52 lines
1.4 KiB
Ruby
52 lines
1.4 KiB
Ruby
class JoinCodesController < ApplicationController
|
|
disallow_account_scope
|
|
allow_unauthenticated_access
|
|
|
|
before_action :set_join_code
|
|
before_action :ensure_join_code_is_valid
|
|
|
|
layout "public"
|
|
|
|
def new
|
|
end
|
|
|
|
def create
|
|
identity = Identity.find_or_create_by!(email_address: params.expect(:email_address))
|
|
|
|
unless identity.member_of?(@join_code.account)
|
|
@join_code.redeem do |account|
|
|
identity.join(account)
|
|
end
|
|
|
|
magic_link = identity.send_magic_link
|
|
flash[:magic_link_code] = magic_link&.code if Rails.env.development?
|
|
|
|
session[:return_to_after_authenticating] = new_users_join_url(script_name: @join_code.account.slug)
|
|
redirect_to session_magic_link_path
|
|
else
|
|
redirect_to landing_url(script_name: @join_code.account.slug)
|
|
end
|
|
end
|
|
|
|
private
|
|
def set_join_code
|
|
# TODO:PLANB: this find should be scoped by account
|
|
# 2025-11-12 [Stanko]: I think that we don't have to scope this by account as the code
|
|
# is globally unique and indexed. Except if we need to scope it
|
|
# for some other reason?
|
|
@join_code ||= Account::JoinCode.active.find_by(code: code)
|
|
end
|
|
|
|
def ensure_join_code_is_valid
|
|
head :not_found unless @join_code&.active?
|
|
end
|
|
|
|
def tenant
|
|
params.expect(:tenant)
|
|
end
|
|
|
|
def code
|
|
params.expect(:code)
|
|
end
|
|
end
|