diff --git a/app/controllers/concerns/invitable.rb b/app/controllers/concerns/invitable.rb
index 1e0dfed85ef..5e12d2df994 100644
--- a/app/controllers/concerns/invitable.rb
+++ b/app/controllers/concerns/invitable.rb
@@ -7,6 +7,7 @@ module Invitable
private
def invite_code_required?
+ return false if @invitation.present?
self_hosted? ? Setting.require_invite_for_signup : ENV["REQUIRE_INVITE_CODE"] == "true"
end
diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
new file mode 100644
index 00000000000..020b4707ca9
--- /dev/null
+++ b/app/controllers/invitations_controller.rb
@@ -0,0 +1,42 @@
+class InvitationsController < ApplicationController
+ skip_authentication only: :accept
+ def new
+ @invitation = Invitation.new
+ end
+
+ def create
+ unless Current.user.admin?
+ flash[:alert] = t(".failure")
+ redirect_to settings_profile_path
+ return
+ end
+
+ @invitation = Current.family.invitations.build(invitation_params)
+ @invitation.inviter = Current.user
+
+ if @invitation.save
+ InvitationMailer.invite_email(@invitation).deliver_later unless self_hosted?
+ flash[:notice] = t(".success")
+ else
+ flash[:alert] = t(".failure")
+ end
+
+ redirect_to settings_profile_path
+ end
+
+ def accept
+ @invitation = Invitation.find_by!(token: params[:id])
+
+ if @invitation.pending?
+ redirect_to new_registration_path(invitation: @invitation.token)
+ else
+ raise ActiveRecord::RecordNotFound
+ end
+ end
+
+ private
+
+ def invitation_params
+ params.require(:invitation).permit(:email, :role)
+ end
+end
diff --git a/app/controllers/onboardings_controller.rb b/app/controllers/onboardings_controller.rb
index 4fb5386f8f2..a98694712a8 100644
--- a/app/controllers/onboardings_controller.rb
+++ b/app/controllers/onboardings_controller.rb
@@ -1,7 +1,7 @@
class OnboardingsController < ApplicationController
layout "application"
-
before_action :set_user
+ before_action :load_invitation
def show
end
@@ -13,7 +13,12 @@ def preferences
end
private
+
def set_user
@user = Current.user
end
+
+ def load_invitation
+ @invitation = Invitation.accepted.most_recent_for_email(Current.user.email)
+ end
end
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 8c55e58d03a..b5613d443f3 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -4,36 +4,49 @@ class RegistrationsController < ApplicationController
layout "auth"
before_action :set_user, only: :create
+ before_action :set_invitation
before_action :claim_invite_code, only: :create, if: :invite_code_required?
def new
- @user = User.new
+ @user = User.new(email: @invitation&.email)
end
def create
- family = Family.new
- @user.family = family
- @user.role = :admin
+ if @invitation
+ @user.family = @invitation.family
+ @user.role = @invitation.role
+ @user.email = @invitation.email
+ else
+ family = Family.new
+ @user.family = family
+ @user.role = :admin
+ end
if @user.save
- Category.create_default_categories(@user.family)
+ @invitation&.update!(accepted_at: Time.current)
+ Category.create_default_categories(@user.family) unless @invitation
@session = create_session_for(@user)
- flash[:notice] = t(".success")
- redirect_to root_path
+ redirect_to root_path, notice: t(".success")
else
- flash[:alert] = t(".failure")
render :new, status: :unprocessable_entity
end
end
private
+ def set_invitation
+ token = params[:invitation]
+ token ||= params[:user][:invitation] if params[:user].present?
+ @invitation = Invitation.pending.find_by(token: token)
+ end
+
def set_user
- @user = User.new user_params.except(:invite_code)
+ @user = User.new user_params.except(:invite_code, :invitation)
end
- def user_params
- params.require(:user).permit(:name, :email, :password, :password_confirmation, :invite_code)
+ def user_params(specific_param = nil)
+ params = self.params.require(:user).permit(:name, :email, :password, :password_confirmation, :invite_code, :invitation)
+ specific_param ? params[specific_param] : params
end
def claim_invite_code
diff --git a/app/controllers/settings/profiles_controller.rb b/app/controllers/settings/profiles_controller.rb
index 0caca54c196..882824ecb64 100644
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@@ -1,5 +1,7 @@
class Settings::ProfilesController < SettingsController
def show
@user = Current.user
+ @users = Current.family.users.order(:created_at)
+ @pending_invitations = Current.family.invitations.pending
end
end
diff --git a/app/helpers/invitations_helper.rb b/app/helpers/invitations_helper.rb
new file mode 100644
index 00000000000..1483b9eeb7f
--- /dev/null
+++ b/app/helpers/invitations_helper.rb
@@ -0,0 +1,2 @@
+module InvitationsHelper
+end
diff --git a/app/mailers/invitation_mailer.rb b/app/mailers/invitation_mailer.rb
new file mode 100644
index 00000000000..d43a42fe60b
--- /dev/null
+++ b/app/mailers/invitation_mailer.rb
@@ -0,0 +1,11 @@
+class InvitationMailer < ApplicationMailer
+ def invite_email(invitation)
+ @invitation = invitation
+ @accept_url = accept_invitation_url(@invitation.token)
+
+ mail(
+ to: @invitation.email,
+ subject: t(".subject", inviter: @invitation.inviter.display_name)
+ )
+ end
+end
diff --git a/app/models/family.rb b/app/models/family.rb
index 80f392753d9..8d0d063bfbb 100644
--- a/app/models/family.rb
+++ b/app/models/family.rb
@@ -4,6 +4,7 @@ class Family < ApplicationRecord
include Providable
has_many :users, dependent: :destroy
+ has_many :invitations, dependent: :destroy
has_many :tags, dependent: :destroy
has_many :accounts, dependent: :destroy
has_many :institutions, dependent: :destroy
diff --git a/app/models/invitation.rb b/app/models/invitation.rb
new file mode 100644
index 00000000000..41770b50ac4
--- /dev/null
+++ b/app/models/invitation.rb
@@ -0,0 +1,37 @@
+class Invitation < ApplicationRecord
+ belongs_to :family
+ belongs_to :inviter, class_name: "User"
+
+ validates :email, presence: true, format: { with: URI::MailTo::EMAIL_REGEXP }
+ validates :role, presence: true, inclusion: { in: %w[admin member] }
+ validates :token, presence: true, uniqueness: true
+ validate :inviter_is_admin
+
+ before_validation :generate_token, on: :create
+ before_create :set_expiration
+
+ scope :pending, -> { where(accepted_at: nil).where("expires_at > ?", Time.current) }
+ scope :accepted, -> { where.not(accepted_at: nil) }
+ scope :most_recent_for_email, ->(email) { where(email: email).order(accepted_at: :desc).first }
+
+ def pending?
+ accepted_at.nil? && expires_at > Time.current
+ end
+
+ private
+
+ def generate_token
+ loop do
+ self.token = SecureRandom.hex(32)
+ break unless self.class.exists?(token: token)
+ end
+ end
+
+ def set_expiration
+ self.expires_at = 3.days.from_now
+ end
+
+ def inviter_is_admin
+ inviter.admin?
+ end
+end
diff --git a/app/views/invitation_mailer/invite_email.html.erb b/app/views/invitation_mailer/invite_email.html.erb
new file mode 100644
index 00000000000..c57be0a9492
--- /dev/null
+++ b/app/views/invitation_mailer/invite_email.html.erb
@@ -0,0 +1,11 @@
+<%= t(".greeting") %>
+
+
+ <%= t(".body",
+ inviter: @invitation.inviter.display_name,
+ family: @invitation.family.name).html_safe %>
+
+
+<%= link_to t(".accept_button"), @accept_url, class: "button" %>
+
+
\ No newline at end of file
diff --git a/app/views/invitations/new.html.erb b/app/views/invitations/new.html.erb
new file mode 100644
index 00000000000..5b6a455062e
--- /dev/null
+++ b/app/views/invitations/new.html.erb
@@ -0,0 +1,20 @@
+<%= modal_form_wrapper title: t(".title"), subtitle: t(".subtitle") do %>
+ <%= styled_form_with model: @invitation, class: "space-y-4", data: { turbo: false } do |form| %>
+ <%= form.email_field :email,
+ required: true,
+ placeholder: t(".email_placeholder"),
+ label: t(".email_label") %>
+
+ <%= form.select :role,
+ options_for_select([
+ [t(".role_member"), "member"],
+ [t(".role_admin"), "admin"]
+ ]),
+ {},
+ { label: t(".role_label") } %>
+
+
+ <%= form.submit t(".submit"), class: "bg-gray-900 text-white rounded-lg px-4 py-2 w-full" %>
+
+ <% end %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/layouts/mailer.html.erb b/app/views/layouts/mailer.html.erb
index 3aac9002edc..2d6f8c06d7e 100644
--- a/app/views/layouts/mailer.html.erb
+++ b/app/views/layouts/mailer.html.erb
@@ -2,12 +2,56 @@
+ <%= yield %>
+
diff --git a/app/views/onboardings/profile.html.erb b/app/views/onboardings/profile.html.erb
index e2bda5b7567..0e0b99f5732 100644
--- a/app/views/onboardings/profile.html.erb
+++ b/app/views/onboardings/profile.html.erb
@@ -9,7 +9,8 @@
<%= styled_form_with model: @user do |form| %>
- <%= form.hidden_field :redirect_to, value: "onboarding_preferences" %>
+ <%= form.hidden_field :redirect_to, value: @invitation ? "home" : "onboarding_preferences" %>
+ <%= form.hidden_field :onboarded_at, value: Time.current if @invitation %>
<%= t(".profile_image") %>
@@ -20,16 +21,17 @@
<%= form.text_field :first_name, placeholder: t(".first_name"), label: t(".first_name"), container_class: "bg-white w-1/2", required: true %>
<%= form.text_field :last_name, placeholder: t(".last_name"), label: t(".last_name"), container_class: "bg-white w-1/2", required: true %>
-
-
- <%= form.fields_for :family do |family_form| %>
- <%= family_form.text_field :name, placeholder: t(".household_name"), label: t(".household_name") %>
-
- <%= family_form.select :country,
- country_options,
- { label: t(".country") }, required: true %>
- <% end %>
-
+ <% unless @invitation %>
+
+ <%= form.fields_for :family do |family_form| %>
+ <%= family_form.text_field :name, placeholder: t(".household_name"), label: t(".household_name") %>
+
+ <%= family_form.select :country,
+ country_options,
+ { label: t(".country") }, required: true %>
+ <% end %>
+
+ <% end %>
<%= form.submit t(".submit") %>
<% end %>
diff --git a/app/views/registrations/new.html.erb b/app/views/registrations/new.html.erb
index df7200fe211..6ad1f066e07 100644
--- a/app/views/registrations/new.html.erb
+++ b/app/views/registrations/new.html.erb
@@ -1,5 +1,5 @@
<%
- header_title t(".title")
+ header_title @invitation ? t(".join_family_title", family: @invitation.family.name) : t(".title")
%>
<% if self_hosted_first_login? %>
@@ -7,14 +7,29 @@
<%= t(".welcome_title") %>
<%= t(".welcome_body") %>
+<% elsif @invitation %>
+
+
+ <%= t(".invitation_message",
+ inviter: @invitation.inviter.display_name,
+ role: t(".role_#{@invitation.role}")) %>
+
+
<%= Current.family.name %> · <%= Current.family.users.size %>
-
-
-
<%= Current.user.initial %>
+ <% @users.each do |user| %>
+
+
+ <%= render "settings/user_avatar", user: user %>
+
+
<%= user.display_name %>
+
-
<%= Current.user.display_name %>
-
-
<%= Current.user.role %>
-
-
+ <% end %>
+ <% if @pending_invitations.any? %>
+ <% @pending_invitations.each do |invitation| %>
+
+
+
+
<%= invitation.email[0] %>
+
+
+
<%= invitation.email %>
+
+
+
+ <% if self_hosted? %>
+
+
<%= t(".invitation_link") %>
+
<%= accept_invitation_url(invitation.token) %>
+
+
+
+ <%= lucide_icon "copy", class: "w-5 h-5" %>
+
+
+ <%= lucide_icon "check", class: "w-5 h-5" %>
+
+
+
+ <% end %>
+
+ <% end %>
+ <% end %>
+ <% if Current.user.admin? %>
+ <%= link_to new_invitation_path,
+ class: "bg-gray-100 flex items-center justify-center gap-2 text-gray-500 mt-1 hover:bg-gray-200 rounded-lg px-4 py-2 w-full text-center",
+ data: { turbo_frame: :modal } do %>
+ <%= lucide_icon("plus", class: "w-5 h-5 text-gray-500") %>
+ <%= t(".invite_member") %>
+ <% end %>
+ <% end %>