Use id to cancel invitations

2026-01-10 01:01:39 -05:00 · 2025-09-28 18:50:02 +02:00 · 2025-09-28 18:50:02 +02:00 · f30b4bcafd
commit f30b4bcafd
parent 2eb374676a
3 changed files with 11 additions and 7 deletions
--- a/app/controllers/family_invitations_controller.rb
+++ b/app/controllers/family_invitations_controller.rb
@ -4,7 +4,8 @@ class FamilyInvitationsController < ApplicationController
  before_action :authenticate_user!, except: %i[show accept]
  before_action :ensure_family_feature_enabled!, except: %i[show accept]
  before_action :set_family, except: %i[show accept]
-  before_action :set_invitation, only: %i[show accept destroy]
+  before_action :set_invitation_by_token, only: %i[show accept]
+  before_action :set_invitation_by_id, only: %i[destroy]

  def index
    authorize @family, :show?
@ -106,10 +107,14 @@ class FamilyInvitationsController < ApplicationController
    redirect_to families_path, alert: 'Family not found' and return unless @family
  end

-  def set_invitation
+  def set_invitation_by_token
    @invitation = FamilyInvitation.find_by!(token: params[:id])
  end

+  def set_invitation_by_id
+    @invitation = @family.family_invitations.find(params[:id])
+  end
+
  def invitation_params
    params.require(:family_invitation).permit(:email)
  end
--- a/app/views/families/show.html.erb
+++ b/app/views/families/show.html.erb
@ -106,7 +106,7 @@
                <% if policy(@family).manage_invitations? %>
                  <%= link_to family_invitation_path(@family, invitation),
                        method: :delete,
-                        confirm: 'Are you sure you want to cancel this invitation?',
+                        data: { confirm: 'Are you sure you want to cancel this invitation?', turbo_confirm: 'Are you sure you want to cancel this invitation?' },
                        class: "text-red-600 hover:text-red-800 dark:text-red-400 dark:hover:text-red-300 text-sm font-medium" do %>
                    Cancel
                  <% end %>
--- a/spec/requests/family_invitations_spec.rb
+++ b/spec/requests/family_invitations_spec.rb
@ -240,14 +240,13 @@ RSpec.describe 'Family Invitations', type: :request do
    before { sign_in user }

    it 'cancels the invitation' do
-      delete "/families/#{family.id}/invitations/#{invitation.token}"
+      delete "/families/#{family.id}/invitations/#{invitation.id}"
      invitation.reload
      expect(invitation.status).to eq('cancelled')
-      expect(response).to redirect_to(family_path(family))
    end

    it 'redirects with success message' do
-      delete "/families/#{family.id}/invitations/#{invitation.token}"
+      delete "/families/#{family.id}/invitations/#{invitation.id}"
      expect(response).to redirect_to(family_path(family))
      follow_redirect!
      expect(response.body).to include('Invitation cancelled')
@ -257,7 +256,7 @@ RSpec.describe 'Family Invitations', type: :request do
      before { membership.update!(role: :member) }

      it 'redirects due to authorization failure' do
-        delete "/families/#{family.id}/invitations/#{invitation.token}"
+        delete "/families/#{family.id}/invitations/#{invitation.id}"
        expect(response).to have_http_status(:see_other)
        expect(flash[:alert]).to include('not authorized')
      end