lesson(11.3): sending, accepting, and listing pending organizations

Author: tomgobich

app/actions/auth/http/web_login.ts

@@ -1,3 +1,4 @@
+import AcceptOrganizationInvite from '#actions/organizations/accept_organization_invite'
 import User from '#models/user'
 import { loginValidator } from '#validators/auth'
 import { inject } from '@adonisjs/core'
@@ -16,7 +17,22 @@ export default class WebLogin {
     const user = await User.verifyCredentials(data.email, data.password)
 
     await this.ctx.auth.use('web').login(user, data.remember)
+    await this.#checkForOrganizationInvite(user)
 
     return user
   }
+
+  async #checkForOrganizationInvite(user: User) {
+    const inviteId = this.ctx.session.get('invite_id')
+
+    if (!inviteId) return
+
+    const result = await AcceptOrganizationInvite.handle({
+      inviteId,
+      user,
+    })
+
+    this.ctx.session.forget('invite_id')
+    this.ctx.session.flash('success', result.message)
+  }
 }

app/actions/auth/http/web_register.ts

@@ -1,3 +1,4 @@
+import AcceptOrganizationInvite from '#actions/organizations/accept_organization_invite'
 import User from '#models/user'
 import { registerValidator } from '#validators/auth'
 import { inject } from '@adonisjs/core'
@@ -17,6 +18,24 @@ export default class WebRegister {
 
     await this.ctx.auth.use('web').login(user)
 
-    return { user }
+    const invite = await this.#checkForOrganizationInvite(user)
+
+    return { user, invite }
+  }
+
+  async #checkForOrganizationInvite(user: User) {
+    const inviteId = this.ctx.session.get('invite_id')
+
+    if (!inviteId) return
+
+    const result = await AcceptOrganizationInvite.handle({
+      inviteId,
+      user,
+    })
+
+    this.ctx.session.forget('invite_id')
+    this.ctx.session.flash('success', result.message)
+
+    return result.invite
   }
 }

app/actions/organizations/accept_organization_invite.ts

@@ -0,0 +1,45 @@
+import UnauthorizedException from '#exceptions/unauthorized_exception'
+import OrganizationInvite from '#models/organization_invite'
+import User from '#models/user'
+import db from '@adonisjs/lucid/services/db'
+import { DateTime } from 'luxon'
+
+type Params = {
+  inviteId: number
+  user: User
+}
+
+export default class AcceptOrganizationInvite {
+  static async handle({ inviteId, user }: Params) {
+    const invite = await OrganizationInvite.findOrFail(inviteId)
+
+    if (invite.email !== user.email) {
+      throw new UnauthorizedException('Your email does not match the invitation')
+    }
+
+    if (invite.acceptedAt || invite.canceledAt) {
+      throw new UnauthorizedException('This invitation is no longer valid')
+    }
+
+    await db.transaction(async (trx) => {
+      invite.useTransaction(trx)
+
+      const organization = await invite.related('organization').query().firstOrFail()
+
+      await organization.related('users').attach({
+        [user.id]: {
+          role_id: invite.roleId,
+        },
+      })
+
+      invite.acceptedAt = DateTime.now()
+
+      await invite.save()
+    })
+
+    return {
+      invite,
+      message: 'Invitation Accepted!',
+    }
+  }
+}

app/actions/organizations/get_organization_pending_invites.ts

@@ -0,0 +1,16 @@
+import Organization from '#models/organization'
+
+type Params = {
+  organization: Organization
+}
+
+export default class GetOrganizationPendingInvites {
+  static async handle({ organization }: Params) {
+    return organization
+      .related('invites')
+      .query()
+      .whereNull('acceptedAt')
+      .whereNull('canceledAt')
+      .orderBy('createdAt', 'desc')
+  }
+}

app/actions/organizations/send_organization_invite.ts

@@ -0,0 +1,37 @@
+import Organization from '#models/organization'
+import User from '#models/user'
+import env from '#start/env'
+import { organizationInviteValidator } from '#validators/organization'
+import router from '@adonisjs/core/services/router'
+import mail from '@adonisjs/mail/services/main'
+import { Infer } from '@vinejs/vine/types'
+
+type Params = {
+  organization: Organization
+  invitedByUserId: number
+  data: Infer<typeof organizationInviteValidator>
+}
+
+export default class SendOrganizationInvite {
+  static async handle({ organization, invitedByUserId, data }: Params) {
+    const invite = await organization.related('invites').create({
+      invitedByUserId,
+      ...data,
+    })
+
+    const invitedUser = await User.findBy('email', invite.email)
+
+    const inviteUrl = router
+      .builder()
+      .params({ id: invite.id })
+      .prefixUrl(env.get('APP_URL'))
+      .makeSigned('organizations.invites.accept')
+
+    await mail.sendLater((message) => {
+      message
+        .to(invite.email)
+        .subject(`You have been invited to join ${organization.name}`)
+        .htmlView('emails/organization_invite', { organization, invitedUser, inviteUrl })
+    })
+  }
+}

app/controllers/auth/register_controller.ts

@@ -13,10 +13,14 @@ export default class RegisterController {
     const data = await request.validateUsing(registerValidator)
 
     // register the user
-    await webRegister.handle({ data })
+    const { invite } = await webRegister.handle({ data })
 
     session.flash('success', 'Welcome to PlotMyCourse')
 
+    if (invite) {
+      return response.redirect().toRoute('courses.index')
+    }
+
     return response.redirect().toRoute('organizations.create')
   }
 }

app/controllers/organizations_controller.ts

@@ -1,7 +1,10 @@
+import AcceptOrganizationInvite from '#actions/organizations/accept_organization_invite'
 import DestroyOrganization from '#actions/organizations/destroy_organization'
 import SetActiveOrganization from '#actions/organizations/http/set_active_organization'
 import StoreOrganization from '#actions/organizations/store_organization'
 import UpdateOrganization from '#actions/organizations/update_organization'
+import OrganizationInvite from '#models/organization_invite'
+import User from '#models/user'
 import { organizationValidator } from '#validators/organization'
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
@@ -55,6 +58,37 @@ export default class OrganizationsController {
     return response.redirect().back()
   }
 
+  async acceptInvite({ request, response, auth, params, session }: HttpContext) {
+    await auth.use('web').check()
+
+    if (!request.hasValidSignature()) {
+      session.flash('errorBag', 'An invalid invitation URL was provided')
+      return auth.user
+        ? response.redirect().toRoute('courses.index')
+        : response.redirect().toRoute('login.show')
+    }
+
+    if (!auth.use('web').user) {
+      const invite = await OrganizationInvite.findOrFail(params.id)
+      const isUser = await User.query().where('email', invite.email).first()
+
+      session.put('invite_id', invite.id)
+
+      return isUser
+        ? response.redirect().toRoute('login.show')
+        : response.redirect().toRoute('register.show')
+    }
+
+    const result = await AcceptOrganizationInvite.handle({
+      inviteId: params.id,
+      user: auth.use('web').user!,
+    })
+
+    session.flash('success', result.message)
+
+    return response.redirect().toRoute('courses.index')
+  }
+
   /**
    * Delete record
    */

app/controllers/settings/organizations_controller.ts

@@ -1,7 +1,12 @@
+import GetOrganizationPendingInvites from '#actions/organizations/get_organization_pending_invites'
 import GetOrganizationUsers from '#actions/organizations/get_organization_users'
+import SendOrganizationInvite from '#actions/organizations/send_organization_invite'
+import OrganizationInviteDto from '#dtos/organization_invite'
 import RoleDto from '#dtos/role'
 import UserDto from '#dtos/user'
 import Role from '#models/role'
+import { withOrganizationMetaData } from '#validators/helpers/organizations'
+import { organizationInviteValidator } from '#validators/organization'
 import type { HttpContext } from '@adonisjs/core/http'
 
 export default class OrganizationsController {
@@ -11,14 +16,33 @@ export default class OrganizationsController {
         const users = await GetOrganizationUsers.handle({ organization })
         return UserDto.fromArray(users)
       },
+      invites: async () => {
+        const pendingInvites = await GetOrganizationPendingInvites.handle({ organization })
+        return OrganizationInviteDto.fromArray(pendingInvites)
+      },
       roles: async () => {
         const roles = await Role.query().orderBy('name')
         return RoleDto.fromArray(roles)
       },
     })
   }
 
-  async inviteUser({}: HttpContext) {}
+  async inviteUser({ request, response, organization, session, auth }: HttpContext) {
+    const data = await request.validateUsing(
+      organizationInviteValidator,
+      withOrganizationMetaData(organization.id)
+    )
+
+    await SendOrganizationInvite.handle({
+      organization,
+      invitedByUserId: auth.use('web').user!.id,
+      data,
+    })
+
+    session.flash('success', 'Invitation has been sent')
+
+    return response.redirect().back()
+  }
 
   async cancelInvite({}: HttpContext) {}
 

app/exceptions/unauthorized_exception.ts

@@ -0,0 +1,6 @@
+import { Exception } from '@adonisjs/core/exceptions'
+
+export default class UnauthorizedException extends Exception {
+  static status = 403
+  static code = 'E_UNAUTHORIZED'
+}

app/validators/auth.ts

@@ -7,16 +7,12 @@ export const loginValidator = vine.compile(
     remember: vine.boolean().optional(),
   })
 )
+export const emailRule = vine.string().maxLength(254).email().normalizeEmail()
 
-export const newEmailRule = vine
-  .string()
-  .maxLength(254)
-  .email()
-  .normalizeEmail()
-  .unique(async (db, value) => {
-    const exists = await db.from('users').where('email', value).select('id').first()
-    return !exists
-  })
+export const newEmailRule = emailRule.clone().unique(async (db, value) => {
+  const exists = await db.from('users').where('email', value).select('id').first()
+  return !exists
+})
 
 export const registerValidator = vine.compile(
   vine.object({

app/validators/organization.ts

@@ -1,7 +1,42 @@
 import vine from '@vinejs/vine'
+import { OrganizationMetaData } from './helpers/organizations.js'
+import { emailRule } from './auth.js'
 
 export const organizationValidator = vine.compile(
   vine.object({
     name: vine.string().maxLength(100),
   })
 )
+
+export const organizationInviteValidator = vine.withMetaData<OrganizationMetaData>().compile(
+  vine.object({
+    email: emailRule.clone().unique(async (db, value, field) => {
+      // 1. make sure there isn't already a pending invite
+      const inviteMatch = await db
+        .from('organization_invites')
+        .where('organization_id', field.meta.organizationId)
+        .where('email', value)
+        .whereNull('accepted_at')
+        .whereNull('canceled_at')
+        .select('id')
+        .first()
+
+      if (inviteMatch) return false
+
+      // 2. make sure the user isn't already an organization member
+      const orgMatch = await db
+        .from('organization_users')
+        .join('users', 'organization_users.user_id', 'users.id')
+        .where('organization_users.organization_id', field.meta.organizationId)
+        .where('users.email', value)
+        .select('users.id')
+        .first()
+
+      return !orgMatch
+    }),
+    roleId: vine.number().exists(async (db, value) => {
+      const match = await db.from('roles').where('id', value).select('id').first()
+      return !!match
+    }),
+  })
+)

components.d.ts

@@ -63,6 +63,8 @@ declare module 'vue' {
     Navigation: typeof import('./inertia/components/Navigation.vue')['default']
     OrganizationEditCard: typeof import('./inertia/components/OrganizationEditCard.vue')['default']
     OrganizationSelect: typeof import('./inertia/components/OrganizationSelect.vue')['default']
+    OrganizationuserInvitesCard: typeof import('./inertia/components/OrganizationuserInvitesCard.vue')['default']
+    OrganizationUserInvitesCard: typeof import('./inertia/components/OrganizationUserInvitesCard.vue')['default']
     OrganizationUsersCard: typeof import('./inertia/components/OrganizationUsersCard.vue')['default']
     Select: typeof import('./inertia/components/ui/select/Select.vue')['default']
     SelectContent: typeof import('./inertia/components/ui/select/SelectContent.vue')['default']