organizations 0.1.0

data/app/controllers/organizations/organizations_controller.rb

@@ -0,0 +1,179 @@
+# frozen_string_literal: true
+
+module Organizations
+  # Controller for managing organizations.
+  # Provides CRUD operations for organizations the user owns/manages.
+  #
+  class OrganizationsController < ApplicationController
+    before_action :set_organization, only: [:show, :edit, :update, :destroy]
+    before_action :authorize_manage_settings!, only: [:edit, :update]
+    before_action :authorize_delete_organization!, only: [:destroy]
+
+    # GET /organizations
+    # List all organizations the user belongs to
+    def index
+      # Optimized query: preload memberships and use counter cache or subquery for counts
+      @memberships = current_user.memberships.includes(:organization)
+
+      respond_to do |format|
+        format.html { @organizations = @memberships.map(&:organization) }
+        format.json { render json: organizations_json_optimized(@memberships) }
+      end
+    end
+
+    # GET /organizations/:id
+    # Show organization details
+    def show
+      respond_to do |format|
+        format.html
+        format.json { render json: organization_json(@organization) }
+      end
+    end
+
+    # GET /organizations/new
+    # Form to create a new organization
+    def new
+      @organization = Organization.new
+    end
+
+    # POST /organizations
+    # Create a new organization
+    def create
+      begin
+        @organization = current_user.create_organization!(organization_params[:name])
+
+        # Switch to the new organization
+        switch_to_organization!(@organization)
+
+        respond_to do |format|
+          format.html { redirect_to organization_path(@organization), notice: "Organization created successfully." }
+          format.json { render json: organization_json(@organization), status: :created }
+        end
+      rescue Organizations::Models::Concerns::HasOrganizations::OrganizationLimitReached => e
+        respond_to do |format|
+          format.html do
+            @organization = Organization.new(organization_params)
+            flash.now[:alert] = e.message
+            render :new, status: :unprocessable_entity
+          end
+          format.json { render json: { error: e.message }, status: :unprocessable_entity }
+        end
+      rescue ActiveRecord::RecordInvalid => e
+        respond_to do |format|
+          format.html do
+            @organization = Organization.new(organization_params)
+            flash.now[:alert] = e.record.errors.full_messages.join(", ")
+            render :new, status: :unprocessable_entity
+          end
+          format.json { render json: { errors: e.record.errors }, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # GET /organizations/:id/edit
+    # Form to edit organization
+    def edit
+    end
+
+    # PATCH/PUT /organizations/:id
+    # Update organization
+    def update
+      if @organization.update(organization_params)
+        respond_to do |format|
+          format.html { redirect_to organization_path(@organization), notice: "Organization updated successfully." }
+          format.json { render json: organization_json(@organization) }
+        end
+      else
+        respond_to do |format|
+          format.html { render :edit, status: :unprocessable_entity }
+          format.json { render json: { errors: @organization.errors }, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /organizations/:id
+    # Delete organization (owner only)
+    def destroy
+      @organization.destroy!
+
+      # Clear session if this was the current organization
+      clear_organization_session! if current_organization&.id == @organization.id
+
+      respond_to do |format|
+        format.html { redirect_to organizations_path, notice: "Organization deleted successfully." }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+
+    def set_organization
+      @organization = current_user.organizations.find(params[:id])
+    rescue ActiveRecord::RecordNotFound
+      respond_to do |format|
+        format.html { redirect_to organizations_path, alert: "Organization not found." }
+        format.json { render json: { error: "Organization not found" }, status: :not_found }
+      end
+    end
+
+    def organization_params
+      params.require(:organization).permit(:name)
+    end
+
+    def authorize_manage_settings!
+      role = current_user.role_in(@organization)
+      return if role && Roles.has_permission?(role, :manage_settings)
+
+      handle_unauthorized(permission: :manage_settings)
+    end
+
+    def authorize_delete_organization!
+      role = current_user.role_in(@organization)
+      return if role && Roles.has_permission?(role, :delete_organization)
+
+      handle_unauthorized(permission: :delete_organization)
+    end
+
+    # JSON serialization helpers
+
+    # Optimized: uses preloaded memberships to avoid N+1
+    def organizations_json_optimized(memberships)
+      # Batch load member counts for all orgs in one query
+      org_ids = memberships.map { |m| m.organization_id }
+      counts = Organization.where(id: org_ids)
+                           .joins(:memberships)
+                           .group(:id)
+                           .count("memberships.id")
+
+      memberships.map do |membership|
+        org = membership.organization
+        {
+          id: org.id,
+          name: org.name,
+          slug: org.slug,
+          member_count: counts[org.id] || 0,
+          role: membership.role,
+          created_at: org.created_at,
+          updated_at: org.updated_at
+        }
+      end
+    end
+
+    def organizations_json(organizations)
+      organizations.map { |org| organization_json(org) }
+    end
+
+    def organization_json(org)
+      membership = current_user.memberships.find_by(organization_id: org.id)
+      {
+        id: org.id,
+        name: org.name,
+        slug: org.slug,
+        member_count: org.member_count,
+        role: membership&.role,
+        created_at: org.created_at,
+        updated_at: org.updated_at
+      }
+    end
+  end
+end

data/app/controllers/organizations/switch_controller.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Organizations
+  # Controller for switching between organizations.
+  # Handles the POST /organizations/switch/:id route.
+  #
+  # @example Using the switch route
+  #   POST /organizations/switch/123
+  #   # Redirects to root_path with new current_organization set
+  #
+  class SwitchController < ApplicationController
+    # Switch to a different organization
+    # POST /organizations/switch/:id
+    def create
+      org = current_user.organizations.find_by(id: params[:id])
+
+      if org
+        switch_to_organization!(org)
+
+        respond_to do |format|
+          format.html { redirect_to after_switch_path, notice: "Switched to #{org.name}" }
+          format.json { render json: { organization: { id: org.id, name: org.name, slug: org.slug } } }
+        end
+      else
+        respond_to do |format|
+          format.html { redirect_back fallback_location: main_app.root_path, alert: "Organization not found or you're not a member" }
+          format.json { render json: { error: "Organization not found" }, status: :not_found }
+        end
+      end
+    end
+
+    private
+
+    def after_switch_path
+      main_app.respond_to?(:root_path) ? main_app.root_path : "/"
+    end
+  end
+end

data/app/mailers/organizations/invitation_mailer.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module Organizations
+  # Mailer for sending organization invitation emails.
+  # Can be customized via Organizations.configuration.invitation_mailer
+  #
+  # If the goodmail gem is installed, it will automatically use goodmail
+  # for beautiful transactional emails.
+  #
+  # @example Sending an invitation email
+  #   InvitationMailer.invitation_email(invitation).deliver_later
+  #
+  class InvitationMailer < ActionMailer::Base
+    default from: -> { default_from_address }
+
+    # Invitation email
+    # @param invitation [Organizations::Invitation] The invitation to send
+    # @return [Mail::Message]
+    def invitation_email(invitation)
+      @invitation = invitation
+      @organization = invitation.organization
+      @inviter = invitation.invited_by
+      @accept_url = invitation_accept_url(invitation)
+
+      mail(
+        to: invitation.email,
+        subject: "#{inviter_name} invited you to join #{@organization.name}"
+      )
+    end
+
+    private
+
+    def inviter_name
+      return "The team" unless @inviter
+
+      if @inviter.respond_to?(:name) && @inviter.name.present?
+        @inviter.name
+      else
+        @inviter.email
+      end
+    end
+
+    def invitation_accept_url(invitation)
+      if defined?(Rails) && Rails.application&.routes
+        # Try to use the engine routes
+        begin
+          Organizations::Engine.routes.url_helpers.invitation_url(
+            invitation.token,
+            host: default_host
+          )
+        rescue StandardError
+          # Fallback to basic URL construction
+          "#{default_host}/invitations/#{invitation.token}"
+        end
+      else
+        "/invitations/#{invitation.token}"
+      end
+    end
+
+    def default_from_address
+      if defined?(Rails) && Rails.application&.config&.action_mailer&.default_options
+        Rails.application.config.action_mailer.default_options[:from] || "noreply@example.com"
+      else
+        "noreply@example.com"
+      end
+    end
+
+    def default_host
+      if defined?(Rails) && Rails.application&.config&.action_mailer&.default_url_options
+        options = Rails.application.config.action_mailer.default_url_options
+        protocol = options[:protocol] || "https"
+        host = options[:host] || "localhost"
+        port = options[:port]
+
+        if port && port != 80 && port != 443
+          "#{protocol}://#{host}:#{port}"
+        else
+          "#{protocol}://#{host}"
+        end
+      else
+        "http://localhost:3000"
+      end
+    end
+  end
+end

data/app/views/organizations/invitation_mailer/invitation_email.html.erb

@@ -0,0 +1,98 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>You're invited to join <%= @organization.name %></title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+      line-height: 1.6;
+      color: #333;
+      max-width: 600px;
+      margin: 0 auto;
+      padding: 20px;
+    }
+    .header {
+      text-align: center;
+      padding: 20px 0;
+      border-bottom: 1px solid #eee;
+    }
+    .content {
+      padding: 30px 0;
+    }
+    .button {
+      display: inline-block;
+      background-color: #4F46E5;
+      color: #ffffff !important;
+      text-decoration: none;
+      padding: 12px 24px;
+      border-radius: 6px;
+      font-weight: 600;
+      margin: 20px 0;
+    }
+    .button:hover {
+      background-color: #4338CA;
+    }
+    .footer {
+      padding-top: 20px;
+      border-top: 1px solid #eee;
+      font-size: 14px;
+      color: #666;
+    }
+    .role-badge {
+      display: inline-block;
+      background-color: #E0E7FF;
+      color: #4338CA;
+      padding: 4px 12px;
+      border-radius: 12px;
+      font-size: 14px;
+      font-weight: 500;
+    }
+  </style>
+</head>
+<body>
+  <div class="header">
+    <h1>You're invited!</h1>
+  </div>
+
+  <div class="content">
+    <p>Hi there,</p>
+
+    <p>
+      <% if @inviter %>
+        <strong><%= @inviter.respond_to?(:name) && @inviter.name.present? ? @inviter.name : @inviter.email %></strong>
+        has invited you to join <strong><%= @organization.name %></strong>.
+      <% else %>
+        You've been invited to join <strong><%= @organization.name %></strong>.
+      <% end %>
+    </p>
+
+    <p>
+      You'll be joining as:
+      <span class="role-badge"><%= @invitation.role.to_s.capitalize %></span>
+    </p>
+
+    <p style="text-align: center;">
+      <a href="<%= @accept_url %>" class="button">Accept Invitation</a>
+    </p>
+
+    <p>
+      Or copy and paste this link into your browser:<br>
+      <a href="<%= @accept_url %>"><%= @accept_url %></a>
+    </p>
+
+    <% if @invitation.expires_at %>
+    <p style="color: #666; font-size: 14px;">
+      This invitation will expire on <%= @invitation.expires_at.strftime("%B %d, %Y at %I:%M %p %Z") %>.
+    </p>
+    <% end %>
+  </div>
+
+  <div class="footer">
+    <p>
+      If you weren't expecting this invitation, you can safely ignore this email.
+    </p>
+  </div>
+</body>
+</html>

data/app/views/organizations/invitation_mailer/invitation_email.text.erb

@@ -0,0 +1,18 @@
+You're invited to join <%= @organization.name %>!
+
+Hi there,
+
+<% if @inviter %><%= @inviter.respond_to?(:name) && @inviter.name.present? ? @inviter.name : @inviter.email %> has invited you to join <%= @organization.name %>.<% else %>You've been invited to join <%= @organization.name %>.<% end %>
+
+You'll be joining as: <%= @invitation.role.to_s.capitalize %>
+
+Accept your invitation here:
+<%= @accept_url %>
+
+<% if @invitation.expires_at %>
+This invitation will expire on <%= @invitation.expires_at.strftime("%B %d, %Y at %I:%M %p %Z") %>.
+<% end %>
+
+---
+
+If you weren't expecting this invitation, you can safely ignore this email.

data/config/routes.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+Organizations::Engine.routes.draw do
+  # Organization switching
+  # POST /organizations/switch/:id
+  post "organizations/switch/:id", to: "switch#create", as: :switch_organization
+
+  # Organization management
+  # All operations are scoped to current_organization (from session)
+  resources :organizations, only: [:index, :show, :new, :create, :edit, :update, :destroy]
+
+  # Membership management (scoped to current_organization)
+  # These are flat routes - the organization is determined by session, not URL
+  resources :memberships, only: [:index, :update, :destroy] do
+    member do
+      post :transfer_ownership
+    end
+  end
+
+  # Invitation management (scoped to current_organization)
+  # These are flat routes - the organization is determined by session, not URL
+  # NOTE: Must come BEFORE token-based routes so /invitations/new doesn't match /:token
+  resources :invitations, only: [:index, :new, :create, :destroy], as: :organization_invitations do
+    member do
+      post :resend
+    end
+  end
+
+  # Invitation acceptance (public routes with token)
+  # GET  /invitations/:token        → View invitation details
+  # POST /invitations/:token/accept → Accept the invitation
+  # NOTE: These must come AFTER resourceful routes to avoid matching "new" as a token
+  get "invitations/:token", to: "invitations#show", as: :invitation
+  post "invitations/:token/accept", to: "invitations#accept", as: :accept_invitation
+end

data/examples/demo_insert_race_condition.rb

@@ -0,0 +1,212 @@
+# frozen_string_literal: true
+
+# Demo: Verify INSERT-time race condition handling works for Organizations
+#
+# This simulates the exact race condition that Codex identified:
+# 1. Two processes try to create orgs with same name simultaneously
+# 2. Both compute slug "acme-corp" in before_validation
+# 3. First INSERT succeeds
+# 4. Second INSERT fails with RecordNotUnique
+# 5. around_create retries with recomputed slug
+#
+# Run: bundle exec ruby test/demo_insert_race_condition.rb
+
+require "bundler/setup"
+require "active_record"
+require "sqlite3"
+
+$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
+require "organizations"
+
+puts "=" * 70
+puts "INSERT-TIME RACE CONDITION DEMO"
+puts "=" * 70
+puts
+
+# Setup
+ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
+ActiveRecord::Base.logger = Logger.new(nil)
+
+ActiveRecord::Schema.define do
+  create_table :users, force: :cascade do |t|
+    t.string :email, null: false
+    t.timestamps
+  end
+
+  create_table :organizations, force: :cascade do |t|
+    t.string :name, null: false
+    t.string :slug, null: false  # NOT NULL - key for this test
+    t.timestamps
+  end
+  add_index :organizations, :slug, unique: true
+
+  create_table :memberships, force: :cascade do |t|
+    t.references :user, null: false
+    t.references :organization, null: false
+    t.string :role, null: false, default: "member"
+    t.timestamps
+  end
+
+  create_table :organization_invitations, force: :cascade do |t|
+    t.references :organization, null: false
+    t.string :email, null: false
+    t.string :token, null: false
+    t.string :role, null: false, default: "member"
+    t.datetime :accepted_at
+    t.datetime :expires_at
+    t.timestamps
+  end
+end
+
+class User < ActiveRecord::Base
+  extend Organizations::Models::Concerns::HasOrganizations::ClassMethods
+  has_organizations
+end
+
+# ============================================================================
+# Test 1: Verify around_create hook is available
+# ============================================================================
+puts "TEST 1: Verify around_create hook exists"
+puts "-" * 40
+
+org = Organizations::Organization.new(name: "Test")
+has_hook = org.respond_to?(:retry_create_on_slug_unique_violation, true)
+puts "Has retry_create_on_slug_unique_violation: #{has_hook ? '✅ YES' : '❌ NO'}"
+puts
+
+# ============================================================================
+# Test 2: Simulate race condition with injected conflicting INSERT
+# ============================================================================
+puts "TEST 2: Simulate INSERT-time race condition"
+puts "-" * 40
+
+# Create a subclass that injects a conflicting row on first INSERT attempt
+class RaceSimulationOrg < Organizations::Organization
+  self.table_name = "organizations"
+
+  class_attribute :insert_attempts, default: 0
+  class_attribute :collision_injected, default: false
+
+  before_create :inject_collision_once
+
+  private
+
+  def inject_collision_once
+    self.class.insert_attempts += 1
+    puts "  [DEBUG] INSERT attempt ##{self.class.insert_attempts}, slug=#{slug}"
+
+    return if self.class.collision_injected
+
+    self.class.collision_injected = true
+
+    # Inject a row with the same slug BEFORE this INSERT completes
+    conn = self.class.connection
+    now = Time.current
+    conn.execute(<<~SQL)
+      INSERT INTO organizations (name, slug, created_at, updated_at)
+      VALUES (
+        #{conn.quote("Injected by race simulation")},
+        #{conn.quote(slug)},
+        #{conn.quote(now)},
+        #{conn.quote(now)}
+      )
+    SQL
+    puts "  [DEBUG] Injected conflicting row with slug=#{slug}"
+  end
+end
+
+begin
+  org = RaceSimulationOrg.create!(name: "Acme Corp")
+
+  puts
+  puts "Result:"
+  puts "  Created successfully: #{org.persisted? ? '✅ YES' : '❌ NO'}"
+  puts "  INSERT attempts: #{RaceSimulationOrg.insert_attempts}"
+  puts "  Final slug: #{org.slug}"
+  puts "  Slug changed after retry: #{org.slug != 'acme-corp' ? '✅ YES' : '❌ NO'}"
+
+  if RaceSimulationOrg.insert_attempts == 2 && org.slug.start_with?("acme-corp-")
+    puts
+    puts "✅ PASS - Race condition handled correctly!"
+  else
+    puts
+    puts "⚠️ Unexpected behavior - check debug output"
+  end
+rescue => e
+  puts
+  puts "❌ FAIL - #{e.class}: #{e.message}"
+end
+puts
+
+# ============================================================================
+# Test 3: Verify non-slug unique violations still bubble up
+# ============================================================================
+puts "TEST 3: Non-slug unique violations bubble up"
+puts "-" * 40
+
+class NonSlugViolationOrg < Organizations::Organization
+  self.table_name = "organizations"
+
+  before_create do
+    raise ActiveRecord::RecordNotUnique, "UNIQUE constraint failed: organizations.external_id"
+  end
+end
+
+begin
+  NonSlugViolationOrg.create!(name: "Should Fail")
+  puts "❌ FAIL - Should have raised RecordNotUnique"
+rescue ActiveRecord::RecordNotUnique => e
+  if e.message.include?("external_id")
+    puts "✅ PASS - Non-slug violation bubbled up correctly"
+  else
+    puts "⚠️ Unexpected error: #{e.message}"
+  end
+rescue => e
+  puts "❌ FAIL - Wrong error type: #{e.class}"
+end
+puts
+
+# ============================================================================
+# Test 4: High-volume stress test with real database
+# ============================================================================
+puts "TEST 4: High-volume concurrent-like test (100 orgs, same name)"
+puts "-" * 40
+
+Organizations::Organization.delete_all
+
+start_time = Time.now
+orgs = []
+100.times do |i|
+  orgs << Organizations::Organization.create!(name: "Stress Test Corp")
+end
+elapsed = Time.now - start_time
+
+slugs = orgs.map(&:slug)
+unique_count = slugs.uniq.length
+
+puts "Created 100 organizations in #{(elapsed * 1000).round(2)}ms"
+puts "Unique slugs: #{unique_count}/100"
+puts "First slug: #{orgs.first.slug}"
+puts "Last slug: #{orgs.last.slug}"
+puts "Result: #{unique_count == 100 ? '✅ PASS' : '❌ FAIL'}"
+puts
+
+# ============================================================================
+# Summary
+# ============================================================================
+puts "=" * 70
+puts "SUMMARY"
+puts "=" * 70
+puts
+puts "The around_create hook in slugifiable correctly handles INSERT-time"
+puts "race conditions for NOT NULL slug columns."
+puts
+puts "Flow:"
+puts "1. before_validation: compute slug ('acme-corp')"
+puts "2. around_create: wrap INSERT"
+puts "3. INSERT fails: RecordNotUnique (slug collision)"
+puts "4. around_create: recompute slug ('acme-corp-123456')"
+puts "5. Retry INSERT: success"
+puts
+puts "This is the fix Codex added in slugifiable Round 9."
+puts "=" * 70