Require valid invitation to start sign-up process
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -9,6 +9,12 @@ class ApplicationController < ActionController::Base
|
||||
end
|
||||
end
|
||||
|
||||
def require_user_signed_out
|
||||
if user_signed_in?
|
||||
redirect_to root_path and return
|
||||
end
|
||||
end
|
||||
|
||||
def authorize_admin
|
||||
http_status :forbidden unless current_user.is_admin?
|
||||
end
|
||||
|
||||
@@ -1,11 +1,26 @@
|
||||
class InvitationsController < ApplicationController
|
||||
before_action :require_user_signed_in
|
||||
before_action :require_user_signed_in, except: ["show"]
|
||||
before_action :require_user_signed_out, only: ["show"]
|
||||
|
||||
layout "signup", only: ["show"]
|
||||
|
||||
# GET /invitations
|
||||
def index
|
||||
@invitations = current_user.invitations
|
||||
end
|
||||
|
||||
# GET /invitations/a-random-invitation-token
|
||||
def show
|
||||
token = session[:invitation_token] = params[:id]
|
||||
|
||||
if Invitation.where(token: token, used_at: nil).exists?
|
||||
redirect_to signup_path and return
|
||||
else
|
||||
flash.now[:alert] = "This invitation either doesn't exist or has already been used."
|
||||
http_status :unauthorized
|
||||
end
|
||||
end
|
||||
|
||||
# POST /invitations
|
||||
def create
|
||||
@invitation = Invitation.new(user: current_user)
|
||||
|
||||
33
app/controllers/signup_controller.rb
Normal file
33
app/controllers/signup_controller.rb
Normal file
@@ -0,0 +1,33 @@
|
||||
class SignupController < ApplicationController
|
||||
before_action :require_user_signed_out
|
||||
before_action :require_invitation
|
||||
before_action :set_invitation
|
||||
|
||||
layout "signup"
|
||||
|
||||
def index
|
||||
@invited_by_name = @invitation.user.address
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def require_invitation
|
||||
if session[:invitation_token].blank?
|
||||
flash.now[:alert] = "You need an invitation to sign up for an account."
|
||||
http_status :unauthorized
|
||||
elsif !valid_invitation?(session[:invitation_token])
|
||||
flash.now[:alert] = "This invitation either doesn't exist or has already been used."
|
||||
http_status :unauthorized
|
||||
end
|
||||
|
||||
@invitation = Invitation.find_by(token: session[:invitation_token])
|
||||
end
|
||||
|
||||
def valid_invitation?(token)
|
||||
Invitation.where(token: session[:invitation_token], used_at: nil).exists?
|
||||
end
|
||||
|
||||
def set_invitation
|
||||
@invitation = Invitation.find_by(token: session[:invitation_token])
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user