Implement invitation token authorization and enhance event invitation handling

- Introduced InvitationTokenAuthorization concern for context-aware authorization.
- Updated EventsController to handle invitation tokens and mark notifications as read.
- Enhanced RegistrationsController to pre-fill user email from event invitations.
- Modified EventInvitationsMailer to read invitations from parameters.
- Added event invitation handling in policies for access control.
- Created views for invitation review and notifications.
- Updated Person model to associate with event invitations.

Author: rsmithlal

app/controllers/better_together/events/invitations_controller.rb

@@ -117,7 +117,8 @@ def notify_invitee(invitation) # rubocop:todo Metrics/AbcSize, Metrics/MethodLen
 
         if invitation.for_existing_user? && invitation.invitee.present?
           # Send notification to existing user through the notification system
-          BetterTogether::EventInvitationNotifier.with(invitation:).deliver_later(invitation.invitee)
+          BetterTogether::EventInvitationNotifier.with(record: invitation.invitable,
+                                                       invitation:).deliver_later(invitation.invitee)
           invitation.update_column(:last_sent, Time.zone.now)
         elsif invitation.for_email?
           # Send email directly to external email address (bypassing notification system)

app/controllers/better_together/events_controller.rb

@@ -3,6 +3,9 @@
 module BetterTogether
   # CRUD for BetterTogether::Event
   class EventsController < FriendlyResourceController # rubocop:todo Metrics/ClassLength
+    include InvitationTokenAuthorization
+    include NotificationReadable
+
     before_action if: -> { Rails.env.development? } do
       # Make sure that all subclasses are loaded in dev to generate type selector
       Rails.application.eager_load!
@@ -25,6 +28,11 @@ def show
         return
       end
 
+      # Check for valid invitation if accessing via invitation token
+      @current_invitation = find_invitation_by_token
+
+      mark_match_notifications_read_for(resource_instance)
+
       super
     end
 
@@ -91,6 +99,33 @@ def resource_class
       ::BetterTogether::Event
     end
 
+    def resource_collection
+      # Set invitation token for policy scope
+      invitation_token = params[:invitation_token] || session[:event_invitation_token]
+      set_current_invitation_token(invitation_token)
+
+      super
+    end
+
+    # Override the parent's authorize_resource method to include invitation token context
+    def authorize_resource
+      # Set invitation token for authorization
+      invitation_token = params[:invitation_token] || session[:event_invitation_token]
+      set_current_invitation_token(invitation_token)
+
+      authorize resource_instance
+    end
+
+    # Helper method to find invitation by token
+    def find_invitation_by_token
+      return nil unless current_invitation_token.present?
+
+      BetterTogether::EventInvitation.find_by(
+        token: current_invitation_token,
+        invitable: @event
+      )
+    end
+
     private
 
     # rubocop:todo Metrics/MethodLength

app/controllers/better_together/invitations_controller.rb

@@ -32,7 +32,7 @@ def accept # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
     end
 
     def decline # rubocop:todo Metrics/MethodLength
-      ensure_authenticated!
+      # ensure_authenticated!
       return if performed?
 
       if @invitation.respond_to?(:decline!)
@@ -61,9 +61,30 @@ def find_invitation_by_token
     end
 
     def ensure_authenticated!
-      return if helpers.current_person.present?
+      return if current_user
+
+      # Store invitation token in session for after authentication
+      if @invitation.is_a?(BetterTogether::EventInvitation)
+        session[:event_invitation_token] = @invitation.token
+        session[:event_invitation_expires_at] = 24.hours.from_now
+      end
+
+      if BetterTogether::User.find_by(email: @invitation.invitee_email).present?
+        redirect_path = new_user_session_path(locale: I18n.locale)
+        redirect_notice = t('better_together.invitations.login_to_respond',
+                            default: 'Please log in to respond to your invitation.')
+      else
+        redirect_path = new_user_registration_path(locale: I18n.locale)
+        redirect_notice = t('better_together.invitations.register_to_respond',
+                            default: 'Please register to respond to your invitation.')
+      end
+
+      redirect_to redirect_path, notice: redirect_notice
+    end
 
-      redirect_to new_user_session_path(locale: I18n.locale), alert: t('flash.generic.unauthorized')
+    def set_event_invitation_from_session
+      # This ensures @event_invitation is available in ApplicationController
+      @event_invitation = @invitation if @invitation.is_a?(BetterTogether::EventInvitation)
     end
   end
 end

app/controllers/better_together/users/registrations_controller.rb

@@ -8,6 +8,7 @@ class RegistrationsController < ::Devise::RegistrationsController # rubocop:todo
 
       skip_before_action :check_platform_privacy
       before_action :set_required_agreements, only: %i[new create]
+      before_action :set_event_invitation_from_session, only: %i[new create]
       before_action :configure_account_update_params, only: [:update]
 
       # PUT /resource
@@ -62,7 +63,14 @@ def update # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
 
       def new
         super do |user|
+          # Pre-fill email from platform invitation
           user.email = @platform_invitation.invitee_email if @platform_invitation && user.email.empty?
+
+          if @event_invitation
+            # Pre-fill email from event invitation
+            user.email = @event_invitation.invitee_email if @event_invitation && user.email.empty?
+            user.person = @event_invitation.invitee if @event_invitation.invitee.present?
+          end
         end
       end
 
@@ -78,22 +86,25 @@ def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
           super do |user|
             return unless user.persisted?
 
-            user.build_person(person_params)
+            if @event_invitation && @event_invitation.invitee.present?
+              user.person = @event_invitation.invitee
+              user.person.update(person_params)
+            else
+              user.build_person(person_params)
+            end
 
             if user.save!
               user.reload
 
-              community_role = if @platform_invitation
-                                 @platform_invitation.community_role
-                               else
-                                 ::BetterTogether::Role.find_by(identifier: 'community_member')
-                               end
+              # Handle community membership based on invitation type
+              community_role = determine_community_role
 
               helpers.host_community.person_community_memberships.create!(
                 member: user.person,
                 role: community_role
               )
 
+              # Handle platform invitation
               if @platform_invitation
                 if @platform_invitation.platform_role
                   helpers.host_platform.person_platform_memberships.create!(
@@ -105,6 +116,16 @@ def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
                 @platform_invitation.accept!(invitee: user.person)
               end
 
+              # Handle event invitation
+              if @event_invitation
+                @event_invitation.update!(invitee: user.person)
+                @event_invitation.accept!(invitee_person: user.person)
+
+                # Clear session data
+                session.delete(:event_invitation_token)
+                session.delete(:event_invitation_expires_at)
+              end
+
               create_agreement_participants(user.person)
             end
           end
@@ -129,13 +150,39 @@ def set_required_agreements
       end
 
       def after_sign_up_path_for(resource)
+        # Redirect to event if signed up via event invitation
+        return better_together.event_path(@event_invitation.event) if @event_invitation&.event
+
         if is_navigational_format? && helpers.host_platform&.privacy_private?
           return better_together.new_user_session_path
         end
 
         super
       end
 
+      def set_event_invitation_from_session
+        return unless session[:event_invitation_token].present?
+
+        # Check if session token is still valid
+        return if session[:event_invitation_expires_at].present? &&
+                  Time.current > session[:event_invitation_expires_at]
+
+        @event_invitation = ::BetterTogether::EventInvitation.pending.not_expired
+                                                             .find_by(token: session[:event_invitation_token])
+
+        nil if @event_invitation
+      end
+
+      def determine_community_role
+        return @platform_invitation.community_role if @platform_invitation
+
+        # For event invitations, use the event creator's community
+        return @event_invitation.role if @event_invitation && @event_invitation.role.present?
+
+        # Default role
+        ::BetterTogether::Role.find_by(identifier: 'community_member')
+      end
+
       def after_inactive_sign_up_path_for(resource)
         if is_navigational_format? && helpers.host_platform&.privacy_private?
           return better_together.new_user_session_path

app/controllers/concerns/better_together/invitation_token_authorization.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  # Concern to override Pundit's authorize method to support invitation token authorization
+  # This allows policies to receive invitation tokens for context-aware authorization
+  module InvitationTokenAuthorization
+    extend ActiveSupport::Concern
+
+    included do
+      attr_reader :current_invitation_token
+    end
+
+    private
+
+    # Override Pundit's authorize method to pass invitation token to policies
+    # @param record [Object] The record to authorize
+    # @param query [Symbol] The policy method to call (defaults to action query) - can be positional or keyword arg
+    # @param policy_class [Class] Optional policy class override
+    # @return [Object] The authorized record
+    def authorize(record, query = nil, policy_class: nil)
+      # Handle both old syntax: authorize(record, :query?) and new syntax: authorize(record, query: :query?)
+      query ||= "#{action_name}?"
+      policy_class ||= policy_class_for(record)
+
+      # Create policy instance with invitation token
+      policy = policy_class.new(current_user, record, invitation_token: current_invitation_token)
+
+      # Check authorization
+      raise Pundit::NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
+
+      # Mark that authorization was performed (required for verify_authorized)
+      @_pundit_policy_authorized = true
+
+      record
+    end
+
+    # Override Pundit's policy_scope method to pass invitation token to policy scopes
+    # @param scope [Class] The scope class (typically a model class)
+    # @param policy_scope_class [Class] Optional policy scope class override
+    # @return [Object] The scoped collection
+    def policy_scope(scope, policy_scope_class: nil, invitation_token: nil)
+      policy_scope_class ||= policy_scope_class_for(scope)
+
+      # Use provided invitation token or fall back to current
+      token = invitation_token || current_invitation_token
+
+      # Create policy scope instance with invitation token
+      policy_scope_class.new(current_user, scope, invitation_token: token).resolve
+    end
+
+    # Set the current invitation token for use in authorization
+    # @param token [String] The invitation token
+    def set_current_invitation_token(token)
+      @current_invitation_token = token
+    end
+
+    # Helper method to determine policy class for a record
+    # @param record [Object] The record to find policy for
+    # @return [Class] The policy class
+    def policy_class_for(record)
+      if record.is_a?(Class)
+        "#{record.name}Policy".constantize
+      else
+        "#{record.class.name}Policy".constantize
+      end
+    end
+
+    # Helper method to determine policy scope class for a scope
+    # @param scope [Class] The scope class
+    # @return [Class] The policy scope class
+    def policy_scope_class_for(scope)
+      "#{scope.name}Policy::Scope".constantize
+    end
+  end
+end

app/mailers/better_together/event_invitations_mailer.rb

@@ -2,16 +2,19 @@
 
 module BetterTogether
   class EventInvitationsMailer < ApplicationMailer # rubocop:todo Style/Documentation
-    def invite(invitation)
+    # Parameterized mailer: Noticed calls mailer.with(params).invite
+    # so read the invitation from params rather than using a positional arg.
+    def invite
+      invitation = params[:invitation]
       @invitation = invitation
-      @event = invitation.invitable
-      @invitation_url = invitation.url_for_review
+      @event = invitation&.invitable
+      @invitation_url = invitation&.url_for_review
 
-      to_email = invitation.invitee_email.to_s
+      to_email = invitation&.invitee_email.to_s
       return if to_email.blank?
 
       # Use the invitation's locale for proper internationalization
-      I18n.with_locale(invitation.locale) do
+      I18n.with_locale(invitation&.locale) do
         mail(to: to_email,
              subject: I18n.t('better_together.event_invitations_mailer.invite.subject',
                              event_name: @event&.name,

app/models/better_together/person.rb

@@ -46,7 +46,9 @@ def self.primary_community_delegation_attrs
     has_many :agreements, through: :agreement_participants
 
     has_many :calendars, foreign_key: :creator_id, class_name: 'BetterTogether::Calendar', dependent: :destroy
+
     has_many :event_attendances, class_name: 'BetterTogether::EventAttendance', dependent: :destroy
+    has_many :event_invitations, class_name: 'BetterTogether::EventInvitation', as: :invitee, dependent: :destroy
 
     has_one :user_identification,
             lambda {

app/notifiers/better_together/event_invitation_notifier.rb

@@ -9,30 +9,38 @@ class EventInvitationNotifier < ApplicationNotifier # rubocop:todo Style/Documen
 
     required_param :invitation
 
-    def event
-      params[:invitation].invitable
+    notification_methods do
+      delegate :title, :body, :invitation, :invitable, to: :event
     end
 
+    def invitation = params[:invitation]
+    def invitable = params[:invitable] || invitation&.invitable
+
     def title
       I18n.with_locale(params[:invitation].locale) do
         I18n.t('better_together.notifications.event_invitation.title',
-               event_name: event&.name, default: 'You have been invited to an event')
+               event_name: invitable&.name, default: 'You have been invited to an event')
       end
     end
 
     def body
       I18n.with_locale(params[:invitation].locale) do
         I18n.t('better_together.notifications.event_invitation.body',
-               event_name: event&.name, default: 'Invitation to %<event_name>s')
+               event_name: invitable&.name, default: 'Invitation to %<event_name>s')
       end
     end
 
     def build_message(_notification)
-      { title:, body:, url: params[:invitation].url_for_review }
+      # Pass the invitable (event) as the notification url object so views can
+      # link to the event record (consistent with other notifiers that pass
+      # domain objects like agreement/request).
+      { title:, body:, url: invitation.url_for_review }
     end
 
     def email_params(_notification)
-      params[:invitation]
+      # Include the invitation and the invitable (event) so mailers and views
+      # have the full context without needing to resolve the invitation.
+      { invitation: params[:invitation], invitable: }
     end
   end
 end