bullet_train 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bcd7fed56a4e0b49d9ca96b95e4a804f6d8d48ef0443f45a28e9a9f28b811549
+  data.tar.gz: 1bbc923e87403a718037831d9a7c6c7beeafb8192169b7897ce56ec0845c27dc
+SHA512:
+  metadata.gz: 53052501e61f60b496c5e82cd6f0c0cca4a1310a6093146c07f719556cd2005a260042de0dd05a289e0230e41e83d3b02195430134c1706d91a5c105bde35f09
+  data.tar.gz: 9b34d71773c57d358ca7322ecdaf9948a676a42eca564245dc891f9d4a9bc2f94b731350e59d5d952aeedf7b45521bf2a153159c6ced6ccad8d1c1aff18cb97f

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 Andrew Culver
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# BulletTrain
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "bullet_train"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install bullet_train
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/controllers/account/invitations_controller.rb

@@ -0,0 +1,146 @@
+class Account::InvitationsController < Account::ApplicationController
+  # the 'accept' action isn't covered by cancancan, because simply having the
+  # link is authorization enough to claim membership on a team. see `#accept`
+  # for more information.
+  account_load_and_authorize_resource :invitation, :team, except: [:show]
+
+  # we skip the onboarding requirement for users claiming and invitation.
+  # this way the invitation gets accepted after they complete the devise
+  # workflow, but before they're prompted to complete their onboarding.
+  skip_before_action :ensure_onboarding_is_complete_and_set_next_step, only: :accept
+  skip_before_action :authenticate_user!, only: :accept
+
+  # GET /invitations
+  # GET /invitations.json
+  def index
+    redirect_to [:account, @team, :memberships]
+  end
+
+  # GET /invitations/1
+  # GET /invitations/1.json
+  def show
+    # it's important that we only allow invitations to be shown via their uuid,
+    # otherwise team members can just step the id in the url to claim an
+    # invitation that would escalate their privileges.
+    @invitation = Invitation.find_by(uuid: params[:id])
+    unless @invitation
+      raise I18n.t("global.notifications.not_found")
+    end
+    @team = @invitation.team
+
+    # backfill these objects for the locale magic, since we didn't use `account_load_and_authorize_resource`.
+    @child_object = @invitation
+    @parent_object = @team
+
+    render layout: "devise"
+  end
+
+  # POST /invitations/1/accept
+  # POST /invitations/1/accept.json
+  def accept
+    # unless the user is signed in.
+    if !current_user.present?
+
+      # keep track of the uuid of the invitation so we can reload it
+      # after they sign up. at this point we don't even know if it's
+      # valid, but that's fine.
+      session[:invitation_uuid] = params[:id]
+
+      # also, we'll queue devise up to return to the invitation url after a sign in.
+      session["user_return_to"] = request.path
+
+      # assume the user needs to create an account.
+      # this is not the default for devise, but a sensible default here.
+      redirect_to new_user_registration_path
+
+    else
+
+      @invitation = Invitation.find_by(uuid: params[:id])
+
+      if @invitation
+        @team = @invitation.team
+        if @invitation.is_for?(current_user) || request.post?
+          @invitation.accept_for(current_user)
+          redirect_to account_dashboard_path, notice: I18n.t("invitations.notifications.welcome", team_name: @team.name)
+        else
+          redirect_to account_invitation_path(@invitation.uuid)
+        end
+      else
+        redirect_to account_dashboard_path
+      end
+
+    end
+  end
+
+  # GET /invitations/new
+  def new
+    @invitation.build_membership
+    @cancel_path = only_allow_path(params[:cancel_path])
+  end
+
+  # POST /invitations
+  # POST /invitations.json
+  def create
+    @invitation.membership.team = current_team
+    # this allows notifications to be sent to a user before they've accepted their invitation.
+    @invitation.membership.user_email = @invitation.email
+    @invitation.from_membership = current_membership
+    respond_to do |format|
+      if @invitation.save
+        format.html { redirect_to account_team_invitations_path(@team), notice: I18n.t("invitations.notifications.created") }
+        format.json { render :show, status: :created, location: [:account, @team, @invitation] }
+      else
+        format.html { render :new, status: :unprocessable_entity }
+        format.json { render json: @invitation.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /invitations/1
+  # DELETE /invitations/1.json
+  def destroy
+    @invitation.destroy
+    respond_to do |format|
+      format.html { redirect_to account_team_invitations_path(@team), notice: I18n.t("invitations.notifications.destroyed") }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+
+  def manageable_role_keys
+    helpers.current_membership.manageable_roles.map(&:key)
+  end
+
+  # NOTE this method is only designed to work in the context of creating a invitation.
+  # we don't provide any support for updating invitations.
+  def invitation_params
+    # we use strong params first.
+    strong_params = params.require(:invitation).permit(
+      :email,
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+      membership_attributes: [
+        :user_first_name,
+        :user_last_name,
+        role_ids: []
+      ],
+    )
+
+    # after that, we have to be more careful how we assign the roles.
+    # we can't let users assign roles to an invitation that they don't have permission
+    # to assign, but they do have permission to assign some to other team members.
+    if params[:invitation] && params[:invitation][:role_ids].present?
+
+      # ensure the list of role keys from the form only includes keys that they're allowed to assign.
+      assignable_role_keys_from_the_form = params[:invitation][:role_ids].map(&:to_i) & manageable_role_keys
+
+      strong_params[:role_ids] = assignable_role_keys_from_the_form
+
+    end
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+
+    strong_params
+  end
+end

data/app/controllers/account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments_controller.rb

@@ -0,0 +1,83 @@
+class Account::Memberships::Reassignments::ScaffoldingCompletelyConcreteTangibleThingsReassignmentsController < Account::ApplicationController
+  account_load_and_authorize_resource :scaffolding_completely_concrete_tangible_things_reassignment, through: :membership, through_association: :reassignments_scaffolding_completely_concrete_tangible_things_reassignments
+
+  # GET /account/memberships/:membership_id/reassignments/scaffolding_completely_concrete_tangible_things_reassignments
+  # GET /account/memberships/:membership_id/reassignments/scaffolding_completely_concrete_tangible_things_reassignments.json
+  def index
+    # if you only want these objects shown on their parent's show page, uncomment this:
+    redirect_to [:account, @membership]
+  end
+
+  # GET /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id
+  # GET /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id.json
+  def show
+  end
+
+  # GET /account/memberships/:membership_id/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/new
+  def new
+  end
+
+  # GET /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id/edit
+  def edit
+  end
+
+  # POST /account/memberships/:membership_id/reassignments/scaffolding_completely_concrete_tangible_things_reassignments
+  # POST /account/memberships/:membership_id/reassignments/scaffolding_completely_concrete_tangible_things_reassignments.json
+  def create
+    respond_to do |format|
+      if @scaffolding_completely_concrete_tangible_things_reassignment.save
+        format.html { redirect_to [:account, @membership, :reassignments_scaffolding_completely_concrete_tangible_things_reassignments], notice: I18n.t("memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments.notifications.created") }
+        format.json { render :show, status: :created, location: [:account, @scaffolding_completely_concrete_tangible_things_reassignment] }
+      else
+        format.html { render :new, status: :unprocessable_entity }
+        format.json { render json: @scaffolding_completely_concrete_tangible_things_reassignment.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PATCH/PUT /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id
+  # PATCH/PUT /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id.json
+  def update
+    respond_to do |format|
+      if @scaffolding_completely_concrete_tangible_things_reassignment.update(scaffolding_completely_concrete_tangible_things_reassignment_params)
+        format.html { redirect_to [:account, @scaffolding_completely_concrete_tangible_things_reassignment], notice: I18n.t("memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments.notifications.updated") }
+        format.json { render :show, status: :ok, location: [:account, @scaffolding_completely_concrete_tangible_things_reassignment] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @scaffolding_completely_concrete_tangible_things_reassignment.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id
+  # DELETE /account/memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments/:id.json
+  def destroy
+    @scaffolding_completely_concrete_tangible_things_reassignment.destroy
+    respond_to do |format|
+      format.html { redirect_to [:account, @membership, :reassignments_scaffolding_completely_concrete_tangible_things_reassignments], notice: I18n.t("memberships/reassignments/scaffolding_completely_concrete_tangible_things_reassignments.notifications.destroyed") }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def scaffolding_completely_concrete_tangible_things_reassignment_params
+    strong_params = params.require(:memberships_reassignments_scaffolding_completely_concrete_tangible_things_reassignment).permit(
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+      membership_ids: [],
+    )
+
+    strong_params[:membership_ids] = create_models_if_new(strong_params[:membership_ids]) do |email|
+      # stub out a new membership and invitation with no special permissions.
+      membership = current_team.memberships.create(user_email: email, added_by: current_membership)
+      current_team.invitations.create(email: email, from_membership: current_membership, membership: membership)
+      membership
+    end
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+
+    strong_params
+  end
+end

data/app/controllers/account/memberships_controller.rb

@@ -0,0 +1,132 @@
+class Account::MembershipsController < Account::ApplicationController
+  account_load_and_authorize_resource :membership, :team, member_actions: [:demote, :promote, :reinvite], collection_actions: [:search]
+
+  def index
+    unless @memberships.count > 0
+      redirect_to account_team_invitations_path(@team), notice: I18n.t("memberships.notifications.no_members")
+    end
+  end
+
+  def search
+    # TODO This is a particularly crazy example where we're doing the search logic ourselves in SQL.
+    # In the future, I could see us replacing this with a recommended example using Elasticsearch and the `searchkick` Ruby Gem.
+    limit = params[:limit] || 100
+    page = [params[:page].to_i, 1].max # Ensure we never have a negative or zero page value
+    search_term = "%#{params[:search]&.upcase}%"
+    offset = (page - 1) * limit
+    # Currently we're only searching on user.first_name, user.last_name, memberships.user_first_name and memberships.user_last_name. Should we also search on the email address?
+    # This query could use impromement.  Currently if you search for "Ad Pal" you wouldn't find a user "Adam Pallozzi"
+    query = "UPPER(first_name) LIKE :search_term OR UPPER(last_name) LIKE :search_term OR UPPER(user_first_name) LIKE :search_term OR UPPER(user_last_name) LIKE :search_term"
+    # We're using left outer join here because we may get memberships that don't belong to a membership yet
+    memberships = @team.memberships.accessible_by(current_ability, :show).left_outer_joins(:user).where(query, search_term: search_term)
+    total_results = memberships.size
+    # the Areal.sql(LOWER(COALESCE...)) part means that if the user record doesn't exist or if there are records that start with a lower case letter, we will still sort everything correctly using the user.first_name instead.
+    memberships_array = memberships.limit(limit).offset(offset).order(Arel.sql("LOWER(COALESCE(first_name, user_first_name) )")).map { |membership| {id: membership.id, text: membership.label_string.to_s} }
+    results = {results: memberships_array, pagination: {more: (total_results > page * limit)}}
+    render json: results.to_json
+  end
+
+  def show
+  end
+
+  def edit
+  end
+
+  # PATCH/PUT /account/memberships/:id
+  # PATCH/PUT /account/memberships/:id.json
+  def update
+    respond_to do |format|
+      if @membership.update(membership_params)
+        format.html { redirect_to [:account, @membership], notice: I18n.t("memberships.notifications.updated") }
+        format.json { render :show, status: :ok, location: [:account, @membership] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @membership.errors, status: :unprocessable_entity }
+      end
+    rescue RemovingLastTeamAdminException => _
+      format.html { redirect_to [:account, @team, :memberships], alert: I18n.t("memberships.notifications.cant_demote") }
+      format.json { render json: {exception: I18n.t("memberships.notifications.cant_demote")}, status: :unprocessable_entity }
+    end
+  end
+
+  def demote
+    @membership.roles.delete Role.admin
+    redirect_to account_team_memberships_path(@team)
+  rescue RemovingLastTeamAdminException => _
+    redirect_to account_team_memberships_path(@team), alert: I18n.t("memberships.notifications.cant_demote")
+  end
+
+  def promote
+    @membership.roles << Role.admin unless @membership.roles.include?(Role.admin)
+    redirect_to account_team_memberships_path(@team)
+  end
+
+  def destroy
+    # Instead of destroying the membership, we nullify the user_id and use the membership record as a 'Tombstone' for referencing past associations (eg message at-mentions and Scaffolding::CompletelyConcrete::TangibleThings::Assignment)
+
+    user_was = @membership.user
+    @membership.nullify_user
+
+    if user_was == current_user
+      # if a user removes themselves from a team, we'll have to send them to their dashboard.
+      redirect_to account_dashboard_path, notice: I18n.t("memberships.notifications.you_removed_yourself", team_name: @team.name)
+    else
+      redirect_to [:account, @team, :memberships], notice: I18n.t("memberships.notifications.destroyed")
+    end
+  rescue RemovingLastTeamAdminException
+    redirect_to account_team_memberships_path(@team), alert: I18n.t("memberships.notifications.cant_remove")
+  end
+
+  def reinvite
+    @invitation = Invitation.new(membership: @membership, team: @team, email: @membership.user_email, from_membership: current_membership)
+    if @invitation.save
+      redirect_to [:account, @team, :memberships], notice: I18n.t("account.memberships.notifications.reinvited")
+    else
+      redirect_to [:account, @team, :memberships], notice: "There was an error creating the invitation (#{@invitation.errors.full_messages.to_sentence})"
+    end
+  end
+
+  private
+
+  def manageable_role_keys
+    helpers.current_membership.manageable_roles.map(&:key)
+  end
+
+  # NOTE this method is only designed to work in the context of updating a membership.
+  # we don't provide any support for creating memberships other than by an invitation.
+  def membership_params
+    # we use strong params first.
+    strong_params = params.require(:membership).permit(
+      :user_first_name,
+      :user_last_name,
+      :user_profile_photo_id,
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+    )
+
+    # after that, we have to be more careful how we update the roles.
+    # we can't let users remove roles from a membership that they don't have permission
+    # to remove, but we want to allow them to add or remove other roles they do have
+    # permission to assign to other team members.
+    if params[:membership] && params[:membership][:role_ids].present?
+
+      # first, start with the list of role keys already assigned to this membership.
+      existing_role_keys = @membership.role_ids
+
+      # generate a list of role keys we can't allow the current user to remove from this membership.
+      existing_role_keys_that_are_unmanageable = existing_role_keys - manageable_role_keys
+
+      # now let's ensure the list of role keys from the form only includes keys that they're allowed to assign.
+      assignable_role_keys_from_the_form = params[:membership][:role_ids].map(&:to_s) & manageable_role_keys
+
+      # any role keys that are manageable by the current user have to then come from the form data,
+      # otherwise we can assume they were removed by being unchecked.
+      strong_params[:role_ids] = existing_role_keys_that_are_unmanageable + assignable_role_keys_from_the_form
+
+    end
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+
+    strong_params
+  end
+end

data/app/controllers/account/onboarding/user_details_controller.rb

@@ -0,0 +1,63 @@
+class Account::Onboarding::UserDetailsController < Account::ApplicationController
+  layout "devise"
+  load_and_authorize_resource class: "User"
+
+  # this is because cancancan doesn't let us set the instance variable name above.
+  before_action do
+    @user = @user_detail
+  end
+
+  # GET /users/1/edit
+  def edit
+    flash[:notice] = nil
+  end
+
+  # PATCH/PUT /users/1
+  # PATCH/PUT /users/1.json
+  def update
+    respond_to do |format|
+      if @user.update(user_params)
+        # if you update your own user account, devise will normally kick you out, so we do this instead.
+        bypass_sign_in current_user.reload
+
+        if @user.details_provided?
+          format.html { redirect_to account_team_path(@user.teams.first), notice: "" }
+        else
+          format.html {
+            flash[:error] = I18n.t("global.notifications.all_fields_required")
+            redirect_to edit_account_onboarding_user_detail_path(@user)
+          }
+        end
+
+        format.json { render :show, status: :ok, location: [:account, @user] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    permitted_attributes = [
+      :first_name,
+      :last_name,
+      :time_zone,
+      # 🚅 super scaffolding will insert new fields above this line.
+    ]
+
+    permitted_hash = {
+      # 🚅 super scaffolding will insert new arrays above this line.
+    }
+
+    if can? :edit, @user.current_team
+      permitted_hash[:current_team_attributes] = [:id, :name]
+    end
+
+    params.require(:user).permit(permitted_attributes, permitted_hash)
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+  end
+end

data/app/controllers/account/onboarding/user_email_controller.rb

@@ -0,0 +1,65 @@
+class Account::Onboarding::UserEmailController < Account::ApplicationController
+  layout "devise"
+  load_and_authorize_resource class: "User"
+
+  # this is because cancancan doesn't let us set the instance variable name above.
+  before_action do
+    @user = @user_email
+  end
+
+  # GET /users/1/edit
+  def edit
+    flash[:notice] = nil
+    if @user.email_is_oauth_placeholder?
+      @user.email = nil
+    end
+  end
+
+  # PATCH/PUT /users/1
+  # PATCH/PUT /users/1.json
+  def update
+    respond_to do |format|
+      if @user.update(user_params)
+        # if you update your own user account, devise will normally kick you out, so we do this instead.
+        bypass_sign_in current_user.reload
+
+        if !@user.email_is_oauth_placeholder?
+          @user.send_welcome_email
+          format.html { redirect_to account_team_path(@user.teams.first), notice: "" }
+        else
+          format.html {
+            flash[:error] = I18n.t("global.notifications.all_fields_required")
+            redirect_to edit_account_onboarding_user_detail_path(@user)
+          }
+        end
+
+        format.json { render :show, status: :ok, location: [:account, @user] }
+      else
+
+        # this is just checking whether the error on the email field is taking the email
+        # address is already taken.
+        @email_taken = begin
+          @user.errors.details[:email].select { |error| error[:error] == :taken }.any?
+        rescue
+          false
+        end
+
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    params.require(:user).permit(
+      :email,
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+    )
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+  end
+end

data/app/controllers/account/teams_controller.rb

@@ -0,0 +1,122 @@
+class Account::TeamsController < Account::ApplicationController
+  load_and_authorize_resource :team, class: "Team", prepend: true
+
+  prepend_before_action do
+    if params["action"] == "new"
+      current_user.current_team = nil
+    end
+  end
+
+  before_action :enforce_invitation_only, only: [:create]
+
+  before_action do
+    # for magic locales.
+    @child_object = @team
+  end
+
+  # GET /teams
+  # GET /teams.json
+  def index
+    # if a user doesn't have multiple teams, we try to simplify the team ui/ux
+    # as much as possible. links to this page should go to the current team
+    # dashboard. however, some other links to this page are actually in branch
+    # logic and will not display at all. instead, users will be linked to the
+    # "new team" page. (see the main account sidebar menu for an example of
+    # this.)
+    unless current_user.multiple_teams?
+      redirect_to account_team_path(current_team)
+    end
+  end
+
+  # POST /teams/1/switch
+  def switch_to
+    current_user.current_team = @team
+    current_user.save
+    redirect_to account_dashboard_path
+  end
+
+  # GET /teams/1
+  # GET /teams/1.json
+  def show
+    # I don't think this is the best place to close the loop on the onboarding process, but practically speaking it's
+    # the easiest place to implement this at the moment, because all the onboarding steps redirect here on success.
+    if session[:after_onboarding_url].present?
+      redirect_to session.delete(:after_onboarding_url)
+    end
+
+    current_user.current_team = @team
+    current_user.save
+  end
+
+  # GET /teams/new
+  def new
+    render :new, layout: "devise"
+  end
+
+  # GET /teams/1/edit
+  def edit
+  end
+
+  # POST /teams
+  # POST /teams.json
+  def create
+    @team = Team.new(team_params)
+
+    respond_to do |format|
+      if @team.save
+
+        # also make the creator of the team the default admin.
+        @team.memberships.create(user: current_user, roles: [Role.admin])
+
+        current_user.current_team = @team
+        current_user.former_user = false
+        current_user.save
+
+        format.html { redirect_to [:account, @team], notice: I18n.t("teams.notifications.created") }
+        format.json { render :show, status: :created, location: [:account, @team] }
+      else
+        format.html { render :new, layout: "devise" }
+        format.json { render json: @team.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PATCH/PUT /teams/1
+  # PATCH/PUT /teams/1.json
+  def update
+    respond_to do |format|
+      if @team.update(team_params)
+        format.html { redirect_to [:account, @team], notice: I18n.t("teams.notifications.updated") }
+        format.json { render :show, status: :ok, location: [:account, @team] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @team.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # # DELETE /teams/1
+  # # DELETE /teams/1.json
+  # def destroy
+  #   @team.destroy
+  #   respond_to do |format|
+  #     format.html { redirect_to account_teams_url, notice: 'Team was successfully destroyed.' }
+  #     format.json { head :no_content }
+  #   end
+  # end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def team_params
+    params.require(:team).permit(
+      :name,
+      :time_zone,
+      :locale,
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+    )
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+  end
+end