Files
fizzy/app/controllers/join_codes_controller.rb
T
2025-11-17 09:12:17 -05:00

52 lines
1.4 KiB
Ruby

class JoinCodesController < ApplicationController
disallow_account_scope
allow_unauthenticated_access
before_action :set_join_code
before_action :ensure_join_code_is_valid
layout "public"
def new
end
def create
identity = Identity.find_or_create_by!(email_address: params.expect(:email_address))
unless identity.member_of?(@join_code.account)
@join_code.redeem do |account|
identity.join(account)
end
magic_link = identity.send_magic_link
flash[:magic_link_code] = magic_link&.code if Rails.env.development?
session[:return_to_after_authenticating] = new_users_join_url(script_name: @join_code.account.slug)
redirect_to session_magic_link_path
else
redirect_to landing_url(script_name: @join_code.account.slug)
end
end
private
def set_join_code
# TODO:PLANB: this find should be scoped by account
# 2025-11-12 [Stanko]: I think that we don't have to scope this by account as the code
# is globally unique and indexed. Except if we need to scope it
# for some other reason?
@join_code ||= Account::JoinCode.active.find_by(code: code)
end
def ensure_join_code_is_valid
head :not_found unless @join_code&.active?
end
def tenant
params.expect(:tenant)
end
def code
params.expect(:code)
end
end