dawarich/app/policies/family/invitation_policy.rb

# frozen_string_literal: true

class Family::InvitationPolicy < ApplicationPolicy
  def show?
    # Public endpoint for invitation acceptance - no authentication required
    true
  end

  def create?
    return false unless user

    user.family == record.family && user.family_owner?
  end

  def accept?
    # Users can accept invitations sent to their email
    return false unless user

    user.email == record.email
  end

  def destroy?
    # Only family owners can cancel invitations
    create?
  end
end
Refactor family invitations and memberships into separate models and controllers 2025-10-07 12:38:06 -04:00			`# frozen_string_literal: true`

			`class Family::InvitationPolicy < ApplicationPolicy`
			`def show?`
			`# Public endpoint for invitation acceptance - no authentication required`
			`true`
			`end`

			`def create?`
Fix some minor stuff 2025-10-11 08:17:48 -04:00			`return false unless user`

Refactor family invitations and memberships into separate models and controllers 2025-10-07 12:38:06 -04:00			`user.family == record.family && user.family_owner?`
			`end`

			`def accept?`
			`# Users can accept invitations sent to their email`
Fix some minor stuff 2025-10-11 08:17:48 -04:00			`return false unless user`

Refactor family invitations and memberships into separate models and controllers 2025-10-07 12:38:06 -04:00			`user.email == record.email`
			`end`

			`def destroy?`
			`# Only family owners can cancel invitations`
Fix some minor stuff 2025-10-11 08:17:48 -04:00			`create?`
Refactor family invitations and memberships into separate models and controllers 2025-10-07 12:38:06 -04:00			`end`
			`end`