Class: Kidsmin::Api::V1::InvitationsController

Inherits:
ActionController::API
  • Object
show all
Defined in:
app/controllers/kidsmin/api/v1/invitations_controller.rb

Instance Method Summary collapse

Instance Method Details

#acceptObject

POST /api/v1/invitations/:token/accept Called after the user authenticates via Rodauth. Links their account to the family.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'app/controllers/kidsmin/api/v1/invitations_controller.rb', line 31

def accept
  unless rodauth.authenticated?
    render json: { error: "Unauthorized", code: "unauthorized" }, status: :unauthorized
    return
  end

  invitation = Invitation.find_active(params[:token])
  if invitation.nil?
    render json: { error: "Invite link expired or already used.", code: "invalid_invite" },
           status: :not_found
    return
  end

  invitation.accept!(rodauth.)
  render json: { redirect_to: "/portal/dashboard" }
end

#showObject

GET /api/v1/invitations/:token — public, no auth



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'app/controllers/kidsmin/api/v1/invitations_controller.rb', line 7

def show
  invitation = Invitation.find_active(params[:token])

  if invitation.nil?
    render json: { error: "This invite link has expired or already been used.", code: "invalid_invite" },
           status: :not_found
    return
  end

  family = invitation.family
  render json: {
    token:      invitation.token,
    expires_at: invitation.expires_at,
    family: {
      first_name: family.primary_contact_first_name,
      last_name:  family.primary_contact_last_name,
      email:      family.email,
      phone:      family.phone,
    }
  }
end