Skip to content

Social System, Invitations & Moderation, Notifications, and Robust Lookups #1053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rsmithlal merged 80 commits into from
Aug 29, 2025
Merged

Social System, Invitations & Moderation, Notifications, and Robust Lookups #1053

rsmithlal merged 80 commits into from
Aug 29, 2025

Conversation

@rsmithlal
Copy link
Member

@rsmithlal rsmithlal commented Aug 23, 2025
edited
Loading

PR #1053 — Social System, Invitations & Moderation, Notifications, and Robust Lookups

Summary

This PR introduces a first pass of the social system (block/unblock & management UI), a full invitations flow (event invitations + generic token-based accept/decline), refinements to notifications read-state handling, safer resource lookup paths across locales, and multiple quality-of-life improvements (setup wizard hard-landing, idempotent seed/builders, HTML/CSS sanitizers, doc updates).

🧑‍🤝‍🧑 Social System (Block/Unblock)

  • New/expanded PersonBlocksController:
    • Index now supports search over translated name/slug with proper policy scoping and joins; also surfaces blocked count and timestamps.
    • Adds new/create/destroy with Turbo Stream responses and clear flash notices (block/unblock confirmations).
    • JSON endpoint (search) returns a compact list for async selects.
    • Defensive helpers (safe current person lookup, not-found handling), and authz on all actions.

✉️ Invitations (Events & Generic Tokens)

  • Event Invitations (BetterTogether::Events::InvitationsController):
    • Create (pending by default), destroy, and resend with basic throttling (15-min).
    • Notifies invitees via Noticed or mailer; returns Turbo updates for flash and pending rows.
    • Strong params for email/validity window/locale/role.
  • Generic Invitations (BetterTogether::InvitationsController):
    • Show token landing; accept/decline with authentication guard.
    • For event invites, acceptance can call accept!(invitee_person:); decline redirects sensibly (event/root).

🔔 Notifications Read-State

  • Replaces record-object coupling with ID-based helpers:
    • mark_notifications_read_for_record_id(record_id, recipient:)
    • mark_notifications_read_for_event_records(event_class, record_ids, recipient:)
  • Controllers updated to use the new ID-centric methods to avoid joins complexity; applies to agreements and generic record reads.

🌍 Robust Friendly/Translated Lookups

  • FriendlyResourceController#set_resource_instance:
    1. Try translated slug across locales,
    2. Try Mobility KeyValue translation association,
    3. Fallback to friendly_id, then direct ID find; consistent not-found responses.
  • People/Users: dedicated find paths (people prefer translation/identifier first; users fetched by ID), plus friendlier error handling in admin views.

🧭 Setup Wizard Hard-Landing & Safe Form Resolution

  • SetupWizardController: show now redirects to first step consistently.
  • WizardStepsController: introduces an allow-list resolver to safely constantize form classes (WIZARD_FORM_CLASSES) and defend against misuse.

🧱 Idempotent Builders & Safer Seeds

  • Access-control and role/permission builders now find_or_initialize_by(identifier) and assign_attributes before saving—idempotent reruns without duplication.
  • Navigation builder deletes children before parents to satisfy FKs.
  • Agreement builder simplifies page linking (drops fallback friendly lookups).

🧼 Controllers & UX Refinements

  • ApplicationController: invitation-token handling consolidated; improved test-env exception logging; raise logic clarified for envs.
  • PeopleController: handles boolean toggles (notify_by_email, show_conversation_details) via explicit casting; safer resource resolution.
  • Agreements: Turbo modal rendering simplified; show action marks notifications read via record ID helper.
  • PlatformInvitationsController: eager-load unless production to ensure STI lookups succeed in dev/test.

🧩 API & Helpers

  • API controllers switch from require_dependency to require.
  • Content::BlocksHelper adds HTML sanitizer (allow-list of tags/attrs) and a basic CSS sanitizer (strip expression(), javascript: URLs).

🎨 Styles

  • Minor forms tweak: ensure select-search inputs adopt light-background text color in .ss-search input.

📚 Docs / Dev-Env Guidance

  • Documentation clarifies Dockerized dev usage (bin/dc-run, bin/dc-run-dummy) for DB-connected tasks (RSpec, generators, Brakeman, RuboCop) and which commands are exempt.
  • Security guidance updates Brakeman examples to run via Docker wrappers.

Impact / Notes for Host Apps

  • Moderation tooling: Built-in UI and endpoints to manage blocked users (searchable, countable, Turbo-friendly).
  • Invitations: End-to-end event invitations with mailers/notifiers and token accept/decline flows.
  • Stability: More reliable resource lookups in multi-locale/friendly contexts; safer wizard class resolution.
  • Seeds/Builders: Idempotent runs reduce data duplication and FK issues.
  • Security/Content: Sanitizers for custom block HTML/CSS; clearer Brakeman/Docker usage patterns.

@rsmithlal
Add RSpec command usage instructions to documentation
eacc819
@rsmithlal
Implement Block Management Interface with Search and Unblock Features
1ca7694 
- Added `rails-controller-testing` gem for enhanced controller testing.
- Updated `PersonBlocksController` to include search functionality for blocked users and display blocking timestamps.
- Created views for managing blocked users, including index and new block forms.
- Implemented AJAX responses for blocking and unblocking users with Turbo Streams.
- Enhanced policies to manage user permissions for blocking actions.
- Added acceptance criteria documentation for the Block Management Interface.
- Developed comprehensive controller specs to ensure functionality and edge cases are covered.
@rsmithlal rsmithlal changed the title Feature/social system Social System, Invitations & Moderation, Notifications, and Robust Lookups Aug 29, 2025
@rsmithlal rsmithlal merged commit bb048f9 into main Aug 29, 2025
13 checks passed
@rsmithlal rsmithlal deleted the feature/social-system branch August 29, 2025 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rsmithlal