akkounts/app/controllers/invitations_controller.rb

class InvitationsController < ApplicationController
  before_action :require_user_signed_in, except: ["show"]
  before_action :require_user_signed_out, only: ["show"]

  # GET /invitations
  def index
    @invitations_unused = current_user.invitations.unused
    @invitations_used   = current_user.invitations.used.order('used_at desc')
    @current_section = :invitations
  end

  # GET /invitations/a-random-invitation-token
  def show
    token = session[:invitation_token] = params[:id]

    if Invitation.where(token: token, used_at: nil).exists?
      redirect_to signup_path and return
    else
      flash.now[:alert] = "This invitation either doesn't exist or has already been used."
      http_status :unauthorized
    end
  end

  # POST /invitations
  def create
    @invitation = Invitation.new(user: current_user)

    respond_to do |format|
      if @invitation.save
        format.html do redirect_to @invitation, flash: {
          success: 'Invitation was successfully created.'
        }
        end
        format.json { render :show, status: :created, location: @invitation }
      else
        format.html { render :new }
        format.json { render json: @invitation.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /invitations/1
  def destroy
    @invitation = current_user.invitations.find(params[:id])
    @invitation.destroy
    respond_to do |format|
      format.html { redirect_to invitations_url }
      format.json { head :no_content }
    end
  end
end