Allow updating the status of guests from unauthenticated sessions

2025-06-12 22:53:50 +02:00 · 2025-06-12 22:53:50 +02:00 · 9a99981f67
commit 9a99981f67
parent 82a39bce82
2 changed files with 10 additions and 1 deletions
--- a/app/controllers/guests_controller.rb
+++ b/app/controllers/guests_controller.rb
@ -6,6 +6,9 @@ require 'csv'

 class GuestsController < ApplicationController
  GUEST_PARAMS = { only: %i[id name status], include: { group: { only: %i[id name] } } }.freeze
+
+  skip_before_action :authenticate_user!, only: :update
+
  def index
    render json: Guest.includes(:group)
                      .left_joins(:group)
@ -19,6 +22,12 @@ class GuestsController < ApplicationController
  end

  def update
+    if user_signed_in?
+      permitted_params = guest_params
+    else
+      permitted_params = params.expect(guest: %i[status])
+    end
+
    guest = Guest.find(params[:id]).update!(guest_params)
    render json: guest.as_json(GUEST_PARAMS), status: :ok
  end
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@ -20,7 +20,7 @@ class InvitationsController < ApplicationController
    invitation = Invitation.includes(:guests).find(params[:id])

    if invitation
-      render json: invitation, only: :id, include: { guests: { only: %i[id name] } }, status: :ok
+      render json: invitation, only: :id, include: { guests: { only: %i[id name status] } }, status: :ok
    else
      render json: { error: 'Invitation not found' }, status: :not_found
    end