Commit b8099cc2 authored by Doug Stull's avatar Doug Stull Committed by Peter Leitzen

Skip redundant accept if email matches user invite

- no need for double confirmation in the case where
  user has an invite and is not a member yet.
parent 27e3ac01
# frozen_string_literal: true # frozen_string_literal: true
class InvitesController < ApplicationController class InvitesController < ApplicationController
include Gitlab::Utils::StrongMemoize
before_action :member before_action :member
skip_before_action :authenticate_user!, only: :decline skip_before_action :authenticate_user!, only: :decline
helper_method :member?, :current_user_matches_invite?
respond_to :html respond_to :html
def show def show
accept if skip_invitation_prompt?
end end
def accept def accept
...@@ -38,6 +43,20 @@ class InvitesController < ApplicationController ...@@ -38,6 +43,20 @@ class InvitesController < ApplicationController
private private
def skip_invitation_prompt?
!member? && current_user_matches_invite?
end
def current_user_matches_invite?
@member.invite_email == current_user.email
end
def member?
strong_memoize(:is_member) do
@member.source.users.include?(current_user)
end
end
def member def member
return @member if defined?(@member) return @member if defined?(@member)
......
...@@ -20,21 +20,19 @@ ...@@ -20,21 +20,19 @@
= link_to group.name, group_url(group) = link_to group.name, group_url(group)
as #{@member.human_access}. as #{@member.human_access}.
- is_member = @member.source.users.include?(current_user) - if member?
- if is_member
%p %p
- member_source = @member.source.is_a?(Group) ? _("group") : _("project") - member_source = @member.source.is_a?(Group) ? _("group") : _("project")
= _("However, you are already a member of this %{member_source}. Sign in using a different account to accept the invitation.") % { member_source: member_source } = _("However, you are already a member of this %{member_source}. Sign in using a different account to accept the invitation.") % { member_source: member_source }
- if @member.invite_email != current_user.email - if !current_user_matches_invite?
%p %p
- mail_to_invite_email = mail_to(@member.invite_email) - mail_to_invite_email = mail_to(@member.invite_email)
- mail_to_current_user = mail_to(current_user.email) - mail_to_current_user = mail_to(current_user.email)
- link_to_current_user = link_to(current_user.to_reference, user_url(current_user)) - link_to_current_user = link_to(current_user.to_reference, user_url(current_user))
= _("Note that this invitation was sent to %{mail_to_invite_email}, but you are signed in as %{link_to_current_user} with email %{mail_to_current_user}.").html_safe % { mail_to_invite_email: mail_to_invite_email, mail_to_current_user: mail_to_current_user, link_to_current_user: link_to_current_user } = _("Note that this invitation was sent to %{mail_to_invite_email}, but you are signed in as %{link_to_current_user} with email %{mail_to_current_user}.").html_safe % { mail_to_invite_email: mail_to_invite_email, mail_to_current_user: mail_to_current_user, link_to_current_user: link_to_current_user }
- unless is_member - unless member?
.actions .actions
= link_to _("Accept invitation"), accept_invite_url(@token), method: :post, class: "btn btn-success" = link_to _("Accept invitation"), accept_invite_url(@token), method: :post, class: "btn btn-success"
= link_to _("Decline"), decline_invite_url(@token), method: :post, class: "btn btn-danger prepend-left-10" = link_to _("Decline"), decline_invite_url(@token), method: :post, class: "btn btn-danger prepend-left-10"
---
title: Remove the second prompt to accept or decline an invitation
merge_request: 35777
author:
type: changed
...@@ -4,21 +4,44 @@ require 'spec_helper' ...@@ -4,21 +4,44 @@ require 'spec_helper'
RSpec.describe InvitesController do RSpec.describe InvitesController do
let(:token) { '123456' } let(:token) { '123456' }
let(:user) { create(:user) } let_it_be(:user) { create(:user) }
let(:member) { create(:project_member, invite_token: token, invite_email: 'test@abc.com', user: user) } let(:member) { create(:project_member, :invited, invite_token: token, invite_email: user.email) }
let(:project_members) { member.source.users }
before do before do
controller.instance_variable_set(:@member, member) controller.instance_variable_set(:@member, member)
sign_in(user) sign_in(user)
end end
describe 'GET #accept' do describe 'GET #show' do
it 'accepts user if invite email matches signed in user' do
expect do
get :show, params: { id: token }
end.to change { project_members.include?(user) }.from(false).to(true)
expect(response).to have_gitlab_http_status(:found)
expect(flash[:notice]).to include 'You have been granted'
end
it 'forces re-confirmation if email does not match signed in user' do
member.invite_email = 'bogus@email.com'
expect do
get :show, params: { id: token }
end.not_to change { project_members.include?(user) }
expect(response).to have_gitlab_http_status(:ok)
expect(flash[:notice]).to be_nil
end
end
describe 'POST #accept' do
it 'accepts user' do it 'accepts user' do
get :accept, params: { id: token } expect do
member.reload post :accept, params: { id: token }
end.to change { project_members.include?(user) }.from(false).to(true)
expect(response).to have_gitlab_http_status(:found) expect(response).to have_gitlab_http_status(:found)
expect(member.user).to eq(user)
expect(flash[:notice]).to include 'You have been granted' expect(flash[:notice]).to include 'You have been granted'
end end
end end
...@@ -26,8 +49,8 @@ RSpec.describe InvitesController do ...@@ -26,8 +49,8 @@ RSpec.describe InvitesController do
describe 'GET #decline' do describe 'GET #decline' do
it 'declines user' do it 'declines user' do
get :decline, params: { id: token } get :decline, params: { id: token }
expect {member.reload}.to raise_error ActiveRecord::RecordNotFound
expect { member.reload }.to raise_error ActiveRecord::RecordNotFound
expect(response).to have_gitlab_http_status(:found) expect(response).to have_gitlab_http_status(:found)
expect(flash[:notice]).to include 'You have declined the invitation to join' expect(flash[:notice]).to include 'You have declined the invitation to join'
end end
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment