Skip to content

HOLD: Restrict ended events to registered users and grey out cards#1330

Open
maebeale wants to merge 5 commits intomainfrom
maebeale/ended-event-display
Open

HOLD: Restrict ended events to registered users and grey out cards#1330
maebeale wants to merge 5 commits intomainfrom
maebeale/ended-event-display

Conversation

@maebeale
Copy link
Collaborator

@maebeale maebeale commented Mar 3, 2026

What is the goal of this PR and why is this important?

  • Ended events were visible to all users on the events index, even if they never registered
  • Users should only see ended events if they had an active registration (registered, attended, incomplete_attendance)
  • Ended event cards should be visually distinct so users can tell at a glance

How did you approach the change?

Policy (EventPolicy):

  • show? now checks ended? — only admins and actively registered users can view ended events via direct URL
  • relation_scope for authenticated users uses a manual LEFT OUTER JOIN filtered to active registration statuses, with end_date >= now for upcoming events OR people.id = person_id for registered events
  • relation_scope for unauthenticated users adds end_date >= now filter to exclude all ended events

Card styling (_card.html.erb):

  • Uses class_names with conditional classes: ended events get bg-gray-100 border-gray-300 opacity-60, active events keep bg-white border-gray-200 hover:shadow-md

Tests:

  • Added :ended factory trait
  • Added 4 show? tests for ended events (admin, registered, unregistered, unauthenticated)
  • Updated relation_scope tests to verify end_date and active status filtering

UI Testing Checklist

  • Verify ended events only appear in index for users who registered
  • Verify ended event cards appear greyed out (opacity-60, bg-gray-100)
  • Verify non-ended events display normally (white bg, hover shadow)
  • Verify admins can still see all events including ended
  • Verify direct URL to ended event redirects unregistered users
  • Verify "Event ended" text still displays on cards and show page

Anything else to add?

  • The existing _registration_section.html.erb already showed "Event ended" text — no changes needed there
  • Cancelled/no-show registrations do not grant visibility to ended events (only active statuses)

🤖 Generated with Claude Code

maebeale and others added 2 commits March 4, 2026 08:43
@maebeale @claude
Restrict ended events to registered users and grey out cards
6d39fd2 
Ended events were visible to all users regardless of registration
status. Now only admins and actively registered users can see them
in the index and via direct URL. Ended event cards render with
reduced opacity and muted styling.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maebeale @claude
Fix CI: brakeman SQL injection warning and test failures
d8aeef8 
- Hardcode active status values in policy join to avoid brakeman
  string interpolation warning
- Register user for ended event in system spec so show? allows access
- Update timezone test dates from 2025 to 2031 (now past, causing
  ended event policy to block access)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maebeale maebeale force-pushed the maebeale/ended-event-display branch from 3f77f25 to d8aeef8 Compare March 4, 2026 13:46
maebeale and others added 3 commits March 4, 2026 08:53
@maebeale @claude
Improve ended event display for registered users
a21b58a 
- Card: show "Event ended" label alongside "View registration" button
  for registered users on ended events
- Registration section: restructure conditionals so ended events
  show "Event ended" above "View Registration" without also showing
  "Registration closed"
- Hide calendar links on ended events since the dates have passed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maebeale @claude
Add tests for ended event display and access control
f38780d 
System specs:
- Registered user sees both "Event ended" and "View Registration"
- Calendar links hidden on ended events
- Unregistered user blocked from ended event show page
- Admin can view ended events

Request specs:
- Admin can view ended event (200)
- Registered user can view ended event (200)
- Unregistered user redirected from ended event
- Unauthenticated user redirected to sign in

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maebeale @claude
Fix unauthenticated ended event test to expect root_path redirect
a587782 
ActionPolicy::Unauthorized rescues redirect to root_path, not sign_in,
since the event is publicly visible and guests can reach the controller.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maebeale maebeale changed the title Restrict ended events to registered users and grey out cards HOLD: Restrict ended events to registered users and grey out cards Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maebeale