Class: AgentCode::InvitationsController

Inherits:

ActionController::API

• Object
• ActionController::API
• AgentCode::InvitationsController

Includes:

Pundit::Authorization

Defined in:

lib/agentcode/controllers/invitations_controller.rb

Overview

Invitation management controller — mirrors Laravel InvitationController exactly.

Endpoints: GET /api/org/invitations POST /api/org/invitations POST /api/org/invitations/:id/resend DELETE /api/org/invitations/:id POST /api/invitations/accept (public)

Instance Method Summary

• #accept ⇒ Object

  POST /api/invitations/accept (public route).

• #cancel ⇒ Object

  DELETE /api/org/invitations/:id.

• #create ⇒ Object

  POST /api/org/invitations.

• #index ⇒ Object

  GET /api/org/invitations.

• #resend ⇒ Object

  POST /api/org/invitations/:id/resend.

Instance Method Details

#accept ⇒ Object

POST /api/invitations/accept (public route)

# File 'lib/agentcode/controllers/invitations_controller.rb', line 135

def accept
  if params[:token].blank?
    return render json: { errors: { token: ["The token field is required."] } }, status: :unprocessable_entity
  end

  invitation = OrganizationInvitation.find_by(token: params[:token], status: "pending")

  unless invitation
    return render json: { message: "Invalid or expired invitation token" }, status: :not_found
  end

  if invitation.expired?
    invitation.update!(status: "expired")
    return render json: { message: "This invitation has expired" }, status: :unprocessable_entity
  end

  # Check if user is authenticated
  user = resolve_current_user

  unless user
    return render json: {
      invitation: invitation.as_json(include: { organization: {}, role: {} }),
      requires_registration: true,
      message: "Please register or login to accept this invitation"
    }, status: :ok
  end

  # User is authenticated, accept invitation
  if invitation.accept!(user)
    render json: {
      message: "Invitation accepted successfully",
      invitation: invitation.as_json(include: { organization: {}, role: {} }),
      organization: invitation.organization
    }, status: :ok
  else
    render json: { message: "Failed to accept invitation" }, status: :internal_server_error
  end
end

#cancel ⇒ Object

DELETE /api/org/invitations/:id

# File 'lib/agentcode/controllers/invitations_controller.rb', line 118

def cancel
  invitation = OrganizationInvitation
                 .where(id: params[:id], organization_id: current_organization.id)
                 .first!

  authorize invitation, :destroy?, policy_class: InvitationPolicy

  unless invitation.status == "pending"
    return render json: { message: "Only pending invitations can be cancelled" }, status: :unprocessable_entity
  end

  invitation.update!(status: "cancelled")

  render json: { message: "Invitation cancelled successfully" }
end

#create ⇒ Object

POST /api/org/invitations

# File 'lib/agentcode/controllers/invitations_controller.rb', line 43

def create
  authorize OrganizationInvitation, :create?, policy_class: InvitationPolicy

  errors = {}
  errors[:email] = ["The email field is required."] if params[:email].blank?
  errors[:role_id] = ["The role_id field is required."] if params[:role_id].blank?

  unless errors.empty?
    return render json: { errors: errors }, status: :unprocessable_entity
  end

  email = params[:email].to_s.strip
  role_id = params[:role_id]

  # Check if user already exists and is in organization
  user_class = "User".safe_constantize
  if user_class
    existing_user = user_class.find_by(email: email)
    if existing_user&.respond_to?(:organizations)
      if existing_user.organizations.exists?(id: current_organization.id)
        return render json: { message: "User is already a member of this organization" }, status: :unprocessable_entity
      end
    end
  end

  # Check for existing pending invitation
  existing_invitation = OrganizationInvitation
                          .where(email: email, organization_id: current_organization.id, status: "pending")
                          .where("expires_at IS NULL OR expires_at > ?", Time.current)
                          .first

  if existing_invitation
    return render json: { message: "A pending invitation already exists for this email" }, status: :unprocessable_entity
  end

  # Create invitation
  invitation = OrganizationInvitation.create!(
    organization_id: current_organization.id,
    email: email,
    role_id: role_id,
    invited_by: current_user.id
  )

  # Send notification email
  send_invitation_email(invitation)

  render json: invitation.as_json(include: { organization: {}, role: {}, inviter: {} }), status: :created
end

#index ⇒ Object

GET /api/org/invitations

# File 'lib/agentcode/controllers/invitations_controller.rb', line 19

def index
  authorize OrganizationInvitation, :index?, policy_class: InvitationPolicy

  status = params[:status] || "all"

  query = OrganizationInvitation
            .where(organization_id: current_organization.id)
            .includes(:organization, :role, :inviter)

  case status
  when "pending"
    query = query.pending
  when "expired"
    query = query.expired
  when "all"
    # no filter
  else
    query = query.where(status: status)
  end

  render json: query.order(created_at: :desc)
end

#resend ⇒ Object

POST /api/org/invitations/:id/resend

# File 'lib/agentcode/controllers/invitations_controller.rb', line 93

def resend
  invitation = OrganizationInvitation
                 .where(id: params[:id], organization_id: current_organization.id)
                 .first!

  authorize invitation, :update?, policy_class: InvitationPolicy

  unless invitation.status == "pending"
    return render json: { message: "Only pending invitations can be resent" }, status: :unprocessable_entity
  end

  # Update expiration
  days = AgentCode.config.invitations[:expires_days] || 7
  invitation.update!(expires_at: days.days.from_now)

  # Resend notification email
  send_invitation_email(invitation)

  render json: {
    message: "Invitation resent successfully",
    invitation: invitation.as_json(include: { organization: {}, role: {}, inviter: {} })
  }
end