otwarchive-symphonyarchive/app/controllers/invitations_controller.rb

class InvitationsController < ApplicationController
  before_action :check_permission
  before_action :admin_only, only: [:create, :destroy]
  before_action :check_user_status, only: [:index, :manage, :invite_friend, :update]
  before_action :load_invitation, only: [:show, :invite_friend, :update, :destroy]
  before_action :check_ownership_or_admin, only: [:show, :invite_friend, :update]

  def load_invitation
    @invitation = Invitation.find(params[:id] || invitation_params[:id])
    @check_ownership_of = @invitation
  end

  def check_permission
    @user = User.find_by(login: params[:user_id])
    access_denied unless policy(User).can_manage_users? || @user.present? && @user == current_user
  end

  def index
    @unsent_invitations = @user.invitations.unsent.limit(5)
  end

  def manage
    status = params[:status]
    @invitations = @user.invitations
    if %w(unsent unredeemed redeemed).include?(status)
      @invitations = @invitations.send(status)
    end
  end

  def show
  end

  def invite_friend
    if !invitation_params[:invitee_email].blank?
      @invitation.invitee_email = invitation_params[:invitee_email]
      if @invitation.save
        flash[:notice] = 'Invitation was successfully sent.'
        redirect_to([@user, @invitation])
      else
        render action: "show"
      end
    else
      flash[:error] = "Please enter an email address."
      render action: "show"
    end
  end

  def create
    if invitation_params[:number_of_invites].to_i > 0
      invitation_params[:number_of_invites].to_i.times do
        @user.invitations.create
      end
    end
    flash[:notice] = "Invitations were successfully created."
    redirect_to user_invitations_path(@user)
  end

  def update
    @invitation.attributes = invitation_params

    if @invitation.invitee_email_changed? && @invitation.update(invitation_params)
      flash[:notice] = 'Invitation was successfully sent.'
      if logged_in_as_admin?
        redirect_to find_admin_invitations_path("invitation[token]" => @invitation.token)
      else
        redirect_to([@user, @invitation])
      end
    else
      flash[:error] = "Please enter an email address." if @invitation.invitee_email.blank?
      render action: "show"
    end
  end

  def destroy
    @user = @invitation.creator
    if @invitation.destroy
      flash[:notice] = "Invitation successfully destroyed"
    else
      flash[:error] = "Invitation was not destroyed."
    end
    if @user.is_a?(User)
      redirect_to user_invitations_path(@user)
    else
      redirect_to admin_invitations_path
    end
  end

  private

  def invitation_params
    params.require(:invitation).permit(:id, :invitee_email, :number_of_invites)
  end
end
first 2026-03-11 22:22:11 +00:00			`class InvitationsController < ApplicationController`
			`before_action :check_permission`
			`before_action :admin_only, only: [:create, :destroy]`
			`before_action :check_user_status, only: [:index, :manage, :invite_friend, :update]`
			`before_action :load_invitation, only: [:show, :invite_friend, :update, :destroy]`
			`before_action :check_ownership_or_admin, only: [:show, :invite_friend, :update]`

			`def load_invitation`
			`@invitation = Invitation.find(params[:id] \|\| invitation_params[:id])`
			`@check_ownership_of = @invitation`
			`end`

			`def check_permission`
			`@user = User.find_by(login: params[:user_id])`
			`access_denied unless policy(User).can_manage_users? \|\| @user.present? && @user == current_user`
			`end`

			`def index`
			`@unsent_invitations = @user.invitations.unsent.limit(5)`
			`end`

			`def manage`
			`status = params[:status]`
			`@invitations = @user.invitations`
			`if %w(unsent unredeemed redeemed).include?(status)`
			`@invitations = @invitations.send(status)`
			`end`
			`end`

			`def show`
			`end`

			`def invite_friend`
			`if !invitation_params[:invitee_email].blank?`
			`@invitation.invitee_email = invitation_params[:invitee_email]`
			`if @invitation.save`
			`flash[:notice] = 'Invitation was successfully sent.'`
			`redirect_to([@user, @invitation])`
			`else`
			`render action: "show"`
			`end`
			`else`
			`flash[:error] = "Please enter an email address."`
			`render action: "show"`
			`end`
			`end`

			`def create`
			`if invitation_params[:number_of_invites].to_i > 0`
			`invitation_params[:number_of_invites].to_i.times do`
			`@user.invitations.create`
			`end`
			`end`
			`flash[:notice] = "Invitations were successfully created."`
			`redirect_to user_invitations_path(@user)`
			`end`

			`def update`
			`@invitation.attributes = invitation_params`

			`if @invitation.invitee_email_changed? && @invitation.update(invitation_params)`
			`flash[:notice] = 'Invitation was successfully sent.'`
			`if logged_in_as_admin?`
			`redirect_to find_admin_invitations_path("invitation[token]" => @invitation.token)`
			`else`
			`redirect_to([@user, @invitation])`
			`end`
			`else`
			`flash[:error] = "Please enter an email address." if @invitation.invitee_email.blank?`
			`render action: "show"`
			`end`
			`end`

			`def destroy`
			`@user = @invitation.creator`
			`if @invitation.destroy`
			`flash[:notice] = "Invitation successfully destroyed"`
			`else`
			`flash[:error] = "Invitation was not destroyed."`
			`end`
			`if @user.is_a?(User)`
			`redirect_to user_invitations_path(@user)`
			`else`
			`redirect_to admin_invitations_path`
			`end`
			`end`

			`private`

			`def invitation_params`
			`params.require(:invitation).permit(:id, :invitee_email, :number_of_invites)`
			`end`
			`end`