Files
fizzy/app/controllers/join_codes_controller.rb
T
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00

46 lines
1.2 KiB
Ruby

class JoinCodesController < ApplicationController
disallow_account_scope
allow_unauthenticated_access
before_action :set_join_code
before_action :ensure_join_code_is_valid
layout "public"
def new
@account = Account.find_by_external_account_id!(tenant)
@account_name = @account.name
end
def create
Identity.transaction do
identity = Identity.find_or_create_by!(email_address: params.expect(:email_address))
identity.memberships.find_or_create_by!(tenant: tenant) do |membership|
membership.join_code = code
end
magic_link = identity.send_magic_link
flash[:magic_link_code] = magic_link&.code if Rails.env.development?
end
session[:return_to_after_authenticating] = landing_url(script_name: "/#{tenant}")
redirect_to session_magic_link_path
end
private
def ensure_join_code_is_valid
head :not_found unless @join_code&.active?
end
def set_join_code
# TODO:PLANB: this find should be scoped by account
@join_code ||= Account::JoinCode.active.find_by(code: code)
end
def tenant
params.expect(:tenant)
end
def code
params.expect(:code)
end
end