scinote-web/app/controllers/users/invitations_controller.rb

# frozen_string_literal: true

module Users
  class InvitationsController < Devise::InvitationsController
    include InputSanitizeHelper
    include UsersGenerator
    include NotificationsHelper

    prepend_before_action :check_captcha, only: [:update]

    prepend_before_action :check_captcha_for_invite, only: [:invite_users]

    before_action :check_invite_users_permission, only: :invite_users

    before_action :update_sanitized_params, only: :update

    def update
      return super unless Rails.configuration.x.new_team_on_signup

      # Instantialize a new team with the provided name
      @team = Team.new
      @team.name = params[:team][:name]

      super do |user|
        if user.errors.empty?
          @team.created_by = user
          @team.save

          UserTeam.create(
            user: user,
            team: @team,
            role: 'admin'
          )
        end
      end
    end

    def accept_resource
      return super unless Rails.configuration.x.new_team_on_signup

      unless @team.valid?
        # Find the user being invited
        resource = User.find_by_invitation_token(
          update_resource_params[:invitation_token],
          false
        )

        # Check if user's data (passwords etc.) is valid
        resource.assign_attributes(
          update_resource_params.except(:invitation_token)
        )
        resource.valid? # Call validation to generate errors

        # In any case, add the team name error
        resource.errors.add(:base, @team.errors.to_a.first)
        return resource
      end

      super
    end

    def invite_users
      @invite_results = []
      @too_many_emails = false

      @emails.each_with_index do |email, email_counter|
        # email_counter starts with 0
        if email_counter >= Constants::INVITE_USERS_LIMIT
          @too_many_emails = true
          break
        end

        result = { email: email }
        unless Constants::BASIC_EMAIL_REGEX.match?(email)
          result[:status] = :user_invalid
          @invite_results << result
          next
        end
        # Check if user already exists
        user = User.find_by_email(email)

        if user
          result[:status] = :user_exists
          result[:user] = user
        else
          user = User.invite!(
            full_name: email,
            email: email,
            initials: email.upcase[0..1],
            skip_invitation: true
          )
          user.update(invited_by: @user)

          result[:status] = :user_created
          result[:user] = user

          # Sending email invitation is done in background job to prevent
          # issues with email delivery. Also invite method must be call
          # with :skip_invitation attribute set to true - see above.
          user.delay.deliver_invitation
        end

        if @team && user
          user_team = UserTeam.find_by_user_id_and_team_id(user.id, @team.id)
          if user_team
            result[:status] = :user_exists_and_in_team
          else
            # Also generate user team relation
            user_team = UserTeam.new(
              user: user,
              team: @team,
              role: @role
            )
            user_team.save

            generate_notification(
              @user,
              user,
              user_team.team,
              user_team.role_str
            )
            Activities::CreateActivityService
              .call(activity_type: :invite_user_to_team,
                    owner: current_user,
                    subject: current_team,
                    team: current_team,
                    message_items: {
                      team: current_team.id,
                      user_invited: user.id,
                      role: user_team.role_str
                    })

            result[:status] = if result[:status] == :user_exists && !user.confirmed?
                                :user_exists_unconfirmed_invited_to_team
                              elsif result[:status] == :user_exists
                                :user_exists_invited_to_team
                              else
                                :user_created_invited_to_team
                              end
          end

          result[:user_team] = user_team
        end

        @invite_results << result
      end

      respond_to do |format|
        format.json do
          render json: {
            html: render_to_string(
              partial: 'shared/invite_users_modal_results.html.erb'
            )
          }
        end
      end
    end

    private

    def update_sanitized_params
      # Solution for Devise < 4.0.0
      devise_parameter_sanitizer.permit(:accept_invitation, keys: [:full_name])
    end

    def check_captcha
      if Rails.configuration.x.enable_recaptcha
        unless verify_recaptcha
          self.resource = resource_class.new
          resource.invitation_token = update_resource_params[:invitation_token]
          respond_with_navigational(resource) { render :edit }
        end
      end
    end

    def check_captcha_for_invite
      if Rails.configuration.x.enable_recaptcha
        unless verify_recaptcha
          render json: { recaptcha_error: t('invite_users.errors.recaptcha') },
                 status: :unprocessable_entity
        end
      end
    end

    def check_invite_users_permission
      @user = current_user
      @emails = params[:emails]&.map(&:downcase)
      @team = Team.find_by_id(params['teamId'])
      @role = params['role']

      return render_403 unless @emails && @team && @role
      return render_403 if @emails.empty?
      return render_403 unless can_manage_team_users?(@team)
      return render_403 unless UserTeam.roles.key?(@role)
    end
  end
end
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`# frozen_string_literal: true`

A working invite modal! 2016-11-06 18:29:00 +08:00			`module Users`
			`class InvitationsController < Devise::InvitationsController`
Add additional info to samples info modal [SCI-960] 2017-05-12 04:20:06 +08:00			`include InputSanitizeHelper`
A working invite modal! 2016-11-06 18:29:00 +08:00			`include UsersGenerator`
Remove unassign_user_from_project notification and change code to use helper method for assignment notification generation 2019-07-01 19:44:27 +08:00			`include NotificationsHelper`
A working invite modal! 2016-11-06 18:29:00 +08:00
Enable reCaptcha and auto log in on confirm invitation form [SCI-706] 2016-11-23 21:28:32 +08:00			`prepend_before_action :check_captcha, only: [:update]`

Add recaptcha to invitation modal SCI-2935 2019-01-23 16:17:27 +08:00			`prepend_before_action :check_captcha_for_invite, only: [:invite_users]`

A working invite modal! 2016-11-06 18:29:00 +08:00			`before_action :check_invite_users_permission, only: :invite_users`

first run fixing addons 2017-06-30 16:23:28 +08:00			`before_action :update_sanitized_params, only: :update`
Add full name field to accept invitation form [SCI-738] 2016-11-25 18:15:10 +08:00
A working invite modal! 2016-11-06 18:29:00 +08:00			`def update`
adds environment variable that disables/enables the creation of new team when user sign up 2017-10-25 21:29:04 +08:00			`return super unless Rails.configuration.x.new_team_on_signup`
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`# Instantialize a new team with the provided name`
rename Organization to Team in controllers 2017-01-25 00:06:51 +08:00			`@team = Team.new`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`@team.name = params[:team][:name]`
A working invite modal! 2016-11-06 18:29:00 +08:00
			`super do \|user\|`
			`if user.errors.empty?`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`@team.created_by = user`
			`@team.save`
A working invite modal! 2016-11-06 18:29:00 +08:00
rename Organization to Team in controllers 2017-01-25 00:06:51 +08:00			`UserTeam.create(`
A working invite modal! 2016-11-06 18:29:00 +08:00			`user: user,`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`team: @team,`
A working invite modal! 2016-11-06 18:29:00 +08:00			`role: 'admin'`
			`)`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

A working invite modal! 2016-11-06 18:29:00 +08:00			`def accept_resource`
adds environment variable that disables/enables the creation of new team when user sign up 2017-10-25 21:29:04 +08:00			`return super unless Rails.configuration.x.new_team_on_signup`

rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`unless @team.valid?`
Re-introduce fix for SCI-650 that was lost during merge Closes SCI-650. 2016-11-18 17:57:03 +08:00			`# Find the user being invited`
			`resource = User.find_by_invitation_token(`
			`update_resource_params[:invitation_token],`
			`false`
			`)`

			`# Check if user's data (passwords etc.) is valid`
			`resource.assign_attributes(`
			`update_resource_params.except(:invitation_token)`
			`)`
			`resource.valid? # Call validation to generate errors`

rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`# In any case, add the team name error`
			`resource.errors.add(:base, @team.errors.to_a.first)`
Re-introduce fix for SCI-650 that was lost during merge Closes SCI-650. 2016-11-18 17:57:03 +08:00			`return resource`
			`end`

			`super`
A working invite modal! 2016-11-06 18:29:00 +08:00			`end`

			`def invite_users`
			`@invite_results = []`
			`@too_many_emails = false`

Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`@emails.each_with_index do \|email, email_counter\|`
			`# email_counter starts with 0`
			`if email_counter >= Constants::INVITE_USERS_LIMIT`
A working invite modal! 2016-11-06 18:29:00 +08:00			`@too_many_emails = true`
			`break`
			`end`

			`result = { email: email }`
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`unless Constants::BASIC_EMAIL_REGEX.match?(email)`
			`result[:status] = :user_invalid`
			`@invite_results << result`
			`next`
			`end`
			`# Check if user already exists`
			`user = User.find_by_email(email)`
A working invite modal! 2016-11-06 18:29:00 +08:00
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`if user`
A working invite modal! 2016-11-06 18:29:00 +08:00			`result[:status] = :user_exists`
			`result[:user] = user`
			`else`
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`user = User.invite!(`
			`full_name: email,`
			`email: email,`
			`initials: email.upcase[0..1],`
			`skip_invitation: true`
			`)`
			`user.update(invited_by: @user)`
A working invite modal! 2016-11-06 18:29:00 +08:00
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`result[:status] = :user_created`
			`result[:user] = user`
A working invite modal! 2016-11-06 18:29:00 +08:00
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`# Sending email invitation is done in background job to prevent`
			`# issues with email delivery. Also invite method must be call`
			`# with :skip_invitation attribute set to true - see above.`
			`user.delay.deliver_invitation`
A working invite modal! 2016-11-06 18:29:00 +08:00			`end`

Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`if @team && user`
			`user_team = UserTeam.find_by_user_id_and_team_id(user.id, @team.id)`
			`if user_team`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`result[:status] = :user_exists_and_in_team`
A working invite modal! 2016-11-06 18:29:00 +08:00			`else`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`# Also generate user team relation`
rename Organization to Team in controllers 2017-01-25 00:06:51 +08:00			`user_team = UserTeam.new(`
A working invite modal! 2016-11-06 18:29:00 +08:00			`user: user,`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`team: @team,`
A working invite modal! 2016-11-06 18:29:00 +08:00			`role: @role`
			`)`
rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`user_team.save`
A working invite modal! 2016-11-06 18:29:00 +08:00
Also add notification when UserOrganization is created 2016-11-07 16:47:30 +08:00			`generate_notification(`
			`@user,`
			`user,`
Remove unassign_user_from_project notification and change code to use helper method for assignment notification generation 2019-07-01 19:44:27 +08:00			`user_team.team,`
			`user_team.role_str`
Also add notification when UserOrganization is created 2016-11-07 16:47:30 +08:00			`)`
Add creating activities for Team actions 2019-03-12 14:33:24 +08:00			`Activities::CreateActivityService`
			`.call(activity_type: :invite_user_to_team,`
			`owner: current_user,`
			`subject: current_team,`
			`team: current_team,`
			`message_items: {`
			`team: current_team.id,`
			`user_invited: user.id,`
			`role: user_team.role_str`
			`})`

Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`result[:status] = if result[:status] == :user_exists && !user.confirmed?`
			`:user_exists_unconfirmed_invited_to_team`
			`elsif result[:status] == :user_exists`
			`:user_exists_invited_to_team`
			`else`
			`:user_created_invited_to_team`
			`end`
A working invite modal! 2016-11-06 18:29:00 +08:00			`end`

rename controllers where org/organization 2017-01-24 23:57:14 +08:00			`result[:user_team] = user_team`
A working invite modal! 2016-11-06 18:29:00 +08:00			`end`

			`@invite_results << result`
			`end`

			`respond_to do \|format\|`
			`format.json do`
			`render json: {`
			`html: render_to_string(`
			`partial: 'shared/invite_users_modal_results.html.erb'`
			`)`
			`}`
			`end`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

A working invite modal! 2016-11-06 18:29:00 +08:00			`private`

Add full name field to accept invitation form [SCI-738] 2016-11-25 18:15:10 +08:00			`def update_sanitized_params`
			`# Solution for Devise < 4.0.0`
fixes bug in the invitation_controller with full_name sanitization [fixes SCI-1944] 2018-01-17 22:06:43 +08:00			`devise_parameter_sanitizer.permit(:accept_invitation, keys: [:full_name])`
Add full name field to accept invitation form [SCI-738] 2016-11-25 18:15:10 +08:00			`end`

Enable reCaptcha and auto log in on confirm invitation form [SCI-706] 2016-11-23 21:28:32 +08:00			`def check_captcha`
			`if Rails.configuration.x.enable_recaptcha`
			`unless verify_recaptcha`
			`self.resource = resource_class.new`
			`resource.invitation_token = update_resource_params[:invitation_token]`
			`respond_with_navigational(resource) { render :edit }`
			`end`
			`end`
			`end`

Add recaptcha to invitation modal SCI-2935 2019-01-23 16:17:27 +08:00			`def check_captcha_for_invite`
			`if Rails.configuration.x.enable_recaptcha`
			`unless verify_recaptcha`
			`render json: { recaptcha_error: t('invite_users.errors.recaptcha') },`
			`status: :unprocessable_entity`
			`end`
			`end`
			`end`

A working invite modal! 2016-11-06 18:29:00 +08:00			`def check_invite_users_permission`
			`@user = current_user`
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`@emails = params[:emails]&.map(&:downcase)`
rename Organization to Team in controllers 2017-01-25 00:06:51 +08:00			`@team = Team.find_by_id(params['teamId'])`
A working invite modal! 2016-11-06 18:29:00 +08:00			`@role = params['role']`
Add first version of invite users modal 2016-11-03 18:27:17 +08:00
Fix nil handling in different places [SCI-2840] (#1777) * Fix nil handling in different places 2019-05-21 21:53:34 +08:00			`return render_403 unless @emails && @team && @role`
			`return render_403 if @emails.empty?`
			`return render_403 unless can_manage_team_users?(@team)`
			`return render_403 unless UserTeam.roles.key?(@role)`
A working invite modal! 2016-11-06 18:29:00 +08:00			`end`
Add first version of invite users modal 2016-11-03 18:27:17 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`