Files
fizzy/app/controllers/memberships/email_addresses_controller.rb
T
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00

32 lines
780 B
Ruby

class Memberships::EmailAddressesController < ApplicationController
disallow_account_scope
layout "public"
before_action :set_membership
rate_limit to: 5, within: 1.hour, only: :create
def new
end
def create
identity = Identity.find_by_email_address(new_email_address)
if identity&.memberships&.exists?(tenant: @membership.tenant)
flash[:alert] = "You already have a user in this account with that email address"
redirect_to new_email_address_path
else
@membership.send_email_address_change_confirmation(new_email_address)
end
end
private
def set_membership
@membership = Current.identity.memberships.find(params[:membership_id])
end
def new_email_address
params.expect :email_address
end
end