Joining groups

Gemfile

@@ -24,6 +24,7 @@ gem 'jbuilder', '~> 2.5'
 # gem 'redis', '~> 4.0'
 # Use ActiveModel has_secure_password
 gem 'bcrypt', '~> 3.1.7'
+gem 'strong_password', '~> 0.0.6'
 
 # Use ActiveStorage variant
 # gem 'mini_magick', '~> 4.8'
@@ -44,6 +45,12 @@ group :development, :test do
   gem 'launchy'
 end
 
+group :test do
+  gem 'database_cleaner'
+  gem 'shoulda-matchers', '4.0.0.rc1'
+  gem 'rails-controller-testing'
+end
+
 group :development do
   # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
   gem 'web-console', '>= 3.3.0'

Gemfile.lock

@@ -51,13 +51,14 @@ GEM
       msgpack (~> 1.0)
     builder (3.2.3)
     byebug (10.0.2)
-    capybara (3.8.2)
+    capybara (3.10.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      xpath (~> 3.1)
+      regexp_parser (~> 1.2)
+      xpath (~> 3.2)
     coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
       railties (>= 4.0.0)
@@ -67,6 +68,7 @@ GEM
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
     crass (1.0.4)
+    database_cleaner (1.7.0)
     diff-lcs (1.3)
     erubi (1.7.1)
     execjs (2.7.0)
@@ -75,7 +77,7 @@ GEM
     ffi (1.9.25)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
-    i18n (1.1.0)
+    i18n (1.1.1)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
@@ -89,7 +91,7 @@ GEM
     loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.0)
+    mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
@@ -101,7 +103,7 @@ GEM
     msgpack (1.2.4)
     multi_json (1.13.1)
     nio4r (2.3.1)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     pg (1.1.3)
     public_suffix (3.0.3)
@@ -122,6 +124,10 @@ GEM
       bundler (>= 1.3.0)
       railties (= 5.2.1)
       sprockets-rails (>= 2.0.0)
+    rails-controller-testing (1.0.2)
+      actionpack (~> 5.x, >= 5.0.1)
+      actionview (~> 5.x, >= 5.0.1)
+      activesupport (~> 5.x)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
@@ -137,15 +143,16 @@ GEM
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
+    regexp_parser (1.2.0)
     rspec-core (3.8.0)
       rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.1)
+    rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
     rspec-mocks (3.8.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-rails (3.8.0)
+    rspec-rails (3.8.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
@@ -166,13 +173,16 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
+    shoulda-matchers (4.0.0.rc1)
+      activesupport (>= 4.2.0)
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
+    strong_password (0.0.6)
     thor (0.20.0)
     thread_safe (0.3.6)
     tilt (2.0.8)
@@ -188,7 +198,7 @@ GEM
     websocket-driver (0.7.0)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.3)
-    xpath (3.1.0)
+    xpath (3.2.0)
       nokogiri (~> 1.8)
 
 PLATFORMS
@@ -200,15 +210,19 @@ DEPENDENCIES
   byebug
   capybara
   coffee-rails (~> 4.2)
+  database_cleaner
   faker
   jbuilder (~> 2.5)
   launchy
   listen (>= 3.0.5, < 3.2)
   pg (>= 0.18, < 2.0)
   puma (~> 3.11)
   rails (~> 5.2.0)
+  rails-controller-testing
   rspec-rails (~> 3.7)
   sass-rails (~> 5.0)
+  shoulda-matchers (= 4.0.0.rc1)
+  strong_password (~> 0.0.6)
   tzinfo-data
   uglifier (>= 1.3.0)
   web-console (>= 3.3.0)
@@ -217,4 +231,4 @@ RUBY VERSION
    ruby 2.3.1p112
 
 BUNDLED WITH
-   1.16.3
+   1.16.4

app/controllers/application_controller.rb

@@ -23,7 +23,7 @@ def root_path_if_not_logged_in
 
   def unauthorized_user(user)
     if !authorized_user(user)
-      flash[:warning] = 'This action is unauthorized.'
+      flash[:warning] = 'Action is unauthorized.'
       redirect_to root_path
     end
   end

app/controllers/groups_controller.rb

@@ -2,19 +2,16 @@ class GroupsController < ApplicationController
   before_action :set_group, only: [:show, :edit, :update, :destroy]
   before_action -> { unauthorized_user(@group.owner) }, only: [:update, :edit, :destroy]
 
-  def index
-    @groups = Group.all
-  end
-
   def new
     @group = Group.new
   end
 
   def create
     @group = Group.new(group_params)
-    @group.user_ids = current_user.id # Add user as a user
+    @group.user_ids << current_user.id # Add user as a user
     @group.owner_id = current_user.id # Add user as owner
     if authorized_user(@group.owner) && @group.save
+      current_user.groups << @group
       create_list
       flash[:notice] = 'Group created successfully.'
       redirect_to group_path(@group)
@@ -26,6 +23,9 @@ def create
 
   def show
     @user_wish_list = @group.user_wish_list(current_user)
+    if authorized_user(@group.owner)
+      @invitation = Invitation.new
+    end
   end
 
   def edit
@@ -36,13 +36,28 @@ def update
       flash[:notice] = "Group '#{@group.name}' updated!"
       redirect_to group_path(@group)
     else
-      flash[:warning] = 'An error occurred, please try again.'
+      flash[:warning] = 'Please enter valid information.'
       redirect_to edit_group_path(@group)
     end
   end
 
   def destroy
-    # Destroy not working. Delete lists associated with group first.
+    lists = List.where(group_id: @group.id)
+    if !lists.empty?
+      lists.each do |list|
+        items = Item.where(list_id: list.id)
+        items.each { |item| item.destroy }
+        list.destroy
+      end
+    end
+
+    invitations = Invitation.where(group_id: @group.id)
+    if !invitations.empty?
+      invitations.each do |invitation|
+        invitation.destroy
+      end
+    end
+
     @group.destroy
     flash[:notice] = "Group Deleted!"
     redirect_to dashboard_path
@@ -62,7 +77,7 @@ def set_group
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :owner_id)
+    params.require(:group).permit(:name, :description, :owner_id, :gift_due_date)
   end
 
   def belonging_user(user_list)

app/controllers/invitations_controller.rb

@@ -0,0 +1,96 @@
+class InvitationsController < ApplicationController
+  def create
+    @invitation = Invitation.new(invitation_params)
+    @invitation.sender_id = current_user.id
+    @invitation.receiver_id = params[:user_id]
+    @invitation.save
+    flash[:notice] = 'Invitation sent.'
+    redirect_to user_path(@invitation.receiver_id)
+  end
+
+  def accept
+    invitation = Invitation.find(params[:id])
+    user = invitation.receiver
+    if authorized_user(user)
+      @group = Group.find(invitation.group_id)
+      invitation.accepted = true
+      invitation.save
+      if !user.groups.include?(@group)
+        user.groups << @group
+        create_list
+        flash[:notice] = 'Invitation accepted.'
+        redirect_to dashboard_path
+      else
+        flash[:warning] = 'You already belongs to this group.'
+        redirect_to dashboard_path
+      end
+    else
+      flash[:warning] = 'Action is unauthorized.'
+      redirect_to root_path
+    end
+  end
+
+  def decline
+    invitation = Invitation.find(params[:id])
+    user = invitation.receiver
+    if authorized_user(user)
+      invitation.accepted = false
+      invitation.save
+      flash[:notice] = 'Invitation declined.'
+      redirect_to dashboard_path
+    else
+      flash[:warning] = 'Action is unauthorized.'
+      redirect_to root_path
+    end
+  end
+
+  def invite
+    # sent from the groups page, by the group owner
+    receiver = User.find_by(email: downcase_email_param)
+    group = Group.find(params[:group_id])
+    if receiver
+      no_pending_user_invitations = user_invitations('group_id = ? AND receiver_id = ? AND accepted IS NULL', group.id, receiver.id)
+      no_declined_user_invitations = user_invitations('group_id = ? AND receiver_id = ? AND accepted = false', group.id, receiver.id)
+      not_inviting_self = (group.owner_id != receiver.id)
+    end
+
+    if no_pending_user_invitations && no_declined_user_invitations && not_inviting_self
+      invitation = Invitation.new
+      invitation.group_id = group.id
+      invitation.receiver_id = receiver.id
+      invitation.sender_id = group.owner_id
+      invitation.comment = params[:invitation][:comment]
+      if invitation.save
+        flash[:notice] = 'Invitation sent.'
+      else
+        flash[:warning] = 'There was an error sending the invitation, please try again.'
+      end
+    else
+      flash[:notice] = "Invitation sent to user's email."
+      # Default failure behavior to not give away user's email
+      # Create a new user with this email address, eventually sending them an invitation email.
+    end
+    redirect_to group_path(group.id)
+  end
+
+  private
+
+  def user_invitations(accepted_string, group, user)
+    Invitation.joins(:group).where([accepted_string, group, user,]).empty?
+  end
+
+  def invitation_params
+    params.require(:invitation).permit(:comment, :group_id)
+  end
+
+  def create_list
+    list = List.new
+    list.user_id = current_user.id
+    list.group_id = @group.id
+    list.save
+  end
+
+  def downcase_email_param
+    params[:email].downcase
+  end
+end

app/controllers/items_controller.rb

@@ -15,7 +15,7 @@ def create
     if authorized_user(@user) && @item.save
       redirect_to group_list_path(@group, @list)
     else
-      flash[:warning] = 'Invalid entry.'
+      flash[:warning] = 'Please enter valid information.'
       render 'new'
     end
   end

app/controllers/sessions_controller.rb

@@ -5,7 +5,7 @@ def new
   end
 
   def create
-    user = User.find_by(email: params[:email])
+    user = User.find_by(email: downcase_email)
     if user && user.authenticate(params[:password])
       session[:user_id] = user.id
       redirect_to dashboard_path
@@ -20,4 +20,10 @@ def destroy
     flash[:notice] = "Log out successful."
     redirect_to root_path
   end
+
+  private
+
+  def downcase_email
+    params[:email].downcase
+  end
 end