Feature/message opt in (#955)

This pull request introduces an opt-in mechanism for platform members to
receive direct messages, tightening permissions around who can be added
as participants in new or updated conversations. It centralizes
participant permission logic, updates error handling and feedback, and
adds localization for new messaging rules. The changes affect controller
logic, model preferences, policy enforcement, user interface, and
translations, ensuring members have explicit control over their
messaging privacy.

**Messaging Permissions & Participant Filtering:**
* Added a `receive_messages_from_members` preference to
`BetterTogether::Person`, defaulting to false, allowing members to opt
in to receive messages from non-managers.
* Centralized participant permission logic in
`ConversationPolicy#permitted_participants`, restricting regular members
to only message platform managers or opted-in members.
* Updated controller logic in `ConversationsController#create` and
`#update` to filter participant IDs using the new policy and provide
error feedback if only disallowed participants are submitted.
[[1]](diffhunk://#diff-6b6a5b6094bf58416efbcacae28ee7f545bd56152102b55f2c10441efd0b0cd1L28-R54)
[[2]](diffhunk://#diff-6b6a5b6094bf58416efbcacae28ee7f545bd56152102b55f2c10441efd0b0cd1L48-R107)
[[3]](diffhunk://#diff-6b6a5b6094bf58416efbcacae28ee7f545bd56152102b55f2c10441efd0b0cd1L150-R230)
[[4]](diffhunk://#diff-6b6a5b6094bf58416efbcacae28ee7f545bd56152102b55f2c10441efd0b0cd1L181-R246)

**User Interface & Feedback:**
* Added toggle switch to the person form for opting in to receive
messages from platform members, with explanatory text.
* Improved error display in the conversation form and added conditional
messaging button to person profiles based on permissions.
[[1]](diffhunk://#diff-d60c0c0b5850cdcc8d34927696501c783d1131819557241680c537bc15009b21L2-R4)
[[2]](diffhunk://#diff-f8131ad40c5e33f27d8e421b69d10a7b8bb421c5b60311a8158df354bdfbabedR35-R40)

**Localization & Error Messaging:**
* Added error messages and hints in English, Spanish, and French for
cases where no permitted participants are available, and for the new
opt-in feature.
[[1]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R716-R718)
[[2]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R1193)
[[3]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R1404-R1407)
[[4]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R1797)
[[5]](diffhunk://#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7R1840-R1841)
[[6]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R719-R721)
[[7]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R1197)
[[8]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R1412-R1415)
[[9]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R1792)
[[10]](diffhunk://#diff-4bbf4ee302c9607c80408361708b8b9fde3ee7afc5b505bfd69d429dd433f915R1836-R1837)
[[11]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R724-R726)
[[12]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R1203)
[[13]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R1421-R1424)
[[14]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R1824)
[[15]](diffhunk://#diff-2c5ab6165f7efe573a84107e0e51102ad47cefb0c65629759d7458eee14326e7R1868-R1869)

**Testing:**
* Added model and policy specs to verify opt-in preference behavior and
participant filtering.
[[1]](diffhunk://#diff-3d46edd17462b82a6311eda5d720295228aca57aceb70d33513f87fa7e0c90d3R1-R16)
[[2]](diffhunk://#diff-1d3db2f8c3a004bd5b4eb7c0deb75d92c8e5990f471dc6a43d7abfdac9bed667R1-R41)

Author: rsmithlal

app/controllers/better_together/conversations_controller.rb

@@ -25,11 +25,33 @@ def new
     end
 
     def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
-      @conversation = Conversation.new(conversation_params.merge(creator: helpers.current_person))
+      # Check if user supplied only disallowed participants
+      submitted_any = conversation_params[:participant_ids].present?
+      filtered_params = conversation_params_filtered
+      filtered_empty = Array(filtered_params[:participant_ids]).blank?
+
+      @conversation = Conversation.new(filtered_params.merge(creator: helpers.current_person))
 
       authorize @conversation
 
-      if @conversation.save
+      if submitted_any && filtered_empty
+        @conversation.errors.add(:conversation_participants,
+                                 t('better_together.conversations.errors.no_permitted_participants'))
+        respond_to do |format|
+          format.turbo_stream do
+            render turbo_stream: turbo_stream.update(
+              'form_errors',
+              partial: 'layouts/better_together/errors',
+              locals: { object: @conversation }
+            ), status: :unprocessable_entity
+          end
+          format.html do
+            # Ensure sidebar has data when rendering the new template
+            set_conversations
+            render :new, status: :unprocessable_entity
+          end
+        end
+      elsif @conversation.save
         @conversation.participants << helpers.current_person
 
         respond_to do |format|
@@ -45,15 +67,44 @@ def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
               locals: { object: @conversation }
             )
           end
-          format.html { render :new }
+          format.html do
+            # Ensure sidebar has data when rendering the new template
+            set_conversations
+            render :new
+          end
         end
       end
     end
 
-    def update # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
+    def update # rubocop:todo Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity
       authorize @conversation
       ActiveRecord::Base.transaction do # rubocop:todo Metrics/BlockLength
-        if @conversation.update(conversation_params)
+        submitted_any = conversation_params[:participant_ids].present?
+        filtered_params = conversation_params_filtered
+        filtered_empty = Array(filtered_params[:participant_ids]).blank?
+
+        if submitted_any && filtered_empty
+          @conversation.errors.add(:conversation_participants,
+                                   t('better_together.conversations.errors.no_permitted_participants'))
+          respond_to do |format|
+            format.turbo_stream do
+              render turbo_stream: turbo_stream.update(
+                'form_errors',
+                partial: 'layouts/better_together/errors',
+                locals: { object: @conversation }
+              ), status: :unprocessable_entity
+            end
+            format.html do
+              # Ensure sidebar has data when rendering the show template
+              set_conversations
+              # Ensure messages variables are set for the show template
+              @messages = @conversation.messages.with_all_rich_text
+                                       .includes(sender: [:string_translations]).order(:created_at)
+              @message = @conversation.messages.build
+              render :show, status: :unprocessable_entity
+            end
+          end
+        elsif @conversation.update(filtered_params)
           @messages = @conversation.messages.with_all_rich_text.includes(sender: [:string_translations])
                                    .order(:created_at)
           @message = @conversation.messages.build
@@ -147,26 +198,40 @@ def leave_conversation # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
     private
 
     def available_participants
-      participants = Person.all
-
-      unless helpers.current_person.permitted_to?('manage_platform')
-        # only allow messaging platform mangers unless you are a platform_manager
-        participants = participants.where(id: platform_manager_ids)
-      end
-
-      participants
+      # Delegate to policy to centralize participant permission logic
+      ConversationPolicy.new(helpers.current_user, Conversation.new).permitted_participants
     end
 
     def conversation_params
       params.require(:conversation).permit(:title, participant_ids: [])
     end
 
-    def set_conversation
-      @conversation = helpers.current_person.conversations.includes(participants: [
-                                                                      :string_translations,
-                                                                      :contact_detail,
-                                                                      { profile_image_attachment: :blob }
-                                                                    ]).find(params[:id])
+    # Ensure participant_ids only include people the agent is allowed to message.
+    # If none remain, keep it empty; creator is always added after create.
+    def conversation_params_filtered # rubocop:todo Metrics/AbcSize
+      permitted = ConversationPolicy.new(helpers.current_user, Conversation.new).permitted_participants
+      permitted_ids = permitted.pluck(:id)
+      # Always allow the current person (creator/participant) to appear in the list
+      permitted_ids << helpers.current_person.id if helpers.current_person
+      cp = conversation_params.dup
+      if cp[:participant_ids].present?
+        cp[:participant_ids] = Array(cp[:participant_ids]).map(&:presence).compact & permitted_ids
+      end
+      cp
+    end
+
+    def set_conversation # rubocop:todo Metrics/MethodLength
+      scope = helpers.current_person.conversations.includes(participants: [
+                                                              :string_translations,
+                                                              :contact_detail,
+                                                              { profile_image_attachment: :blob }
+                                                            ])
+      @conversation = scope.find(params[:id])
+      @set_conversation ||= Conversation.includes(participants: [
+                                                    :string_translations,
+                                                    :contact_detail,
+                                                    { profile_image_attachment: :blob }
+                                                  ]).find(params[:id])
     end
 
     def set_conversations
@@ -178,9 +243,6 @@ def set_conversations
                                                                      ]).order(updated_at: :desc).distinct(:id)
     end
 
-    def platform_manager_ids
-      role = BetterTogether::Role.find_by(identifier: 'platform_manager')
-      BetterTogether::PersonPlatformMembership.where(role_id: role.id).pluck(:member_id)
-    end
+    # platform_manager_ids now inferred by policy; kept here only if needed elsewhere
   end
 end

app/models/better_together/person.rb

@@ -71,6 +71,7 @@ def self.primary_community_delegation_attrs
     store_attributes :preferences do
       locale String, default: I18n.default_locale.to_s
       time_zone String, default: ENV.fetch('APP_TIME_ZONE', 'Newfoundland')
+      receive_messages_from_members Boolean, default: false
     end
 
     store_attributes :notification_preferences do

app/policies/better_together/conversation_policy.rb

@@ -23,6 +23,20 @@ def leave_conversation?
       user.present? && record.participants.size > 1
     end
 
+    # Returns the people that the agent is permitted to message
+    def permitted_participants
+      if permitted_to?('manage_platform')
+        BetterTogether::Person.all
+      else
+        role = BetterTogether::Role.find_by(identifier: 'platform_manager')
+        manager_ids = BetterTogether::PersonPlatformMembership.where(role_id: role.id).pluck(:member_id)
+        BetterTogether::Person.where(id: manager_ids)
+                              .or(BetterTogether::Person.where('preferences @> ?',
+                                                               { receive_messages_from_members: true }.to_json))
+                              .distinct
+      end
+    end
+
     class Scope < ApplicationPolicy::Scope
     end
   end

app/views/better_together/conversations/_form.html.erb

@@ -1,5 +1,7 @@
 <%= form_with(model: conversation, data: { turbo: false, controller: 'better_together--form-validation' }) do |form| %>
-	<%= turbo_frame_tag 'form_errors' %>
+	<%= turbo_frame_tag 'form_errors' do %>
+	  <%= render 'layouts/better_together/errors', object: conversation %>
+	<% end %>
 
 		<div class="mb-3">
 			<%= form.label :participant_ids, t('.add_participants') %>
@@ -15,4 +17,4 @@
 		<div>
 			<%= form.submit class: 'btn btn-sm btn-primary' %>
 		</div>
-		<% end %>
+		<% end %>

app/views/better_together/people/_form.html.erb

@@ -117,15 +117,20 @@
           <%= language_select_field(form:, selected_locale: person.locale) %>
           <small class="form-text text-muted"><%= t('helpers.hint.person.locale') %></small>
         </div>
-				<div class="mb-3">
-					<p><%= t('better_together.people.notification_preferences') %></p>
-					<%= render partial: 'better_together/shared/fields/toggle_switch', locals: {form:, attr: :notify_by_email} %>
-					  <small class="form-text text-muted"><%= t('helpers.hint.person.notify_by_email') %></small>
-				</div>
-				<div class="mb-3">
-					<%= render partial: 'better_together/shared/fields/toggle_switch', locals: {form:, attr: :show_conversation_details} %>
-					  <small class="form-text text-muted"><%= t('helpers.hint.person.show_conversation_details') %></small>
-				</div>
+					<div class="mb-3">
+						<p><%= t('better_together.people.notification_preferences') %></p>
+						<%= render partial: 'better_together/shared/fields/toggle_switch', locals: {form:, attr: :notify_by_email} %>
+						<small class="form-text text-muted"><%= t('helpers.hint.person.notify_by_email') %></small>
+					</div>
+					<div class="mb-3">
+						<%= render partial: 'better_together/shared/fields/toggle_switch', locals: {form:, attr: :show_conversation_details} %>
+						<small class="form-text text-muted"><%= t('helpers.hint.person.show_conversation_details') %></small>
+					</div>
+					<div class="mb-3">
+						<p><%= t('better_together.people.allow_messages_from_members') %></p>
+						<%= render partial: 'better_together/shared/fields/toggle_switch', locals: {form:, attr: :receive_messages_from_members} %>
+						<small class="form-text text-muted"><%= t('helpers.hint.person.allow_messages_from_members') %></small>
+					</div>
       </div>
 
       <!-- Device Permissions Tab -->

app/views/better_together/people/show.html.erb

@@ -32,6 +32,12 @@
                    destroy_path: policy(@person).destroy? ? person_path(@person) : nil,
                    destroy_confirm: t('people.confirm_delete'),
                    destroy_aria_label: 'Delete Profile' %>
+        <% conversation = BetterTogether::Conversation.new %>
+        <% if policy(conversation).create? && policy(conversation).permitted_participants.include?(@person) %>
+          <%= link_to new_conversation_path(conversation: { participant_ids: [@person.id] }), class: 'btn btn-outline-primary btn-sm me-2', 'aria-label' => t('globals.message') do %>
+            <i class="fas fa-envelope"></i> <%= t('globals.message') %>
+          <% end %>
+        <% end %>
       </div>
     </div>
   </div>

bin/ci

@@ -5,12 +5,13 @@ export RAILS_ENV="${RAILS_ENV:-test}"
 export NODE_ENV="${NODE_ENV:-test}"
 export DISABLE_SPRING=1
 
-# Ensure DB is ready (uses DATABASE_URL)
-cd spec/dummy
+# Prepare the dummy app database (uses DATABASE_URL), but run specs from project root
+pushd spec/dummy >/dev/null
 bundle exec rails db:prepare
+popd >/dev/null
 
 # Optional: assets if your specs need them
-# bundle exec rails assets:precompile || true
+# pushd spec/dummy >/dev/null && bundle exec rails assets:precompile || true; popd >/dev/null || true
 
-# Run specs from dummy
+# Run specs from project root
 bundle exec rspec --format documentation

config/locales/en.yml

@@ -713,6 +713,9 @@ en:
         options_tooltip: Conversation Options
       empty:
         no_messages: No messages yet. Why not start the conversation?
+      errors:
+        no_permitted_participants: You can only add platform managers or members who
+          have opted in to receive messages.
       form:
         add_participants: Add participants
         create_conversation: Create conversation
@@ -1187,6 +1190,7 @@ en:
       index:
         new_page: New page
     people:
+      allow_messages_from_members: Allow messages from platform members
       device_permissions:
         camera: Camera
         location: Location
@@ -1397,6 +1401,10 @@ en:
   content: Content
   conversation: :activerecord.models.conversation
   conversation_participants: Conversation participants
+  conversations:
+    errors:
+      no_permitted_participants: You can only add platform managers or members who
+        have opted in to receive messages.
   date:
     abbr_day_names:
     - Sun
@@ -1786,6 +1794,7 @@ en:
       save: Save
     hidden: Hidden
     locale: Locale
+    message: Message
     new: New
     'no': 'No'
     no_description: No description
@@ -1828,6 +1837,8 @@ en:
       images:
         cover_image: Cover image
       person:
+        allow_messages_from_members: Opt-in to receive messages from people other
+          than platform managers.
         cover_image: Upload a cover image to display at the top of the profile.
         description: Provide a brief description or biography.
         locale: Select the preferred language for the person.

config/locales/es.yml

@@ -716,6 +716,9 @@ es:
         options_tooltip: Opciones de Conversación
       empty:
         no_messages: Aún no hay mensajes. ¿Por qué no iniciar la conversación?
+      errors:
+        no_permitted_participants: Solo puedes agregar administradores de la plataforma
+          o miembros que hayan optado por recibir mensajes.
       form:
         add_participants: Agregar participantes
         create_conversation: Crear conversación
@@ -1191,6 +1194,7 @@ es:
       index:
         new_page: Nueva página
     people:
+      allow_messages_from_members: Permitir mensajes de miembros de la plataforma
       device_permissions:
         camera: Cámara
         location: Ubicación
@@ -1405,6 +1409,10 @@ es:
   content: Contenido
   conversation: :activerecord.models.conversation
   conversation_participants: Participantes de la conversación
+  conversations:
+    errors:
+      no_permitted_participants: Solo puedes agregar administradores de la plataforma
+        o miembros que hayan optado por recibir mensajes.
   date:
     abbr_day_names: '["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"]'
     abbr_month_names: '[nil, "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
@@ -1781,6 +1789,7 @@ es:
       save: Guardar
     hidden: Oculto
     locale: Idioma
+    message: Mensaje
     new: Nuevo
     'no': 'No'
     no_description: Sin descripción
@@ -1824,6 +1833,8 @@ es:
       images:
         cover_image: Imagen de portada
       person:
+        allow_messages_from_members: Optar por recibir mensajes de personas que no
+          sean administradores de la plataforma. than platform managers.
         cover_image: Sube una imagen de portada para mostrar en la parte superior
           del perfil.
         description: Proporcione una breve descripción o biografía.

config/locales/fr.yml

@@ -721,6 +721,9 @@ fr:
       empty:
         no_messages: Aucun message pour l'instant. Pourquoi ne pas commencer la conversation
           ?
+      errors:
+        no_permitted_participants: Vous ne pouvez ajouter que des gestionnaires de
+          plateforme ou des membres ayant choisi de recevoir des messages.
       form:
         add_participants: Ajouter des participants
         create_conversation: Créer une conversation
@@ -1197,6 +1200,7 @@ fr:
       index:
         new_page: Nouvelle page
     people:
+      allow_messages_from_members: Autoriser les messages des membres de la plateforme
       device_permissions:
         camera: Caméra
         location: Localisation
@@ -1414,6 +1418,10 @@ fr:
   content: Contenu
   conversation: :activerecord.models.conversation
   conversation_participants: Participants à la conversation
+  conversations:
+    errors:
+      no_permitted_participants: Vous ne pouvez ajouter que des gestionnaires de plateforme
+        ou des membres ayant choisi de recevoir des messages.
   date:
     abbr_day_names:
     - dim
@@ -1813,6 +1821,7 @@ fr:
       save: Enregistrer
     hidden: Caché
     locale: Locale
+    message: Message
     new: Nouveau
     'no': Non
     no_description: Pas de description
@@ -1856,6 +1865,8 @@ fr:
       images:
         cover_image: Cover image
       person:
+        allow_messages_from_members: Choisir de recevoir des messages provenant de
+          personnes autres que les gestionnaires de la plateforme. than platform managers.
         cover_image: Téléchargez une image de couverture à afficher en haut du profil.
         description: Fournissez une brève description ou biographie.
         locale: Sélectionnez la langue préférée pour la personne.