon.global.manual_override_installer_ends_with = Rails.application.config.manual_override_installer_ends_with
+Gon.global.show_recording_debug_status = Rails.application.config.show_recording_debug_status
 Gon.global.env = Rails.env
 Gon.global.version = ::JamWeb::VERSION