Add default family selection for invite-only onboarding mode (#1174)

* Add default family selection for invite-only onboarding mode When onboarding is set to invite-only, admins can now choose a default family that new users without an invitation are automatically placed into as members, instead of creating a new family for each signup. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Restrict invite codes and onboarding settings to super_admin only The Invite Codes section on /settings/hosting was visible to any authenticated user via the show action, leaking all family names/IDs through the default-family dropdown. This tightens access: - Hide the entire Invite Codes section in the view behind super_admin? - Add before_action :ensure_super_admin to InviteCodesController for all actions (index, create, destroy), replacing the inline admin? check - Add ensure_super_admin_for_onboarding filter on hostings#update that blocks non-super_admin users from changing onboarding_state or invite_only_default_family_id https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Fix tests for super_admin-only invite codes and onboarding settings - Hostings controller test: sign in as sure_support_staff (super_admin) for the onboarding_state update test, since ensure_super_admin_for_onboarding now requires super_admin role - Invite codes tests: use super_admin fixture for the success case and verify that a regular admin gets redirected instead of raising StandardError https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Fix system test to use super_admin for self-hosting settings The invite codes section is now only visible to super_admin users, so the system test needs to sign in as sure_support_staff to find the onboarding_state select element. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Skip invite code requirement when a default family is configured When onboarding is invite-only but a default family is set, the claim_invite_code before_action was blocking registration before the create action could assign the user to the default family. Now invite_code_required? returns false when invite_only_default_family_id is present, allowing codeless signups to land in the configured default family. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-04-12 16:47:22 +00:00 · 2026-03-10 18:12:53 +01:00
parent 674799a6e0
commit 7ae9077935
11 changed files with 67 additions and 10 deletions
--- a/app/controllers/concerns/invitable.rb
+++ b/app/controllers/concerns/invitable.rb
@@ -9,7 +9,7 @@ module Invitable
    def invite_code_required?
      return false if @invitation.present?
      if self_hosted?
-        Setting.onboarding_state == "invite_only"
+        Setting.onboarding_state == "invite_only" && Setting.invite_only_default_family_id.blank?
      else
        ENV["REQUIRE_INVITE_CODE"] == "true"
      end
--- a/app/controllers/invite_codes_controller.rb
+++ b/app/controllers/invite_codes_controller.rb
@@ -1,12 +1,12 @@
 class InviteCodesController < ApplicationController
  before_action :ensure_self_hosted
+  before_action :ensure_super_admin

  def index
    @invite_codes = InviteCode.all
  end

  def create
-    raise StandardError, "You are not allowed to generate invite codes" unless Current.user.admin?
    InviteCode.generate!
    redirect_back_or_to invite_codes_path, notice: "Code generated"
  end
@@ -22,4 +22,8 @@ class InviteCodesController < ApplicationController
    def ensure_self_hosted
      redirect_to root_path unless self_hosted?
    end
+
+    def ensure_super_admin
+      redirect_to root_path, alert: t("settings.hostings.not_authorized") unless Current.user.super_admin?
+    end
 end
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -18,6 +18,11 @@ class RegistrationsController < ApplicationController
      @user.family = @invitation.family
      @user.role = @invitation.role
      @user.email = @invitation.email
+    elsif (default_family_id = Setting.invite_only_default_family_id).present? &&
+          Setting.onboarding_state == "invite_only" &&
+          (default_family = Family.find_by(id: default_family_id))
+      @user.family = default_family
+      @user.role = :member
    else
      family = Family.new
      @user.family = family
--- a/app/controllers/settings/hostings_controller.rb
+++ b/app/controllers/settings/hostings_controller.rb
@@ -4,6 +4,7 @@ class Settings::HostingsController < ApplicationController
  guard_feature unless: -> { self_hosted? }

  before_action :ensure_admin, only: [ :update, :clear_cache, :disconnect_external_assistant ]
+  before_action :ensure_super_admin_for_onboarding, only: :update

  def show
    @breadcrumbs = [
@@ -43,6 +44,11 @@ class Settings::HostingsController < ApplicationController
      Setting.require_email_confirmation = hosting_params[:require_email_confirmation]
    end

+    if hosting_params.key?(:invite_only_default_family_id)
+      value = hosting_params[:invite_only_default_family_id].presence
+      Setting.invite_only_default_family_id = value
+    end
+
    if hosting_params.key?(:brand_fetch_client_id)
      Setting.brand_fetch_client_id = hosting_params[:brand_fetch_client_id]
    end
@@ -160,7 +166,7 @@ class Settings::HostingsController < ApplicationController
  private
    def hosting_params
      return ActionController::Parameters.new unless params.key?(:setting)
-      params.require(:setting).permit(:onboarding_state, :require_email_confirmation, :brand_fetch_client_id, :brand_fetch_high_res_logos, :twelve_data_api_key, :openai_access_token, :openai_uri_base, :openai_model, :openai_json_mode, :exchange_rate_provider, :securities_provider, :syncs_include_pending, :auto_sync_enabled, :auto_sync_time, :external_assistant_url, :external_assistant_token, :external_assistant_agent_id)
+      params.require(:setting).permit(:onboarding_state, :require_email_confirmation, :invite_only_default_family_id, :brand_fetch_client_id, :brand_fetch_high_res_logos, :twelve_data_api_key, :openai_access_token, :openai_uri_base, :openai_model, :openai_json_mode, :exchange_rate_provider, :securities_provider, :syncs_include_pending, :auto_sync_enabled, :auto_sync_time, :external_assistant_url, :external_assistant_token, :external_assistant_agent_id)
    end

    def update_assistant_type
@@ -175,6 +181,12 @@ class Settings::HostingsController < ApplicationController
      redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.admin?
    end

+    def ensure_super_admin_for_onboarding
+      onboarding_params = %i[onboarding_state invite_only_default_family_id]
+      return unless onboarding_params.any? { |p| hosting_params.key?(p) }
+      redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.super_admin?
+    end
+
    def sync_auto_sync_scheduler!
      AutoSyncScheduler.sync!
    rescue StandardError => error
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -73,6 +73,7 @@ class Setting < RailsSettings::Base
  field :onboarding_state, type: :string, default: DEFAULT_ONBOARDING_STATE
  field :require_invite_for_signup, type: :boolean, default: false
  field :require_email_confirmation, type: :boolean, default: ENV.fetch("REQUIRE_EMAIL_CONFIRMATION", "true") == "true"
+  field :invite_only_default_family_id, type: :string, default: nil

  def self.validate_onboarding_state!(state)
    return if ONBOARDING_STATES.include?(state)
--- a/app/views/settings/hostings/_invite_code_settings.html.erb
+++ b/app/views/settings/hostings/_invite_code_settings.html.erb
@@ -40,6 +40,29 @@
  </div>

  <% if Setting.onboarding_state == "invite_only" %>
+    <div class="flex items-center justify-between">
+      <div class="space-y-1">
+        <p class="text-sm"><%= t(".default_family_title") %></p>
+        <p class="text-secondary text-sm"><%= t(".default_family_description") %></p>
+      </div>
+
+      <%= styled_form_with model: Setting.new,
+                           url: settings_hosting_path,
+                           method: :patch,
+                           data: { controller: "auto-submit-form", auto_submit_form_trigger_event_value: "change" } do |form| %>
+        <div class="form-field w-fit">
+          <%= form.select :invite_only_default_family_id,
+                          options_for_select(
+                            [ [ t(".default_family_none"), "" ] ] +
+                            Family.all.map { |f| [ f.name, f.id ] },
+                            Setting.invite_only_default_family_id
+                          ),
+                          { label: false },
+                          { data: { auto_submit_form_target: "auto" } } %>
+        </div>
+      <% end %>
+    </div>
+
    <div class="flex items-center justify-between mb-4">
      <div>
        <span class="text-primary text-base font-medium"><%= t(".generated_tokens") %></span>
--- a/app/views/settings/hostings/show.html.erb
+++ b/app/views/settings/hostings/show.html.erb
@@ -22,8 +22,10 @@
 <%= settings_section title: t(".sync_settings") do %>
  <%= render "settings/hostings/sync_settings" %>
 <% end %>
-<%= settings_section title: t(".invites") do %>
-  <%= render "settings/hostings/invite_code_settings" %>
+<% if Current.user.super_admin? %>
+  <%= settings_section title: t(".invites") do %>
+    <%= render "settings/hostings/invite_code_settings" %>
+  <% end %>
 <% end %>
 <%= settings_section title: t(".danger_zone") do %>
  <%= render "settings/hostings/danger_zone_settings" %>
--- a/config/locales/views/settings/hostings/en.yml
+++ b/config/locales/views/settings/hostings/en.yml
@@ -7,6 +7,9 @@ en:
        email_confirmation_description: When enabled, users must confirm their email
          address when changing it.
        email_confirmation_title: Require email confirmation
+        default_family_title: Default family for new users
+        default_family_description: "Put new users on this family/group only if they have no invitation."
+        default_family_none: None (create new family)
        generate_tokens: Generate new code
        generated_tokens: Generated codes
        title: Onboarding
--- a/test/controllers/invite_codes_controller_test.rb
+++ b/test/controllers/invite_codes_controller_test.rb
@@ -4,17 +4,21 @@ class InviteCodesControllerTest < ActionDispatch::IntegrationTest
  setup do
    Rails.application.config.app_mode.stubs(:self_hosted?).returns(true)
  end
-  test "admin can generate invite codes" do
-    sign_in users(:family_admin)
+  test "super admin can generate invite codes" do
+    sign_in users(:sure_support_staff)

    assert_difference("InviteCode.count") do
      post invite_codes_url, params: {}
    end
  end

-  test "non-admin cannot generate invite codes" do
-    sign_in users(:family_member)
+  test "non-super-admin cannot generate invite codes" do
+    sign_in users(:family_admin)

-    assert_raises(StandardError) { post invite_codes_url, params: {} }
+    assert_no_difference("InviteCode.count") do
+      post invite_codes_url, params: {}
+    end
+
+    assert_redirected_to root_path
  end
 end
--- a/test/controllers/settings/hostings_controller_test.rb
+++ b/test/controllers/settings/hostings_controller_test.rb
@@ -51,6 +51,8 @@ class Settings::HostingsControllerTest < ActionDispatch::IntegrationTest
  end

  test "can update onboarding state when self hosting is enabled" do
+    sign_in users(:sure_support_staff)
+
    with_self_hosting do
      patch settings_hosting_url, params: { setting: { onboarding_state: "invite_only" } }

--- a/test/system/settings_test.rb
+++ b/test/system/settings_test.rb
@@ -44,6 +44,7 @@ class SettingsTest < ApplicationSystemTestCase
  end

  test "can update self hosting settings" do
+    sign_in users(:sure_support_staff)
    Rails.application.config.app_mode.stubs(:self_hosted?).returns(true)
    Provider::Registry.stubs(:get_provider).with(:twelve_data).returns(nil)
    Provider::Registry.stubs(:get_provider).with(:yahoo_finance).returns(nil)