bypass user login

We'll need to properly strip out the user authentication stuff in the future. Since they'll already be logged into CareerPlug we don't another login here.

* automatically log in as a Demo Account user for now

app/controllers/application_controller.rb

@@ -6,10 +6,12 @@ class ApplicationController < ActionController::Base
   include ActiveStorage::SetCurrent
   include Pagy::Backend
 
+  before_action :ensure_demo_user_signed_in
+
   check_authorization unless: :devise_controller?
 
   around_action :with_locale
-  before_action :sign_in_for_demo, if: -> { Docuseal.demo? }
+  # before_action :sign_in_for_demo, if: -> { Docuseal.demo? }
   before_action :maybe_redirect_to_setup, unless: :signed_in?
   before_action :authenticate_user!, unless: :devise_controller?
 
@@ -101,9 +103,34 @@ class ApplicationController < ActionController::Base
   end
 
   def maybe_redirect_to_setup
+    # Skip setup redirect for iframe embedding - create demo user instead
+    return if ensure_demo_user_signed_in
+
     redirect_to setup_index_path unless User.exists?
   end
 
+  def ensure_demo_user_signed_in
+    return true if signed_in?
+    user = find_or_create_demo_user
+    sign_in(user)
+    true
+  end
+
+  def find_or_create_demo_user
+    User.find_by(email: 'demo@docuseal.local') || begin
+      account = Account.create!(name: 'Demo Account', locale: 'en', timezone: 'UTC')
+      User.create!(
+        email: 'demo@docuseal.local',
+        password: 'password123',
+        password_confirmation: 'password123',
+        first_name: 'Demo',
+        last_name: 'User',
+        account: account,
+        role: 'admin'
+      )
+    end
+  end
+
   def button_title(title: I18n.t('submit'), disabled_with: I18n.t('submitting'), title_class: '', icon: nil,
                    icon_disabled: nil)
     render_to_string(partial: 'shared/button_title',

app/controllers/templates_controller.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class TemplatesController < ApplicationController
+  skip_before_action :maybe_redirect_to_setup
+  skip_before_action :verify_authenticity_token
+
   load_and_authorize_resource :template
 
   before_action :load_base_template, only: %i[new create]

app/controllers/templates_dashboard_controller.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
 class TemplatesDashboardController < ApplicationController
+  before_action :ensure_demo_user_signed_in
+  skip_before_action :authenticate_user!
+  skip_before_action :maybe_redirect_to_setup
+
   load_and_authorize_resource :template_folder, parent: false
   load_and_authorize_resource :template, parent: false
 
@@ -44,29 +48,33 @@ class TemplatesDashboardController < ApplicationController
   private
 
   def filter_templates(templates)
-    rel = templates.active
+    # rel = templates.active
-
+
-    if params[:q].blank?
+    # if params[:q].blank?
-      if Docuseal.multitenant? ? current_account.testing? : current_account.linked_account_account
+    #   if Docuseal.multitenant? ? current_account.testing? : current_account.linked_account_account
-        shared_account_ids = [current_user.account_id]
+    #     shared_account_ids = [current_user.account_id]
-        shared_account_ids << TemplateSharing::ALL_ID if !Docuseal.multitenant? && !current_account.testing?
+    #     shared_account_ids << TemplateSharing::ALL_ID if !Docuseal.multitenant? && !current_account.testing?
-
+
-        shared_template_ids = TemplateSharing.where(account_id: shared_account_ids).select(:template_id)
+    #     shared_template_ids = TemplateSharing.where(account_id: shared_account_ids).select(:template_id)
-
+
-        rel = Template.where(
+    #     rel = Template.where(
-          Template.arel_table[:id].in(
+    #       Template.arel_table[:id].in(
-            Arel::Nodes::Union.new(
+    #         Arel::Nodes::Union.new(
-              rel.where(folder_id: current_account.default_template_folder.id).select(:id).arel,
+    #           rel.where(folder_id: current_account.default_template_folder.id).select(:id).arel,
-              shared_template_ids.arel
+    #           shared_template_ids.arel
-            )
+    #         )
-          )
+    #       )
-        )
+    #     )
-      else
+    #   else
-        rel = rel.where(folder_id: current_account.default_template_folder.id)
+    #     rel = rel.where(folder_id: current_account.default_template_folder.id)
-      end
+    #   end
-    end
+    # end
-
+
-    Templates.search(current_user, rel, params[:q])
+    # Templates.search(current_user, rel, params[:q])
+    templates = templates.active
+    templates = Templates.search(current_user, templates, params[:q])
+
+    templates
   end
 
   def sort_template_folders(template_folders, current_user, order)

app/controllers/templates_uploads_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class TemplatesUploadsController < ApplicationController
+  skip_before_action :verify_authenticity_token, only: [:create]
+
   load_and_authorize_resource :template, parent: false
 
   layout 'plain'

config/routes.rb

@@ -9,7 +9,7 @@ Rails.application.routes.draw do
     end
   end
 
-  root 'dashboard#index'
+  root 'templates_dashboard#index'
 
   get 'up' => 'rails/health#show'
   get 'manifest' => 'pwa#manifest'