hackclub · manuthecoder · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025
@@ -36,6 +36,8 @@ class OrganizerPosition < ApplicationRecord
   belongs_to :user
   belongs_to :event
 
+  before_save :cancel_cards_if_demoted_to_reader
+
   has_one :organizer_position_invite, required: true
   has_many :organizer_position_deletion_requests
   has_many :tours, as: :tourable, dependent: :destroy
@@ -76,4 +78,20 @@ def self.role_at_least?(user, event, role)
 
   private
 
+  def cancel_cards_if_demoted_to_reader
+    return unless will_save_change_to_role?
+
+    old_role = role_before_last_save
+    new_role = self.role
+
+    return if old_role.nil?
+
+    if OrganizerPosition.roles[old_role] > OrganizerPosition.roles[new_role] &&
+       new_role == "reader"
+      stripe_cards.where(event: event).find_each do |card|
+        card.cancel! unless card.stripe_status == "canceled"
+      end
+    end
+  end
+
 end
@@ -2,7 +2,7 @@
 
 class OrganizerPositionPolicy < ApplicationPolicy
   def destroy?
-    admin_or_contract_signee?
+    admin_or_contract_signee? || record.user == user
   end
 
   def set_index?

@@ -86,7 +86,7 @@
         <% end %>
       </div>
 
-      <% if !@frame && defined?(show_tags) && show_tags && organizer_signed_in?(as: :member) && !pt.instance_of?(OpenStruct) %>
+      <% if !@frame && defined?(show_tags) && show_tags && TagPolicy.new(current_user, pt).update? && !pt.instance_of?(OpenStruct) %>
         <% if suggestion = pt.local_hcb_code.suggested_hcb_code_tag_suggestions.last %>
           <div class="list-badge add-tag-badge ml0 menu__toggle menu__toggle--arrowless b--ai suggested_tag tooltipped tooltippped--s" style="border: 1.5px dashed #a633d6" id="tag_suggestion_<%= suggestion.id %>" aria-label="Click to apply HCB's suggestion">
             <%= link_to "#{suggestion.tag.emoji} #{suggestion.tag.label}", tag_suggestion_accept_path(suggestion), style: "text-decoration: none", class: "ai", data: { turbo_method: :post } %>

@@ -84,7 +84,7 @@
         <% end %>
       </div>
 
-      <% if !@frame && defined?(show_tags) && show_tags && organizer_signed_in?(as: :member) && !ct.instance_of?(OpenStruct) %>
+      <% if !@frame && defined?(show_tags) && show_tags && TagPolicy.new(current_user, ct).update? && !ct.instance_of?(OpenStruct) %>
         <% if suggestion = ct.local_hcb_code.suggested_hcb_code_tag_suggestions.last %>
           <div class="list-badge add-tag-badge ml0 menu__toggle menu__toggle--arrowless b--ai suggested_tag tooltipped tooltippped--s" style="border: 1.5px dashed #a633d6" id="tag_suggestion_<%= suggestion.id %>" aria-label="Click to apply HCB's suggestion">
             <%= link_to "#{suggestion.tag.emoji} #{suggestion.tag.label}", tag_suggestion_accept_path(suggestion), style: "text-decoration: none", class: "ai", data: { turbo_method: :post } %>

@@ -4,9 +4,11 @@
 
 <h1 class="heading flex">
   <span class="flex-grow">Contractors</span>
-  <%= link_to "#", class: "btn bg-success", data: { behavior: "modal_trigger", modal: "invite" } do %>
-    <%= inline_icon "plus" %>
-    Invite a contractor
+  <% if EmployeePolicy.new(current_user, @event).new? %>
+    <%= link_to "#", class: "btn bg-success", data: { behavior: "modal_trigger", modal: "invite" } do %>
+      <%= inline_icon "plus" %>
+      Invite a contractor
+    <% end %>
   <% end %>
 </h1>
 

@@ -6,7 +6,7 @@
 </div>
 
 <%= content_for(:header) do %>
-  <% if organizer_signed_in? %>
+  <% if policy(@event).update? %>
     <div class="flex items-center m2 absolute z-10 top-0 left-0">
       <%= form_with model: @event, class: "embedded-display-none", data: { "controller" => "form" } do |form| %>
         <%= form.file_field :donation_header_image, required: true, class: "display-none", accept: "image/png,image/jpeg", data: { action: "change->form#submit" } %>

@@ -195,12 +195,12 @@
       disabled: !organizer_signed_in?,
       method: :post,
       data: { confirm: "Are you sure you want to void this invoice? Voided invoices can not be paid and this action cannot be undone." },
-      class: "btn bg-error mr1 right" if @invoice.open_v2? %>
+      class: "btn bg-error mr1 right" if @invoice.open_v2? && organizer_signed_in?(as: :member) %>
   <%= link_to (@invoice.archived? ? "Un-archive" : "Archive"),
     (@invoice.archived? ? invoice_unarchive_path(@invoice) : invoice_archive_path(@invoice)),
     disabled: !organizer_signed_in?,
     method: :post,
-    class: "btn bg-muted" unless @invoice.void_v2? %>
+    class: "btn bg-muted" unless @invoice.void_v2? || !organizer_signed_in?(as: :member) %>
   </section>
 </article>