Add default family selection for invite-only onboarding mode (#1174)

* Add default family selection for invite-only onboarding mode When onboarding is set to invite-only, admins can now choose a default family that new users without an invitation are automatically placed into as members, instead of creating a new family for each signup. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Restrict invite codes and onboarding settings to super_admin only The Invite Codes section on /settings/hosting was visible to any authenticated user via the show action, leaking all family names/IDs through the default-family dropdown. This tightens access: - Hide the entire Invite Codes section in the view behind super_admin? - Add before_action :ensure_super_admin to InviteCodesController for all actions (index, create, destroy), replacing the inline admin? check - Add ensure_super_admin_for_onboarding filter on hostings#update that blocks non-super_admin users from changing onboarding_state or invite_only_default_family_id https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Fix tests for super_admin-only invite codes and onboarding settings - Hostings controller test: sign in as sure_support_staff (super_admin) for the onboarding_state update test, since ensure_super_admin_for_onboarding now requires super_admin role - Invite codes tests: use super_admin fixture for the success case and verify that a regular admin gets redirected instead of raising StandardError https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Fix system test to use super_admin for self-hosting settings The invite codes section is now only visible to super_admin users, so the system test needs to sign in as sure_support_staff to find the onboarding_state select element. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx * Skip invite code requirement when a default family is configured When onboarding is invite-only but a default family is set, the claim_invite_code before_action was blocking registration before the create action could assign the user to the default family. Now invite_code_required? returns false when invite_only_default_family_id is present, allowing codeless signups to land in the configured default family. https://claude.ai/code/session_01U9KgikKjV6xbyBZ5wMYsYx --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-04-17 02:54:10 +00:00 · 2026-03-10 18:12:53 +01:00
parent 674799a6e0
commit 7ae9077935
11 changed files with 67 additions and 10 deletions
--- a/app/controllers/settings/hostings_controller.rb
+++ b/app/controllers/settings/hostings_controller.rb
@@ -4,6 +4,7 @@ class Settings::HostingsController < ApplicationController
  guard_feature unless: -> { self_hosted? }

  before_action :ensure_admin, only: [ :update, :clear_cache, :disconnect_external_assistant ]
+  before_action :ensure_super_admin_for_onboarding, only: :update

  def show
    @breadcrumbs = [
@@ -43,6 +44,11 @@ class Settings::HostingsController < ApplicationController
      Setting.require_email_confirmation = hosting_params[:require_email_confirmation]
    end

+    if hosting_params.key?(:invite_only_default_family_id)
+      value = hosting_params[:invite_only_default_family_id].presence
+      Setting.invite_only_default_family_id = value
+    end
+
    if hosting_params.key?(:brand_fetch_client_id)
      Setting.brand_fetch_client_id = hosting_params[:brand_fetch_client_id]
    end
@@ -160,7 +166,7 @@ class Settings::HostingsController < ApplicationController
  private
    def hosting_params
      return ActionController::Parameters.new unless params.key?(:setting)
-      params.require(:setting).permit(:onboarding_state, :require_email_confirmation, :brand_fetch_client_id, :brand_fetch_high_res_logos, :twelve_data_api_key, :openai_access_token, :openai_uri_base, :openai_model, :openai_json_mode, :exchange_rate_provider, :securities_provider, :syncs_include_pending, :auto_sync_enabled, :auto_sync_time, :external_assistant_url, :external_assistant_token, :external_assistant_agent_id)
+      params.require(:setting).permit(:onboarding_state, :require_email_confirmation, :invite_only_default_family_id, :brand_fetch_client_id, :brand_fetch_high_res_logos, :twelve_data_api_key, :openai_access_token, :openai_uri_base, :openai_model, :openai_json_mode, :exchange_rate_provider, :securities_provider, :syncs_include_pending, :auto_sync_enabled, :auto_sync_time, :external_assistant_url, :external_assistant_token, :external_assistant_agent_id)
    end

    def update_assistant_type
@@ -175,6 +181,12 @@ class Settings::HostingsController < ApplicationController
      redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.admin?
    end

+    def ensure_super_admin_for_onboarding
+      onboarding_params = %i[onboarding_state invite_only_default_family_id]
+      return unless onboarding_params.any? { |p| hosting_params.key?(p) }
+      redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.super_admin?
+    end
+
    def sync_auto_sync_scheduler!
      AutoSyncScheduler.sync!
    rescue StandardError => error