From 9a99981f6750fc80c252c349f4dd87ee0325182c Mon Sep 17 00:00:00 2001
From: Manuel Bustillo <bustikiller@bustikiller.com>
Date: Thu, 12 Jun 2025 22:53:50 +0200
Subject: [PATCH] Allow updating the status of guests from unauthenticated
 sessions

---
 app/controllers/guests_controller.rb      | 9 +++++++++
 app/controllers/invitations_controller.rb | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/controllers/guests_controller.rb b/app/controllers/guests_controller.rb
index 1b215eb..75c1072 100644
--- a/app/controllers/guests_controller.rb
+++ b/app/controllers/guests_controller.rb
@@ -6,6 +6,9 @@ require 'csv'
 
 class GuestsController < ApplicationController
   GUEST_PARAMS = { only: %i[id name status], include: { group: { only: %i[id name] } } }.freeze
+
+  skip_before_action :authenticate_user!, only: :update
+
   def index
     render json: Guest.includes(:group)
                       .left_joins(:group)
@@ -19,6 +22,12 @@ class GuestsController < ApplicationController
   end
 
   def update
+    if user_signed_in?
+      permitted_params = guest_params
+    else
+      permitted_params = params.expect(guest: %i[status])
+    end
+
     guest = Guest.find(params[:id]).update!(guest_params)
     render json: guest.as_json(GUEST_PARAMS), status: :ok
   end
diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index 8ae3fbb..f90e8d4 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -20,7 +20,7 @@ class InvitationsController < ApplicationController
     invitation = Invitation.includes(:guests).find(params[:id])
 
     if invitation
-      render json: invitation, only: :id, include: { guests: { only: %i[id name] } }, status: :ok
+      render json: invitation, only: :id, include: { guests: { only: %i[id name status] } }, status: :ok
     else
       render json: { error: 'Invitation not found' }, status: :not_found
     end