From 740f8a95a905e949b6a74bc69dcaf638d2d46248 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 27 Nov 2017 16:07:59 +0100
Subject: Add consumable invites (#5814)

* Add consumable invites

* Add UI for generating invite codes

* Add tests

* Display max uses and expiration in invites table, delete invite

* Remove unused column and redundant validator

- Default follows not used, probably bad idea
- InviteCodeValidator is redundant because RegistrationsController
  checks invite code validity

* Add admin setting to disable invites

* Add admin UI for invites, configurable role for invite creation

- Admin UI that lists everyone's invites, always available
- Admin setting min_invite_role to control who can invite people
- Non-admin invite UI only visible if users are allowed to

* Do not remove invites from database, expire them instantly
---
 app/policies/invite_policy.rb | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 app/policies/invite_policy.rb

(limited to 'app/policies')

diff --git a/app/policies/invite_policy.rb b/app/policies/invite_policy.rb
new file mode 100644
index 000000000..e5c68af19
--- /dev/null
+++ b/app/policies/invite_policy.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class InvitePolicy < ApplicationPolicy
+  def index?
+    staff?
+  end
+
+  def create?
+    min_required_role?
+  end
+
+  def destroy?
+    owner? || staff?
+  end
+
+  private
+
+  def owner?
+    record.user_id == current_user&.id
+  end
+
+  def min_required_role?
+    current_user&.role?(Setting.min_invite_role)
+  end
+end
-- 
cgit 


From df03042a6ed84aad7ea21e683aa56726466a7790 Mon Sep 17 00:00:00 2001
From: Yamagishi Kazutoshi <ykzts@desire.sh>
Date: Fri, 1 Dec 2017 20:26:19 +0900
Subject: Allow admin to deactivate invite created by users (#5860)

---
 app/policies/invite_policy.rb             | 2 +-
 app/views/admin/invites/_invite.html.haml | 4 +++-
 app/views/invites/_invite.html.haml       | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'app/policies')

diff --git a/app/policies/invite_policy.rb b/app/policies/invite_policy.rb
index e5c68af19..a2a65f934 100644
--- a/app/policies/invite_policy.rb
+++ b/app/policies/invite_policy.rb
@@ -10,7 +10,7 @@ class InvitePolicy < ApplicationPolicy
   end
 
   def destroy?
-    owner? || staff?
+    owner? || (Setting.min_invite_role == 'admin' ? admin? : staff?)
   end
 
   private
diff --git a/app/views/admin/invites/_invite.html.haml b/app/views/admin/invites/_invite.html.haml
index 9555a8976..d7b697286 100644
--- a/app/views/admin/invites/_invite.html.haml
+++ b/app/views/admin/invites/_invite.html.haml
@@ -16,4 +16,6 @@
         %time.formatted{ datetime: invite.expires_at.iso8601, title: l(invite.expires_at) }
           = l invite.expires_at
   %td= table_link_to 'link', public_invite_url(invite_code: invite.code), public_invite_url(invite_code: invite.code)
-  %td= table_link_to 'times', t('invites.delete'), invite_path(invite), method: :delete if policy(invite).destroy?
+  %td
+    - if !invite.expired? && policy(invite).destroy?
+      = table_link_to 'times', t('invites.delete'), admin_invite_path(invite), method: :delete
diff --git a/app/views/invites/_invite.html.haml b/app/views/invites/_invite.html.haml
index 3f5f7936c..81d67eb7d 100644
--- a/app/views/invites/_invite.html.haml
+++ b/app/views/invites/_invite.html.haml
@@ -12,4 +12,6 @@
         %time.formatted{ datetime: invite.expires_at.iso8601, title: l(invite.expires_at) }
           = l invite.expires_at
   %td= table_link_to 'link', public_invite_url(invite_code: invite.code), public_invite_url(invite_code: invite.code)
-  %td= table_link_to 'times', t('invites.delete'), invite_path(invite), method: :delete if policy(invite).destroy?
+  %td
+    - if invite.expired? && policy(invite).destroy?
+      = table_link_to 'times', t('invites.delete'), invite_path(invite), method: :delete
-- 
cgit