Class: BulletTrain::Platform::ConnectionWorkflow

Inherits:
Object
  • Object
show all
Defined in:
lib/bullet_train/platform/connection_workflow.rb

Instance Method Summary collapse

Instance Method Details

#to_procObject 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/bullet_train/platform/connection_workflow.rb', line 4

def to_proc
  proc do
    # Load the platform application in question.
    # TODO Do we need to check the client secret or does Doorkeeper do that for us?
    @application = Platform::Application.find_by(uid: params[:client_id])

    # If the user is current signed in.
    if current_user
      # If the client application is opting into a team-level connection instead of a user-level connection, they have
      # to select a team.
      if params[:new_installation]
        # If they selected a team on the team selection page.
        if params[:team_id]
          # Load the selected team.
          team = Team.find(params[:team_id])

          # Throw an error if they aren't allowed to create connections on this team.
          authorize! :connect, team

          # Create a faux membership and user that represent this connection.
          # We have to do this because all our permissions are based on users, so team-level connections need a user.
          faux_password = SecureRandom.hex
          faux_user = User.create(
            email: "noreply+#{SecureRandom.hex}@bullettrain.co",
            password: faux_password,
            password_confirmation: faux_password,
            platform_agent_of: @application,
            first_name: @application.name
          )

          faux_membership = team.memberships.create(
            user: faux_user,
            platform_agent: true,
            platform_agent_of: @application,
            added_by: team.memberships.find_by(user: current_user)
          )

          faux_membership.roles << Role.admin

          # We're done! Return the user, it'll be associated with the access grant and subsequent access token.
          faux_user
        else
          # Show them a list of all their teams.
          # We'll disable the teams they can't create connections for in the view.
          @teams = current_user.teams

          render "account/platform/connections/new"
        end
      else
        # If the client application isn't specifically opting into a team-level installation, just connect on behalf of the user.
        current_user
      end
    else
      # If they're not signed in, redirect them to the sign in page and set a return URL via params.
      # This is a crazy workaround for the fact that Safari doesn't let us create a session at the same time we redirect.
      redirect_to new_user_session_path(return_url: request.url)
    end
  end
end