There is only one account, so just check join code directly

This commit is contained in:
David Heinemeier Hansson
2025-04-15 15:35:10 +02:00
parent 7e5f71fedd
commit 2ace519d91
2 changed files with 4 additions and 4 deletions
+3 -3
View File
@@ -2,7 +2,7 @@ class UsersController < ApplicationController
require_unauthenticated_access only: %i[ new create ]
before_action :set_user, only: %i[ show edit update destroy ]
before_action :set_account_from_join_code, only: %i[ new create ]
before_action :ensure_join_code_is_valid, only: %i[ new create ]
before_action :ensure_permission_to_administer_user, only: %i[ update destroy ]
def index
@@ -36,8 +36,8 @@ class UsersController < ApplicationController
end
private
def set_account_from_join_code
@account = Account.find_by_join_code!(params[:join_code])
def ensure_join_code_is_valid
head :forbidden unless Account.sole.join_code == params[:join_code]
end
def set_user