Share tokens

Share tokens can be assigned to any model to provide a system to share unpublished resources with expirable and manageable tokens.

A share token is created by a user with an expiration time, and can be added as a query param to access otherwise restricted locations.

Add share tokens to a model

The model must include Decidim::ShareableWithToken and implement shareable_url(share_token), which should return the public url for the resource you want to share, including the token as a query parameter.

# Public: Public URL for your_resource with given share token as query parameter
def shareable_url(share_token)
  your_resource_public_path(self, share_token: share_token.token)

Set permissions

You should change permissions logic for the resource to check if there’s a share_token query parameter in the request url, and call Decidim::ShareToken.use! to both check if the token is valid, and if it is, to use it (which increments times_used variable and sets last_used_at to current time).

It should do something similar to this:

token = context[:share_token]

return unless token.present?

allow! if Decidim::ShareToken.use!(token_for: your_resource, token: token)

Manage tokens

Render the partial decidim-admin/app/views/decidim/admin/share_tokens/_share_tokens.html.erb inside a view, with:

locals: { share_tokens: your_share_tokens_variable }

to let admins see and manage tokens for that resource.

Implement a share action (see below) in the resource controller (admin scope), redirecting to a url with a newly generated token, so you can call share_my_resource_url.

def share
  @your_resource = YourResource.find(params[:id]) # or whatever
  share_token = @your_resource.share_tokens.create!(user: current_user, organization: current_organization)

  redirect_to share_token.url