From 0052fcf7c4ae309078f39f8310a79b3d52b1530f Mon Sep 17 00:00:00 2001 From: Jessica Hamilton Date: Wed, 7 Apr 2021 03:01:07 +1200 Subject: [PATCH] FEATURE: Retrieve an existing link only invite (#12575) In Improve invite system, a newly created link only invite cannot be retrieved via API with the invitee's email once created. A new route, /invites/retrieve, is introduced to fetch an already created invite by email address. --- app/controllers/invites_controller.rb | 13 +++++++++- config/routes.rb | 1 + spec/requests/invites_controller_spec.rb | 30 ++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index bdff1454de3..3cbf6fcb837 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -4,7 +4,7 @@ require 'csv' class InvitesController < ApplicationController - requires_login only: [:create, :destroy, :destroy_all_expired, :resend_invite, :resend_all_invites, :upload_csv] + requires_login only: [:create, :retrieve, :destroy, :destroy_all_expired, :resend_invite, :resend_all_invites, :upload_csv] skip_before_action :check_xhr, except: [:perform_accept_invitation] skip_before_action :preload_json, except: [:show] @@ -104,6 +104,17 @@ class InvitesController < ApplicationController end end + def retrieve + params.require(:email) + + invite = Invite.find_by(invited_by: current_user, email: params[:email]) + raise Discourse::InvalidParameters.new(:email) if invite.blank? + + guardian.ensure_can_invite_to_forum!(nil) + + render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email)) + end + def update invite = Invite.find_by(invited_by: current_user, id: params[:id]) raise Discourse::InvalidParameters.new(:id) if invite.blank? diff --git a/config/routes.rb b/config/routes.rb index 77042fd1a91..9b1c0454936 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -835,6 +835,7 @@ Discourse::Application.routes.draw do post "invites/reinvite-all" => "invites#resend_all_invites" delete "invites" => "invites#destroy" put "invites/show/:id" => "invites#perform_accept_invitation", as: 'perform_accept_invite' + get "invites/retrieve" => "invites#retrieve" resources :export_csv do collection do diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb index 6e3d810f247..bea2e20b7c0 100644 --- a/spec/requests/invites_controller_spec.rb +++ b/spec/requests/invites_controller_spec.rb @@ -252,6 +252,36 @@ describe InvitesController do end end + context '#retrieve' do + it 'requires to be logged in' do + get '/invites/retrieve.json', params: { email: 'test@example.com' } + expect(response.status).to eq(403) + end + + context 'while logged in' do + before do + sign_in(user) + end + + fab!(:invite) { Fabricate(:invite, invited_by: user, email: 'test@example.com') } + + it 'raises an error when the email is missing' do + get '/invites/retrieve.json' + expect(response.status).to eq(400) + end + + it 'raises an error when the email cannot be found' do + get '/invites/retrieve.json', params: { email: 'test2@example.com' } + expect(response.status).to eq(400) + end + + it 'can retrieve the invite' do + get '/invites/retrieve.json', params: { email: 'test@example.com' } + expect(response.status).to eq(200) + end + end + end + context '#update' do fab!(:invite) { Fabricate(:invite, invited_by: admin, email: 'test@example.com') }