conference_registrations_controller.rb in decidim-conferences-0.26.4

- old
+ new

@@ -2,10 +2,12 @@
 
 module Decidim
   module Conferences
     # Exposes the registration resource so users can join and leave conferences.
     class ConferenceRegistrationsController < Decidim::Conferences::ApplicationController
+      before_action :ensure_signed_in
+
       def create
         enforce_permission_to :join, :conference, conference: conference
 
         JoinConference.call(conference, registration_type, current_user) do
           on(:ok) do
@@ -52,10 +54,24 @@
         end
       end
 
       private
 
+      def ensure_signed_in
+        return if user_signed_in?
+
+        case action_name
+        when "create"
+          flash[:alert] = t("conference_registrations.create.unauthorized", scope: "decidim.conferences")
+        when "decline_invitation"
+          flash[:alert] = t("conference_registrations.decline_invitation.unauthorized", scope: "decidim.conferences")
+        else
+          raise Decidim::ActionForbidden
+        end
+        redirect_to(user_has_no_permission_referer || user_has_no_permission_path)
+      end
+
       def conference
         @conference ||= Conference.find_by(slug: params[:conference_slug])
       end
 
       def registration_type
@@ -63,9 +79,10 @@
       end
 
       def redirect_after_path
         referer = request.headers["Referer"]
         return redirect_to(conference_path(conference)) if referer =~ /invitation_token/
+        return redirect_to(conference_path(conference)) if referer =~ %r{users/sign_in}
 
         redirect_back fallback_location: conference_path(conference)
       end
     end
   end