Module: Plutonium::Invites::Controller

Extended by:

ActiveSupport::Concern

Defined in:

lib/plutonium/invites/controller.rb

Overview

Controller provides the invitation acceptance flow for controllers.

This concern handles:

• Showing the invitation landing page

• Accepting invitations for logged-in users

• Signup flow for new users

• Cookie management for pending invitations

Examples:

Basic usage

class UserInvitationsController < ApplicationController
  include Plutonium::Invites::Controller

  layout "invitation"

  private

  def invite_class
    UserInvite
  end

  def after_accept_path
    root_path
  end

  def login_path
    rodauth.login_path
  end
end

Instance Method Summary

• #accept ⇒ Object

  POST /invitations/:token/accept.

• #show ⇒ Object

  GET /invitations/:token.

• #signup ⇒ Object

  GET/POST /invitations/:token/signup.

Instance Method Details

#accept ⇒ Object

POST /invitations/:token/accept

Accepts the invitation for the currently logged-in user.

# File 'lib/plutonium/invites/controller.rb', line 71

def accept
  return unless (@invite = load_and_validate_invite(params[:token]))

  unless current_user
    redirect_to invitation_path(token: params[:token]),
      alert: "Please sign in to accept this invitation"
    return
  end

  @invite.accept_for_user!(current_user)
  cookies.delete(:pending_invitation)

  redirect_to after_accept_path,
    notice: "Invitation accepted! Welcome to #{@invite.entity.to_label}!"
rescue ActiveRecord::RecordInvalid => e
  @error_title = "Acceptance Error"
  @error_message = e.record.errors.full_messages.join(", ")
  render :error, status: :forbidden
end

#show ⇒ Object

GET /invitations/:token

Shows the invitation landing page. If the user is logged in, shows the acceptance form. If not, shows signup/login options.

# File 'lib/plutonium/invites/controller.rb', line 45

def show
  return unless (@invite = load_and_validate_invite(params[:token]))

  # Store invitation token in cookie for later use
  cookies.encrypted[:pending_invitation] = {
    value: params[:token],
    expires: 1.hour.from_now
  }

  if current_user
    begin
      @invite.validate_email_constraints!(current_user.email)
      render :show
    rescue ActiveRecord::RecordInvalid => e
      @error_title = "Email Validation Error"
      @error_message = e.record.errors.full_messages.join(", ")
      render :error, status: :forbidden
    end
  else
    render :landing
  end
end

#signup ⇒ Object

GET/POST /invitations/:token/signup

Handles new user signup directly from the invitation.

# File 'lib/plutonium/invites/controller.rb', line 94

def signup
  return unless (@invite = load_and_validate_invite(params[:token]))

  if request.post?
    handle_signup_submission
  else
    render :signup
  end
end