Invitations, promotions, demotions

app/controllers/members_controller.rb

@@ -1,16 +1,16 @@
 class MembersController < ApplicationController
   include GroupsHelper
   before_action :set_group
-  before_action :set_member, only: [:show, :edit, :update, :destroy]
-  before_action :require_leader!
+  before_action :set_member, only: [:show, :edit, :update, :destroy, :promote, :demote]
+  before_action :require_leader!, except: [ :index ]
 
   # GET /members
   # GET /members.json
   def index
+    @admin = @group.is_leader?(current_person)
     @members = @group.members
       .joins(:person)
-      .order(is_leader: :desc)
-      .order('people.first_name ASC')
+      .order('members.is_leader DESC, people.first_name ASC')
   end
 
   # GET /members/1
@@ -24,6 +24,56 @@ class MembersController < ApplicationController
     @possible_members = Person.where.not(id: @group.person_ids)
   end
 
+  def invite
+    @person = Person.new
+  end
+
+  def promote
+    @member.update_attribute(:is_leader, true)
+    flash_message(:success, "#{@member.person.full_name} is now a group leader.")
+    redirect_to group_members_path(@group)
+  end
+
+  def demote
+    @member.update_attribute(:is_leader, false)
+    flash_message(:success, "#{@member.person.full_name} is no longer a group leader.")
+    redirect_to group_members_path(@group)
+  end
+
+  def process_invite
+    @person = Person.find_by(email: params[:person][:email])
+    if not @person
+      @person = Person.new(invite_params)
+
+
+      if not @person.save
+        respond_to do |format|
+          format.html { render 'invite' }
+          format.json { render json: @person.errors, status: :unprocessable_entity }
+        end
+        return
+      end
+    end
+
+    new_rec = @member.new_record?
+    @member = Member.new(person: @person, group: @group, is_leader: false)
+    @member.save!
+
+
+    respond_to do |format|
+      format.html do
+        invited = "invited to Aardbei and " if new_rec else ""
+        flash_message(
+          :success,
+          "#{@person.full_name} #{invited}added to group."
+        )
+        redirect_to group_members_path(@group)
+      end
+
+      format.json { render :show, status: :created, location: @person }
+    end
+  end
+
   # GET /members/1/edit
   def edit
     @possible_members = Person.where.not(id: @group.person_ids)
@@ -39,7 +89,7 @@ class MembersController < ApplicationController
       if @member.save
         format.html {
           redirect_to group_member_url(@group, @member)
-          flash_message(:info, 'Member was successfully created.')
+          flash_message(:info, "#{@member.full_name} was added successfully.")
         }
         format.json { render :show, status: :created, location: @member }
       else
@@ -75,7 +125,7 @@ class MembersController < ApplicationController
     respond_to do |format|
       format.html {
         redirect_to group_members_url(@group)
-        flash_message(:info, 'Member was successfully destroyed.')
+        flash_message(:info, "#{@member.person.full_name} was successfully removed.")
       }
       format.json { head :no_content }
     end
@@ -95,4 +145,11 @@ class MembersController < ApplicationController
     def member_params
       params.require(:member).permit(:person_id, :is_leader)
     end
+
+    # Never trust parameters from the scary internet, only allow the white list
+    # through.  Note: differs from the ones in PeopleController because
+    # creating admins is not allowed.
+    def invite_params
+      params.require(:person).permit(:first_name, :infix, :last_name, :email, :birth_date)
+    end
 end

app/models/group.rb

@@ -35,6 +35,6 @@ class Group < ApplicationRecord
       person: person,
       group: self,
       is_leader: true
-    )
+    ) || person.is_admin?
   end
 end

app/views/members/index.html.erb

@@ -1,10 +1,12 @@
-<h1>Members</h1>
+<h1>Members of <%= @group.name %></h1>
 
 <table class="table table-striped">
   <thead>
     <tr>
       <th>Name</th>
-      <th>Remove</th>
+      <% if @admin %>
+        <th colspan="2">Actions</th>
+      <% end %>
     </tr>
   </thead>
 
@@ -17,7 +19,23 @@
             (<i class="fa fa-angle-up"></i>)
           <% end %>
         </td>
-        <td><%= link_to 'Remove', group_member_path(@group, member), method: :delete, data: { confirm: 'Are you sure?' } %></td>
+
+        <% if @admin and current_person != member.person %>
+            <% if member.is_leader %>
+              <td>
+                <%= link_to 'Demote', demote_group_member_path(@group, member), method: :post, data: { confirm: 'Are you sure?' } %>
+              </td>
+            <% else %>
+              <td>
+                <%= link_to 'Promote', promote_group_member_path(@group, member), method: :post, data: { confirm: 'Are you sure?' } %>
+              </td>
+            <% end %>
+            <td>
+              <%= link_to 'Remove', group_member_path(@group, member), method: :delete, data: { confirm: 'Are you sure?' } %>
+            </td>
+          <% else %>
+            <td></td><td></td>
+        <% end %>
       </tr>
     <% end %>
   </tbody>
@@ -25,4 +43,5 @@
 
 <br>
 
-<%= link_to 'New Member', new_group_member_path(@group) %>
+<%= link_to 'New Member', new_group_member_path(@group) %> |
+<%= link_to 'Invite Member', group_invite_path(@group) %>

app/views/members/invite.html.haml

@@ -0,0 +1,5 @@
+%h1
+  Invite new person to Aardbei
+
+= render 'people/form', person: @person, no_admin: true, destination: 'invite'
+= link_to 'Back', group_members_path(@group)

app/views/people/_form.html.erb

@@ -1,4 +1,5 @@
-<%= form_for(person) do |f| %>
+<% destination = 'new' if not defined? destination %>
+<%= form_for(person, url: {action: destination}) do |f| %>
   <% if person.errors.any? %>
     <div id="error_explanation">
       <h2><%= pluralize(person.errors.count, "error") %> prohibited this person from being saved:</h2>
@@ -28,10 +29,12 @@
       <%= f.label :birth_date %>
       <%= f.date_field :birth_date, type: 'date', class: 'form-control' %>
     </div>
-    <div class="form-group">
-      <%= f.check_box :is_admin %>
-      <%= f.label :is_admin %>
-    </div>
+    <% if not defined? no_admin %>
+      <div class="form-group">
+        <%= f.check_box :is_admin %>
+        <%= f.label :is_admin %>
+      </div>
+    <% end %>
     <%= f.submit %>
   </div>
 <% end %>

config/routes.rb

@@ -24,7 +24,14 @@ Rails.application.routes.draw do
   resources :people
 
   resources :groups do
-    resources :members
+    get 'invite', to: 'members#invite'
+    post 'invite', to: 'members#process_invite'
+
+    resources :members do
+      post 'promote', to: 'members#promote', on: :member
+      post 'demote', to: 'members#demote', on: :member
+    end
+
     resources :activities do
       put 'presence', to: 'activities#presence', on: :member
       patch 'presence', to: 'activities#presence', on: :member