Only create Contracts through Contractable (#12251)

## Summary of the problem
<!-- Why are these changes being made? What problem does it solve? Link
any related issues to provide more details. -->

https://appsignal.com/hack-club/sites/6596247683eb67648f30f807/exceptions/incidents/2394

Bug introduced in #12094 - since `Contract` and
`OrganizerPositionInvite` are now decoupled, there are some fields of
the `Contract` model that need to be set using info from the
`Contractable`. Notably, the `prefills` jsonb includes event data that
must be included in the `Contract` before creation, since it is used in
the after create callback that sends the payload to Docuseal. While we
were doing this in the `send_contract` method on
`OrganizerPositionInvite`, we were not doing this when creating a
contract using the create action in `ContractsController` (used when
sending a contract on a pre-existing invite or organizer position),
causing the above bug.

## Describe your changes
<!-- Explain your thought process to the solution and provide a quick
summary of the changes. -->
While this could have been fixed by just grabbing the necessary data
from the `Contractable` and passing it to `Contract.new` in
`ContractsController`, it's better to maintain that contracts should
only be created using methods on the `Contractable`. This way, changes
can be easily made to what data is passed to the `Contract`, and any
extra code (such as updating the `OrganizerPosition` or Airtable can be
done in one place.

This does involve updating the `OrganizerPositionInvite` after it has
been sent and accepted - I've fixed a validation to not fail when this
happens, but it would also be possible to modify the code so that this
model is essentially "frozen" after being accepted, and only update the
`is_signee` field before accepting.

Author: polypixeldev

app/controllers/contracts_controller.rb

@@ -3,16 +3,6 @@
 class ContractsController < ApplicationController
   before_action :set_contract, only: [:void, :resend_to_user, :resend_to_cosigner]
 
-  # This is only used for sending a contract for an OrganizerPositionInvite via
-  # the team page.
-  def create
-    @contract = Contract.new(contract_params)
-    authorize @contract, policy_class: ContractPolicy
-    @contract.save!
-    flash[:success] = "Contract sent successfully."
-    redirect_back(fallback_location: event_team_path(@contract.event))
-  end
-
   def void
     authorize @contract, policy_class: ContractPolicy
     @contract.mark_voided!
@@ -48,8 +38,4 @@ def set_contract
     @contract = Contract.find(params[:id])
   end
 
-  def contract_params
-    params.require(:contract).permit(:type, :contractable_id, :contractable_type, :cosigner_email, :include_videos)
-  end
-
 end

app/controllers/organizer_position_invites_controller.rb

@@ -4,7 +4,7 @@ class OrganizerPositionInvitesController < ApplicationController
   include SetEvent
   include ChangePositionRole
 
-  before_action :set_opi, only: [:show, :accept, :reject, :cancel, :resend]
+  before_action :set_opi, except: [:new, :create]
   before_action :set_event, only: [:new, :create]
   before_action :hide_footer, only: :show
 
@@ -112,6 +112,15 @@ def resend
     redirect_to event_team_path @invite.event
   end
 
+  def send_contract
+    authorize @invite
+
+    @invite.send_contract(cosigner_email: params[:cosigner_email].presence, include_videos: params[:include_videos])
+
+    flash[:success] = "Contract successfully sent"
+    redirect_to event_team_path @invite.event
+  end
+
   private
 
   def set_opi

app/models/organizer_position_invite.rb

@@ -82,7 +82,7 @@ class OrganizerPositionInvite < ApplicationRecord
 
   belongs_to :organizer_position, optional: true
 
-  validate :not_already_organizer
+  validate :not_already_organizer, if: -> { event_changed? || user_changed? }
   validate :not_already_invited, on: :create
   validates :accepted_at, absence: true, if: -> { rejected_at.present? }
   validates :rejected_at, absence: true, if: -> { accepted_at.present? }
@@ -221,7 +221,7 @@ def send_contract(cosigner_email: nil, include_videos: false)
 
   def on_contract_signed(contract)
     if contract.is_a?(Contract::FiscalSponsorship)
-      deliver
+      deliver if organizer_position.nil?
 
       # Unfreeze the event if this is the first signed contract
       if event.contracts.signed.count == 1

app/policies/organizer_position_invite_policy.rb

@@ -37,6 +37,10 @@ def change_position_role?
     admin_or_manager? && !record.signee?
   end
 
+  def send_contract?
+    user&.admin?
+  end
+
   private
 
   def admin_or_manager?

app/views/contract/_form.html.erb

@@ -0,0 +1,22 @@
+<%# locals: (opi:) %>
+
+<%= form_with(local: true, data: { turbo: false }, url: send_contract_organizer_position_invite_path(id: opi.id)) do |form| %>
+  <p class="muted">
+    This will send <%= opi.user.name %> a fiscal sponsorship agreement
+    for <%= opi.event.name %>. <strong>If they are under 18, <%= opi.user.name %> will need to have a parent sign on their behalf.</strong>
+  <p>
+
+  <div class="field field--checkbox">
+    <%= form.check_box :include_videos %>
+    <%= form.label :include_videos, "Would you like us to include the onboarding videos?" %>
+  </div>
+
+  <div class="field">
+    <%= form.label :cosigner_email, "Cosigned by (email address)" %>
+    <%= form.text_field :cosigner_email %>
+  </div>
+
+  <div class="actions">
+    <%= form.submit "Send contract" %>
+  </div>
+<% end %>

app/views/organizer_position_invites/_contract_form.html.erb

@@ -54,7 +54,7 @@
                 <% end %>
                 <section class="modal modal--scroll bg-snow" data-behavior="modal" role="dialog" id="send_contract_<%= organizer_position_invite.id %>">
                   <%= modal_header "Send a contract" %>
-                  <%= render "contract/form", contract: Contract::FiscalSponsorship.new(contractable: organizer_position_invite) %>
+                  <%= render "organizer_position_invites/contract_form", opi: organizer_position_invite %>
                 </section>
               <% end %>
             </div>

app/views/organizer_position_invites/_organizer_position_invite.html.erb

@@ -140,7 +140,7 @@
             <% end %>
             <section class="modal modal--scroll bg-snow" data-behavior="modal" role="dialog" id="send_contract_<%= organizer_position.organizer_position_invite.id %>">
               <%= modal_header "Send a contract" %>
-              <%= render "contract/form", contract: Contract::FiscalSponsorship.new(contractable: organizer_position.organizer_position_invite) %>
+              <%= render "organizer_position_invites/contract_form", opi: organizer_position.organizer_position_invite %>
             </section>
           <% end %>
         </div>

app/views/organizer_positions/_organizer_position.html.erb

@@ -67,7 +67,7 @@
             <% end %>
             <section class="modal modal--scroll bg-snow" data-behavior="modal" role="dialog" id="send_contract_<%= organizer_position.organizer_position_invite.id %>">
               <%= modal_header "Send a contract" %>
-              <%= render "contract/form", contract: Contract::FiscalSponsorship.new(contractable: organizer_position.organizer_position_invite) %>
+              <%= render "organizer_position_invites/contract_form", opi: organizer_position.organizer_position_invite %>
             </section>
           <% end %>
         </div>

app/views/organizer_positions/_organizer_position_row.html.erb

@@ -332,10 +332,11 @@
     post "resend"
     member do
       post "change_position_role"
+      post "send_contract"
     end
   end
 
-  resources :contracts, only: [:create] do
+  resources :contracts, only: [] do
     member do
       post "void"
       post "resend_to_user"