From 9a99981f6750fc80c252c349f4dd87ee0325182c Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Thu, 12 Jun 2025 22:53:50 +0200 Subject: [PATCH 1/2] Allow updating the status of guests from unauthenticated sessions --- app/controllers/guests_controller.rb | 9 +++++++++ app/controllers/invitations_controller.rb | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/guests_controller.rb b/app/controllers/guests_controller.rb index 1b215eb..75c1072 100644 --- a/app/controllers/guests_controller.rb +++ b/app/controllers/guests_controller.rb @@ -6,6 +6,9 @@ require 'csv' class GuestsController < ApplicationController GUEST_PARAMS = { only: %i[id name status], include: { group: { only: %i[id name] } } }.freeze + + skip_before_action :authenticate_user!, only: :update + def index render json: Guest.includes(:group) .left_joins(:group) @@ -19,6 +22,12 @@ class GuestsController < ApplicationController end def update + if user_signed_in? + permitted_params = guest_params + else + permitted_params = params.expect(guest: %i[status]) + end + guest = Guest.find(params[:id]).update!(guest_params) render json: guest.as_json(GUEST_PARAMS), status: :ok end diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb index 8ae3fbb..f90e8d4 100644 --- a/app/controllers/invitations_controller.rb +++ b/app/controllers/invitations_controller.rb @@ -20,7 +20,7 @@ class InvitationsController < ApplicationController invitation = Invitation.includes(:guests).find(params[:id]) if invitation - render json: invitation, only: :id, include: { guests: { only: %i[id name] } }, status: :ok + render json: invitation, only: :id, include: { guests: { only: %i[id name status] } }, status: :ok else render json: { error: 'Invitation not found' }, status: :not_found end From efb5cf64f5acb7ce4fa242a26514366a4b1dc716 Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Thu, 12 Jun 2025 23:01:03 +0200 Subject: [PATCH 2/2] Minor changes --- app/controllers/guests_controller.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/app/controllers/guests_controller.rb b/app/controllers/guests_controller.rb index 75c1072..1fa29f6 100644 --- a/app/controllers/guests_controller.rb +++ b/app/controllers/guests_controller.rb @@ -22,12 +22,6 @@ class GuestsController < ApplicationController end def update - if user_signed_in? - permitted_params = guest_params - else - permitted_params = params.expect(guest: %i[status]) - end - guest = Guest.find(params[:id]).update!(guest_params) render json: guest.as_json(GUEST_PARAMS), status: :ok end @@ -40,6 +34,6 @@ class GuestsController < ApplicationController private def guest_params - params.expect(guest: %i[name group_id status]) + user_signed_in? ? params.expect(guest: %i[name group_id status]) : params.expect(guest: %i[status]) end end