From 94f1aab569a1d5a7d196864efa82ae76a01e6ab0 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:33:26 +0200
Subject: [PATCH 01/11] Remove current_organization magic in order to use
 standard REST urls

---
 app/controllers/application_controller.rb     | 25 +----------
 app/controllers/members_controller.rb         | 16 +++++++-
 app/controllers/organizations_controller.rb   | 36 ++++++++--------
 app/controllers/posts_controller.rb           | 41 +++++++++++++------
 app/controllers/users_controller.rb           | 32 ++++++++++-----
 app/helpers/posts_helper.rb                   |  7 +++-
 app/views/application/_navbar.html.erb        | 10 ++---
 .../_organization_listings_menu.html.erb      |  4 +-
 .../menus/_organization_switcher.html.erb     |  8 +---
 app/views/inquiries/index.html.erb            |  2 +-
 app/views/layouts/application.html.erb        |  4 +-
 app/views/offers/index.html.erb               |  2 +-
 app/views/shared/_post.html.erb               |  2 +-
 app/views/shared/_post_form.html.erb          |  4 +-
 app/views/users/_user_rows.html.erb           |  2 +-
 app/views/users/give_time.html.erb            |  6 +--
 app/views/users/index.html.erb                |  6 +--
 17 files changed, 110 insertions(+), 97 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2b934011e..ede758798 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,6 @@ class ApplicationController < ActionController::Base
   append_before_filter :check_for_terms_acceptance!, unless: :devise_controller?
   before_filter :configure_permitted_parameters, if: :devise_controller?
   before_filter :set_locale
-  before_filter :set_current_organization
   after_filter :store_location
 
   rescue_from MissingTOSAcceptance, OutadedTOSAcceptance do
@@ -18,7 +17,7 @@ class ApplicationController < ActionController::Base
 
   rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
-  helper_method :current_organization, :admin?, :superadmin?
+  helper_method :admin?, :superadmin?
 
   protected
 
@@ -26,14 +25,6 @@ def configure_permitted_parameters
     devise_parameter_sanitizer.for(:sign_up) << :username
   end
 
-  def set_current_organization
-    if org_id = session[:current_organization_id]
-      @current_organization = Organization.find(org_id)
-    elsif current_user
-      @current_organization = current_user.organizations.first
-    end
-  end
-
   def store_location
     # store last url - this is needed for post-login redirect to whatever the
     # user last visited.
@@ -66,20 +57,8 @@ def check_for_terms_acceptance!
     end
   end
 
-  def current_organization
-    @current_organization ||= current_user.try(:organizations).try(:first)
-  end
-
-  def current_member
-    @current_member ||= current_user.as_member_of(current_organization) if current_user
-  end
-
-  def pundit_user
-    current_member
-  end
-
   def admin?
-    current_user.try :manages?, current_organization
+    current_user.try :manages?, @organization
   end
 
   def superadmin?
diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
index c88ea52df..1b78d0b3d 100644
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -1,5 +1,17 @@
 class MembersController < ApplicationController
   before_filter :authenticate_user!
+  before_filter :load_organization
+
+  # TODO: move to abstract controller for all nested resources
+  # TODO: check authorization
+  #
+  def load_organization
+    @organization = Organization.find_by_id(params[:id])
+
+    raise not_found unless @organization
+
+    @organization
+  end
 
   def destroy
     find_member
@@ -34,11 +46,11 @@ def toggle_active
   private
 
   def find_member
-    @member ||= current_organization.members.find(params[:id])
+    @member ||= @organization.members.find(params[:id])
   end
 
   def toggle_active_posts
-    current_organization.posts.where(user_id: @member.user_id).
+    @organization.posts.where(user_id: @member.user_id).
       each { |post| post.update_attributes(active: false) }
   end
 end
diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index 0e3ab87a7..8278e1d9b 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -1,20 +1,17 @@
 class OrganizationsController < ApplicationController
-  before_filter :load_resource
-
-  def load_resource
-    if params[:id]
-      @organization = Organization.find(params[:id])
-    else
-      @organizations = Organization.all
-    end
-  end
+  before_filter :load_resource, only: [:show, :update, :destroy, :give_time]
 
   def new
     @organization = Organization.new
   end
 
+  # TODO: define which organizations we should display
+  #
   def index
-    @organizations = @organizations.matching(params[:q]) if params[:q].present?
+    context = Organization.all
+    context = context.matching(params[:q]) if params[:q].present?
+
+    @organizations = context
   end
 
   def show
@@ -56,13 +53,6 @@ def give_time
     @sources = find_transfer_sources_for_admin
   end
 
-  def set_current
-    if current_user
-      session[:current_organization_id] = @organization.id
-    end
-    redirect_to root_path
-  end
-
   private
 
   def organization_params
@@ -71,8 +61,18 @@ def organization_params
                                      neighborhood city domain])
   end
 
+  def load_resource
+    @organization = Organization.find_by_id(params[:id])
+
+    raise unless @organization
+
+    # TODO: authorize
+
+    @organization
+  end
+
   def find_transfer_offer
-    current_organization.offers.
+    @organization.offers.
       find(params[:offer]) if params[:offer].present?
   end
 
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 08c47942c..4bd9caaca 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -1,4 +1,6 @@
 class PostsController <  ApplicationController
+  before_filter :load_organization
+
   has_scope :by_category, as: :cat
   has_scope :tagged_with, as: :tag
   has_scope :by_organization, as: :org
@@ -11,9 +13,9 @@ def index
           type: "phrase_prefix",
           fields: ["title^2", "description", "tags^2"]
         } } ]
-      if current_organization.present?
+      if @organization.present?
         # filter by organization
-        must << { term: { organization_id: { value: current_organization.id } } }
+        must << { term: { organization_id: { value: @organization.id } } }
       end
       posts = model.__elasticsearch__.search(
         query: {
@@ -24,8 +26,8 @@ def index
       ).page(params[:page]).per(25).records
     else
       posts = model.active.of_active_members
-      if current_organization.present?
-        posts = posts.merge(current_organization.posts)
+      if @organization.present?
+        posts = posts.merge(@organization.posts)
       end
       posts = apply_scopes(posts).page(params[:page]).per(25)
     end
@@ -40,9 +42,9 @@ def new
 
   def create
     post = model.new(post_params)
-    post.organization = current_organization
+    post.organization = @organization
     if post.save
-      redirect_to send("#{resource}_path", post)
+      redirect_to polymorphic_url([@organization, post])
     else
       instance_variable_set("@#{resource}", post)
       render action: :new
@@ -50,13 +52,13 @@ def create
   end
 
   def edit
-    post = current_organization.posts.find params[:id]
+    post = @organization.posts.find params[:id]
     instance_variable_set("@#{resource}", post)
   end
 
   def show
     scope = if current_user.present?
-              current_organization.posts.active.of_active_members
+              @organization.posts.active.of_active_members
             else
               model.all.active.of_active_members
             end
@@ -65,34 +67,36 @@ def show
   end
 
   def update
-    post = current_organization.posts.find params[:id]
+    post = @organization.posts.find params[:id]
     authorize post
     instance_variable_set("@#{resource}", post)
     if post.update_attributes(post_params)
-      redirect_to post
+      redirect_to polymorphic_url([@organization, post])
     else
       render action: :edit, status: :unprocessable_entity
     end
   end
 
   def destroy
-    post = current_organization.posts.find params[:id]
+    post = @organization.posts.find params[:id]
     authorize post
-    redirect_to send("#{resources}_path") if post.update!(active: false)
+    redirect_to polymorphic_url([@organization, resources]) if post.update!(active: false)
   end
 
   private
 
+  # TODO: Investigate why we need this
   def resource
     controller_name.singularize
   end
 
+  # TODO: Investigate why we need this
   def resources
     controller_name
   end
 
   def set_user_id(p)
-    if current_user.manages?(current_organization)
+    if current_user.manages?(@organization)
       p.update publisher_id: current_user.id
       p.reverse_merge! user_id: current_user.id
     else
@@ -109,4 +113,15 @@ def post_params
       set_user_id(p)
     end
   end
+
+  # TODO: move to abstract controller for all nested resources
+  # TODO: check authorization
+  #
+  def load_organization
+    @organization = Organization.find_by_id(params[:organization_id])
+
+    raise not_found unless @organization
+
+    @organization
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 68f6fb828..2eca903fa 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,13 +1,23 @@
 class UsersController < ApplicationController
   before_filter :authenticate_user!
+  before_filter :load_organization, only: [:index]
+
+  # TODO: move to abstract controller for all nested resources
+  def load_organization
+    @organization = Organization.find_by_id(params[:organization_id])
+
+    raise not_found unless @organization
+
+    @organization
+  end
 
   def scoped_users
-    current_organization.users
+    @organization.users
   end
 
   def index
     @users = scoped_users
-    @memberships = current_organization.members.
+    @memberships = @organization.members.
                    where(user_id: @users.map(&:id)).
                    includes(:account).each_with_object({}) do |mem, ob|
                      ob[mem.user_id] = mem
@@ -16,7 +26,9 @@ def index
 
   def show
     @user = find_user
-    @member = @user.as_member_of(current_organization)
+    authorize @user
+
+    @member = @user.as_member_of(@organization)
     @movements = @member.movements.order("created_at DESC").page(params[:page]).
                  per(10)
   end
@@ -42,7 +54,7 @@ def create
     @user.setup_and_save_user
 
     if @user.persisted?
-      @user.tune_after_persisted(current_organization)
+      @user.tune_after_persisted(@organization)
       redirect_to_after_create
     else
       @user.email = "" if empty_email
@@ -64,7 +76,7 @@ def update
   def give_time
     @user = scoped_users.find(params[:id])
     @destination = @user.members.
-                   find_by(organization: current_organization).account.id
+                   find_by(organization: @organization).account.id
     @source = find_transfer_source
     @offer = find_transfer_offer
     @transfer = Transfer.new(source: @source,
@@ -86,19 +98,19 @@ def user_params
   end
 
   def find_transfer_offer
-    current_organization.offers.
+    @organization.offers.
       find(params[:offer]) if params[:offer].present?
   end
 
   def find_transfer_source
     current_user.members.
-      find_by(organization: current_organization).account.id
+      find_by(organization: @organization).account.id
   end
 
   def find_transfer_sources_for_admin
     return unless admin?
-    [current_organization.account] +
-      current_organization.member_accounts.where("members.active is true")
+    [@organization.account] +
+      @organization.member_accounts.where("members.active is true")
   end
 
   def find_user
@@ -110,7 +122,7 @@ def find_user
   end
 
   def redirect_to_after_create
-    id = @user.member(current_organization).member_uid
+    id = @user.member(@organization).member_uid
     if params[:more]
       redirect_to new_user_path,
                   notice: I18n.t("users.new.user_created_add",
diff --git a/app/helpers/posts_helper.rb b/app/helpers/posts_helper.rb
index 1737bf674..ea4721ed8 100644
--- a/app/helpers/posts_helper.rb
+++ b/app/helpers/posts_helper.rb
@@ -1,13 +1,16 @@
 module PostsHelper
   # Returns the right path to index list depending on type of post
+  #
+  # TODO: doesn't Rails URL helpers already provide this?
   def get_index_path(post, hparams)
     klass = post.class
+    hparams[:organization_id] = @organization.id
 
     case
     when klass == String
-      post.eql?("offers") ? offers_path(hparams) : inquiries_path(hparams)
+      post.eql?("offers") ? organization_offers_path(hparams) : organization_inquiries_path(hparams)
     else
-      post.type.eql?("Offer") ? offers_path(hparams) : inquiries_path(hparams)
+      post.type.eql?("Offer") ? organization_offers_path(hparams) : organization_inquiries_path(hparams)
     end
   end
 end
diff --git a/app/views/application/_navbar.html.erb b/app/views/application/_navbar.html.erb
index f6520881d..ada5324b4 100644
--- a/app/views/application/_navbar.html.erb
+++ b/app/views/application/_navbar.html.erb
@@ -10,11 +10,7 @@
               <span class="icon-bar"></span>
               <span class="icon-bar"></span>
             </button>
-            <% if current_user && current_organization %>
-            <a class="navbar-brand" href="<%= organization_path(current_organization) %>">TimeOverflow</a>
-            <% else %>
             <a class="navbar-brand" href="/">TimeOverflow</a>
-            <% end %>
           </div>
         </div>
         <div class="col-xs-12 col-sm-9 col-md-9 col-lg-9">
@@ -41,7 +37,7 @@
   </div>
 </nav>
 
-<% if current_user && current_organization %>
+<% if current_user && @organization %>
 <nav role="navigation">
   <div class="container-fluid">
     <div class="container">
@@ -52,7 +48,7 @@
               <%= render 'application/menus/offers_dashboard_link' %>
               <%= render 'application/menus/inquiries_list_link' %>
               <%= render 'application/menus/offers_by_tag_link' %>
-              <% if current_user.manages? current_organization %>
+              <% if current_user.manages?(@organization) %>
                 <%= render 'application/menus/organization_reports_menu' %>
                 <%= render 'application/menus/organization_statistics_menu' %>
                 <%= render 'application/menus/organization_listings_menu' %>
@@ -63,4 +59,4 @@
     </div>
   </div>
 </nav>
-<% end %>
\ No newline at end of file
+<% end %>
diff --git a/app/views/application/menus/_organization_listings_menu.html.erb b/app/views/application/menus/_organization_listings_menu.html.erb
index 6ea4ba67e..92fd16e0b 100644
--- a/app/views/application/menus/_organization_listings_menu.html.erb
+++ b/app/views/application/menus/_organization_listings_menu.html.erb
@@ -12,14 +12,14 @@
       <% end %>
     </li>
     <li>
-      <%= link_to offers_path(org: current_organization) do %>
+      <%= link_to organization_offers_path(organization_id: @organization.id) do %>
         <%= glyph :link %>
         <%= glyph :eye_open %>
         <%= t "application.navbar.offer_public_link" %>
       <% end %>
     </li>
     <li>
-      <%= link_to inquiries_path(org: current_organization) do %>
+      <%= link_to organization_inquiries_path(organization_id: @organization.id) do %>
         <%= glyph :link %>
         <%= glyph :eye_open %>
         <%= t "application.navbar.inquiry_public_link" %>
diff --git a/app/views/application/menus/_organization_switcher.html.erb b/app/views/application/menus/_organization_switcher.html.erb
index 10d3ca099..2fd3b383f 100644
--- a/app/views/application/menus/_organization_switcher.html.erb
+++ b/app/views/application/menus/_organization_switcher.html.erb
@@ -1,10 +1,6 @@
-<li class="disabled">
-  <a href="#"><%= current_organization.name %></a>
-</li>
-<% (current_user.organizations - [current_organization]).each do |org| %>
+<% current_user.organizations.each do |org| %>
   <li>
-    <%= link_to set_current_organization_path(org), method: :post do %>
-      <%= glyph(:retweet) %>
+    <%= link_to organization_path(org) do %>
       <%= org.name %>
     <% end %>
   </li>
diff --git a/app/views/inquiries/index.html.erb b/app/views/inquiries/index.html.erb
index 4475ff71b..720773506 100644
--- a/app/views/inquiries/index.html.erb
+++ b/app/views/inquiries/index.html.erb
@@ -39,7 +39,7 @@
       </ul>
     </li>
   </ul>
-  <% if current_user && current_organization && !params[:org] %>
+  <% if current_user && @organization %>
     <ul class="nav navbar-nav pull-right">
       <li>
         <%= link_to new_inquiry_path do %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 71b40ce46..9cf85ad63 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -8,8 +8,8 @@
       <% if content_for? :window_title %>
         <%= content_for :window_title %>
       <% else %>
-        <% if current_organization %>
-          <%= current_organization %> —
+        <% if @organization %>
+          <%= @organization %> —
         <% end %>
         <%= yield :title %>
       <% end %>
diff --git a/app/views/offers/index.html.erb b/app/views/offers/index.html.erb
index 71e92b75d..3d21ec375 100644
--- a/app/views/offers/index.html.erb
+++ b/app/views/offers/index.html.erb
@@ -38,7 +38,7 @@
       </ul>
     </li>
   </ul>
-  <% if current_user && current_organization && !params[:org] %>
+  <% if current_user && @organization %>
     <ul class="nav navbar-nav pull-right">
       <li>
         <%= link_to new_offer_path do %>
diff --git a/app/views/shared/_post.html.erb b/app/views/shared/_post.html.erb
index d9681bab7..95192d1ea 100644
--- a/app/views/shared/_post.html.erb
+++ b/app/views/shared/_post.html.erb
@@ -27,7 +27,7 @@
         <% end %>
       </div>
     </div>
-    <% if current_user && current_organization %>
+    <% if current_user && @organization %>
       <div class="panel panel-info">
         <div class="panel-heading">
           <h3 class="panel-title">
diff --git a/app/views/shared/_post_form.html.erb b/app/views/shared/_post_form.html.erb
index 7717e54c2..e13ebd700 100644
--- a/app/views/shared/_post_form.html.erb
+++ b/app/views/shared/_post_form.html.erb
@@ -34,12 +34,12 @@
                  id: "tags-js",
                  class: "form-control" %>
   </div>
-  <% if current_user.manages?(current_organization) %>
+  <% if current_user.manages?(@organization) %>
     <div class="form-group">
       <%= f.label :user, class: "control-label" %>
       <%# TODO: too complex %>
       <%= f.select :user_id,
-                   options_for_select(current_organization.members.active
+                   options_for_select(@organization.members.active
                                                           .order("members.member_uid")
                                                           .map { |mem| ["#{mem.member_uid} #{mem.user.to_s}", mem.user_id] },
                                       selected: post.user.id || current_user.id),
diff --git a/app/views/users/_user_rows.html.erb b/app/views/users/_user_rows.html.erb
index 0f7ada7b8..9f82aabfd 100644
--- a/app/views/users/_user_rows.html.erb
+++ b/app/views/users/_user_rows.html.erb
@@ -19,7 +19,7 @@
   <td> {{user.phone}} </td>
   <td> {{user.alt_phone}} </td>
   <td> {{user.balance | timeBalance}} </td>
-  <% if current_user.manages?(current_organization) %>
+  <% if current_user.manages?(@organization) %>
     <td class="hover-actions">
       <a class="action" ng-if="user.edit_link" ng-href="{{user.edit_link}}">
         <%= glyph :pencil %>
diff --git a/app/views/users/give_time.html.erb b/app/views/users/give_time.html.erb
index 2b5b143df..c7825f083 100644
--- a/app/views/users/give_time.html.erb
+++ b/app/views/users/give_time.html.erb
@@ -2,7 +2,7 @@
   <small>
     <%= t ".give_time" %>
   </small>
-  <%= link_to @user.member(current_organization).display_name_with_uid, user_path(@user) %>
+  <%= link_to @user.member(@organization).display_name_with_uid, user_path(@user) %>
 </h1>
 <% if @offer %>
   <h3>
@@ -38,7 +38,7 @@
                      options_for_select(
                        @sources.sort_by { |source| [source.accountable_type, source.accountable.try(:member_uid)] }
                                .map { |a| ["#{a.accountable_type == "Member" ? a.accountable.member_uid : ""} #{a.accountable_type} #{a.accountable.to_s}", a.id] },
-                       selected: current_user.member(current_organization).account.id
+                       selected: current_user.member(@organization).account.id
                      ),
                      {},
                      id: "select2-time",
@@ -49,7 +49,7 @@
       <%= f.input :post, readonly: true %>
       <%= f.input :post_id, as: :hidden %>
     <% else %>
-      <%= f.input :post_id, collection: @user.member(current_organization).offers.active %>
+      <%= f.input :post_id, collection: @user.member(@organization).offers.active %>
     <% end %>
   </div>
   <div class="form-actions">
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index 546e630fa..bf6ab4c60 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -2,8 +2,8 @@
   <h1>
     <%= User.model_name.human.pluralize %>
     —
-    <%= link_to current_organization.name,
-                organization_path(current_organization) %>
+    <%= link_to @organization.name,
+                organization_path(@organization) %>
     <% if params[:q].present? %>
       <small>
         <%= glyph :search %>
@@ -69,7 +69,7 @@
               <span class="glyphicon glyphicon-chevron-up" ng-if="sort == 'balance'"></span>
             </a>
           </th>
-          <% if current_user.manages? current_organization %>
+          <% if current_user.manages? @organization %>
             <th>
               <span class="glyphicon glyphicon-hand-down"></span>
               <%= t(".actions") %>

From 7b38ec550de8eb9f5f468346dcd9f4dac961fbb5 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:34:15 +0200
Subject: [PATCH 02/11] Redirect to root after log in

---
 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ede758798..5f6b9c2dc 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -38,7 +38,7 @@ def store_location
 
   def after_sign_in_path_for(user)
     if user.members.present?
-      users_path
+      root_path
     else
       page_path("about")
     end

From bca8028834cd1e29058fd26bfba9431e7c4af376 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:35:20 +0200
Subject: [PATCH 03/11] Redirect to first organization

---
 app/controllers/home_controller.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index d257c39e4..c62f9fba8 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -1,5 +1,11 @@
 class HomeController < ApplicationController
+
+  # TODO: what happens when the user doesn't pertain to any organization?
   def index
-    redirect_to :users if current_user
+    return unless current_user
+
+    organization_id = current_user.organization_ids.first
+
+    redirect_to organization_path(id: organization_id)
   end
 end

From c2407e6a11ee9b6d830578e1231fb07bc4a5ba4b Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:40:15 +0200
Subject: [PATCH 04/11] Nest under /organization scope users, inquiries and
 offers resources

---
 app/helpers/users_helper.rb                   |  2 +-
 .../menus/_inquiries_list_link.html.erb       |  4 ++--
 .../menus/_offers_dashboard_link.html.erb     |  4 ++--
 .../menus/_user_admin_menu.html.erb           |  2 +-
 .../menus/_user_list_link.html.erb            |  4 ++--
 app/views/inquiries/index.html.erb            |  8 +++----
 app/views/inquiries/show.html.erb             |  4 ++--
 app/views/offers/index.html.erb               |  8 +++----
 app/views/offers/show.html.erb                |  6 +++---
 app/views/shared/_post_form.html.erb          |  2 +-
 app/views/shared/_posts.html.erb              |  4 ++--
 app/views/users/index.html.erb                |  2 +-
 app/views/users/show.html.erb                 |  4 ++--
 config/routes.rb                              | 21 +++++++------------
 14 files changed, 35 insertions(+), 40 deletions(-)

diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 947b95fa0..42171bf75 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -15,7 +15,7 @@ def users_as_json
         alt_phone: user.alt_phone,
         balance: membership.account_balance.to_i,
 
-        url: user_path(user),
+        url: organization_user_path(organization_id: membership.organization_id, id: user.id),
         edit_link: edit_user_path(user),
         cancel_link: cancel_member_path(membership),
         toggle_manager_link: toggle_manager_member_path(membership),
diff --git a/app/views/application/menus/_inquiries_list_link.html.erb b/app/views/application/menus/_inquiries_list_link.html.erb
index 3076be0aa..bbcbd07a0 100644
--- a/app/views/application/menus/_inquiries_list_link.html.erb
+++ b/app/views/application/menus/_inquiries_list_link.html.erb
@@ -1,5 +1,5 @@
-<li class="<%= "active" if current_page?(inquiries_path) %>">
-  <%= link_to inquiries_path do %>
+<li class="<%= "active" if current_page?(organization_inquiries_path(organization_id: @organization.id)) %>">
+  <%= link_to organization_inquiries_path(organization_id: @organization.id) do %>
     <%= glyph :inquiry %>
     <%= Inquiry.model_name.human(count: :many) %>
   <% end %>
diff --git a/app/views/application/menus/_offers_dashboard_link.html.erb b/app/views/application/menus/_offers_dashboard_link.html.erb
index 54d38e037..666012577 100644
--- a/app/views/application/menus/_offers_dashboard_link.html.erb
+++ b/app/views/application/menus/_offers_dashboard_link.html.erb
@@ -1,5 +1,5 @@
-<li class="<%= "active" if current_page?(dashboard_offers_path) %>">
-  <%= link_to dashboard_offers_path do %>
+<li class="<%= "active" if current_page?(organization_offers_path(organization_id: @organization.id)) %>">
+  <%= link_to organization_offers_path(organization_id: @organization.id) do %>
     <%= glyph :offer %>
     <%= Offer.model_name.human(count: :many) %>
   <% end %>
diff --git a/app/views/application/menus/_user_admin_menu.html.erb b/app/views/application/menus/_user_admin_menu.html.erb
index 58f394025..39e27ab96 100644
--- a/app/views/application/menus/_user_admin_menu.html.erb
+++ b/app/views/application/menus/_user_admin_menu.html.erb
@@ -25,7 +25,7 @@
       <li class="divider" role="presentation"></li>
     <% end %>
     <li role="presentation">
-      <%= link_to current_user do %>
+      <%= link_to organization_user_path(organization_id: @organization.id, id: current_user.id) do %>
         <%= glyph :user %>
         <%= t "layouts.application.edit_profile" %>
       <% end %>
diff --git a/app/views/application/menus/_user_list_link.html.erb b/app/views/application/menus/_user_list_link.html.erb
index e3bf2c45e..47a020da9 100644
--- a/app/views/application/menus/_user_list_link.html.erb
+++ b/app/views/application/menus/_user_list_link.html.erb
@@ -1,5 +1,5 @@
-<li class="<%= "active" if current_page?(users_path) %>">
-  <%= link_to users_path do %>
+<li class="<%= "active" if current_page?(organization_users_path(organization_id: @organization.id)) %>">
+  <%= link_to organization_users_path(organization_id: @organization.id) do %>
     <%= glyph :user %>
     <%= User.model_name.human(count: :many) %>
   <% end %>
diff --git a/app/views/inquiries/index.html.erb b/app/views/inquiries/index.html.erb
index 720773506..f2e93d75a 100644
--- a/app/views/inquiries/index.html.erb
+++ b/app/views/inquiries/index.html.erb
@@ -5,7 +5,7 @@
 </h1>
 
 <div class="navbar">
-  <form action="<%= inquiries_path %>"
+  <form action="<%= organization_inquiries_path(organization_id: @organization.id) %>"
         class="navbar-form navbar-left"
         method="get"
         role="search">
@@ -28,12 +28,12 @@
       </a>
       <ul class="dropdown-menu" role="menu">
         <li>
-          <%= link_to "× #{t("global.all")}", inquiries_path %>
+          <%= link_to "× #{t("global.all")}", organization_inquiries_path(organization_id: @organization.id) %>
         </li>
         <% Category.all.sort_by { |a| a.name.downcase }.each do |c| %>
           <% next if c == @category %>
           <li>
-            <%= link_to c.name, inquiries_path(cat: c.id) %>
+            <%= link_to c.name, organization_inquiries_path(organization_id: @organization.id, cat: c.id) %>
           </li>
         <% end %>
       </ul>
@@ -42,7 +42,7 @@
   <% if current_user && @organization %>
     <ul class="nav navbar-nav pull-right">
       <li>
-        <%= link_to new_inquiry_path do %>
+        <%= link_to new_organization_inquiry_path(@organization) do %>
           <%= glyph :plus %>
           <%= t "helpers.submit.create", model: Inquiry.model_name.human %>
         <% end %>
diff --git a/app/views/inquiries/show.html.erb b/app/views/inquiries/show.html.erb
index 7c1bb7a0e..447dff426 100644
--- a/app/views/inquiries/show.html.erb
+++ b/app/views/inquiries/show.html.erb
@@ -1,10 +1,10 @@
 <p class="actions text-right">
   <% if admin? || @inquiry.user == current_user %>
-    <%= link_to edit_inquiry_path(@inquiry), class: "btn btn-warning" do %>
+    <%= link_to edit_organization_inquiry_path(@organization, @inquiry), class: "btn btn-warning" do %>
       <%= glyph :pencil %>
       <%= t "global.edit" %>
     <% end %>
-    <%= link_to @inquiry,
+    <%= link_to organization_inquiry_path(@organization, @inquiry),
                 data: { method: :delete, confirm: "sure?" },
                 class: "btn btn-danger" do %>
       <%= glyph :trash %>
diff --git a/app/views/offers/index.html.erb b/app/views/offers/index.html.erb
index 3d21ec375..922726da8 100644
--- a/app/views/offers/index.html.erb
+++ b/app/views/offers/index.html.erb
@@ -4,7 +4,7 @@
   <%= render "shared/show_filter_hint" %>
 </h1>
 <div class="navbar">
-  <form action="<%= offers_path %>"
+  <form action="<%= organization_offers_path(organization_id: @organization.id) %>"
         class="navbar-form navbar-left"
         method="get"
         role="search">
@@ -27,12 +27,12 @@
       </a>
       <ul class="dropdown-menu" role="menu">
         <li>
-          <%= link_to "× #{t 'global.all'}", dashboard_offers_path %>
+          <%= link_to "× #{t 'global.all'}", organization_offers_path(organization_id: @organization.id) %>
         </li>
         <% Category.all.sort_by { |a| a.name.downcase }.each do |c| %>
           <% next if c == @category %>
           <li>
-            <%= link_to c.name, offers_path(cat: c.id) %>
+            <%= link_to c.name, organization_offers_path(organization_id: @organization.id, cat: c.id) %>
           </li>
         <% end %>
       </ul>
@@ -41,7 +41,7 @@
   <% if current_user && @organization %>
     <ul class="nav navbar-nav pull-right">
       <li>
-        <%= link_to new_offer_path do %>
+        <%= link_to new_organization_offer_path(organization_id: @organization.id) do %>
           <%= glyph :plus %>
           <%= t "helpers.submit.create", model: Offer.model_name.human %>
         <% end %>
diff --git a/app/views/offers/show.html.erb b/app/views/offers/show.html.erb
index 95d9e3a98..5734c25d2 100644
--- a/app/views/offers/show.html.erb
+++ b/app/views/offers/show.html.erb
@@ -1,10 +1,10 @@
 <p class="actions text-right">
   <% if admin? or @offer.user == current_user %>
-    <%= link_to edit_offer_path(@offer), class: "btn btn-warning" do %>
+    <%= link_to edit_organization_offer_path(@organization, @offer), class: "btn btn-warning" do %>
       <%= glyph :pencil %>
       <%= t "global.edit" %>
     <% end %>
-    <%= link_to @offer,
+    <%= link_to organization_offer_path(@organization, @offer),
                 data: { method: :DELETE, confirm: "sure?" },
                 class: "btn btn-danger" do %>
       <%= glyph :trash %>
@@ -12,7 +12,7 @@
     <% end %>
   <% end %>
   <% if current_user and @offer.user != current_user %>
-    <%= link_to give_time_user_path(@offer.user, offer: @offer.id),
+    <%= link_to give_time_organization_user_path(@organization, @offer.user, offer: @offer.id),
                 class: "btn btn-success" do %>
       <%= glyph :time %>
       <%= t ".give_time_for" %>
diff --git a/app/views/shared/_post_form.html.erb b/app/views/shared/_post_form.html.erb
index e13ebd700..fec63fe06 100644
--- a/app/views/shared/_post_form.html.erb
+++ b/app/views/shared/_post_form.html.erb
@@ -1,5 +1,5 @@
 <%= show_error_messages! post %>
-<%= form_for post, html: { name: "form", novalidate: true } do |f| %>
+<%= form_for [@organization, post], html: { name: "form", novalidate: true } do |f| %>
   <div class="form-group">
     <%= f.label :title, required: true %>
     <%= f.text_field :title, class: "form-control" %>
diff --git a/app/views/shared/_posts.html.erb b/app/views/shared/_posts.html.erb
index 6c1633273..465f7fec5 100644
--- a/app/views/shared/_posts.html.erb
+++ b/app/views/shared/_posts.html.erb
@@ -1,7 +1,7 @@
 <% posts.each do |post| %>
   <div class="post">
     <h4>
-      <%= link_to post.title, post %>
+      <%= link_to post.title, polymorphic_url([@organization, post]) %>
     </h4>
     <p>
       <%= strip_tags(post.rendered_description.to_html) %>
@@ -16,7 +16,7 @@
         <% end %>
         <% (post.tags || []).each do |tag| %>
           <%= glyph :tag %>
-          <%= link_to tag, get_index_path(post,tag: tag) %>
+          <%= link_to tag, get_index_path(post, tag: tag) %>
         <% end %>
         <% if post.type == "Inquiry" %>
           <span class="pull-right">
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index bf6ab4c60..7ffa460d0 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -21,7 +21,7 @@
     <ul class="nav navbar-nav pull-right">
       <% if admin? %>
         <li>
-          <a href="<%= new_user_path %>">
+          <a href="<%= new_organization_user_path(organization_id: @organization.id) %>">
             <span class="glyphicon glyphicon-plus"></span>
             <%= t "helpers.submit.create", model: User.model_name.human %>
           </a>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index f5e7fa4c9..d4169a9c7 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -38,7 +38,7 @@
           <% end %>
           <% if admin? || @user != current_user %>
             <li>
-              <%= link_to give_time_user_path(@user) do %>
+              <%= link_to give_time_organization_user_path(organization_id: @organization.id, id: @user.id) do %>
                 <%= glyph :time %>
                 <%= t "global.give_time" %>
               <% end %>
@@ -110,7 +110,7 @@
         <h2 class="panel-title">
           <%= Inquiry.model_name.human(count: :many) %>
           <% if @user == current_user %>
-            <a class="pull-right" href="<%= new_inquiry_path %>">
+            <a class="pull-right" href="<%= new_organization_inquiry_path(organization_id: @organization.id) %>">
               <%= glyph :plus %>
             </a>
           <% end %>
diff --git a/config/routes.rb b/config/routes.rb
index e03841279..13a79de42 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,26 +11,22 @@
 
   get "global/switch_lang", as: :switch_lang
 
-  resources :offers do
-    collection do
-      get :dashboard
-    end
-  end
-
-  resources :inquiries
+  resources :users, only: [:show, :edit]
 
   concern :accountable do
     get :give_time, on: :member
   end
 
   resources :organizations, concerns: :accountable do
-    member do
-      post :set_current
-    end
+    # TODO: 'members' path is misleading, there is already a resource called 'members'
+    resources :users,
+      concerns: :accountable,
+      except: [:show, :edit, :destroy],
+      path: 'members'
+    resources :inquiries
+    resources :offers
   end
 
-  resources :users, concerns: :accountable, except: :destroy, :path => "members"
-
   resources :transfers, only: [:create] do
     member do
       put :delete_reason
@@ -77,5 +73,4 @@
       get "offers"
     end
   end
-
 end

From 644435e129445a4c2072445ffe64d36160a791f6 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:46:54 +0200
Subject: [PATCH 05/11] Remove offers dashboard

---
 app/controllers/offers_controller.rb          | 16 -----
 app/views/application/_navbar.html.erb        |  2 +-
 ...nk.html.erb => _offers_list_link.html.erb} |  0
 app/views/offers/dashboard.html.erb           | 59 -------------------
 4 files changed, 1 insertion(+), 76 deletions(-)
 rename app/views/application/menus/{_offers_dashboard_link.html.erb => _offers_list_link.html.erb} (100%)
 delete mode 100644 app/views/offers/dashboard.html.erb

diff --git a/app/controllers/offers_controller.rb b/app/controllers/offers_controller.rb
index 6e455ae02..e8558fa86 100644
--- a/app/controllers/offers_controller.rb
+++ b/app/controllers/offers_controller.rb
@@ -1,21 +1,5 @@
-# Managems of offer-type posts
-#
 class OffersController < PostsController
   def model
     Offer
   end
-
-  def dashboard
-    initial_scope =
-      if current_organization
-        current_organization.offers.active.of_active_members
-      else
-        Offer.all.active.of_active_members
-      end
-    @offers = Category.all.sort_by { |a| a.name.downcase }.
-              each_with_object({}) do |category, offers|
-      list = initial_scope.merge(category.posts).limit(5)
-      offers[category] = list if list.present?
-    end
-  end
 end
diff --git a/app/views/application/_navbar.html.erb b/app/views/application/_navbar.html.erb
index ada5324b4..1094edc65 100644
--- a/app/views/application/_navbar.html.erb
+++ b/app/views/application/_navbar.html.erb
@@ -45,7 +45,7 @@
         <div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
           <ul class="nav nav-pills actions-menu">
               <%= render 'application/menus/user_list_link' %>
-              <%= render 'application/menus/offers_dashboard_link' %>
+              <%= render 'application/menus/offers_list_link' %>
               <%= render 'application/menus/inquiries_list_link' %>
               <%= render 'application/menus/offers_by_tag_link' %>
               <% if current_user.manages?(@organization) %>
diff --git a/app/views/application/menus/_offers_dashboard_link.html.erb b/app/views/application/menus/_offers_list_link.html.erb
similarity index 100%
rename from app/views/application/menus/_offers_dashboard_link.html.erb
rename to app/views/application/menus/_offers_list_link.html.erb
diff --git a/app/views/offers/dashboard.html.erb b/app/views/offers/dashboard.html.erb
deleted file mode 100644
index 4c297ed05..000000000
--- a/app/views/offers/dashboard.html.erb
+++ /dev/null
@@ -1,59 +0,0 @@
-<h1>
-  <%= Offer.model_name.human(count: :many) %>
-  <%= render "shared/show_filter_hint" %>
-</h1>
-<div class="navbar">
-  <form action="<%= offers_path %>"
-        class="navbar-form navbar-left"
-        method="get"
-        role="search">
-    <div class="form-group">
-      <input class="form-control"
-             name="q"
-             placeholder="<%= t "global.search" %>"
-             type="text"
-             value="<%= params[:q] %>">
-    </div>
-    <button class="btn btn-default" type="submit">
-      <%= t("global.search") %>
-    </button>
-  </form>
-  <ul class="nav navbar-nav">
-    <li class="dropdown">
-      <a class="dropdown-toggle" href="#">
-        <%= @category ? @category.name : Category.model_name.human %>
-        <span class="caret"></span>
-      </a>
-      <ul class="dropdown-menu" role="menu">
-        <li>
-          <%= link_to "× #{t "global.all"}", offers_path %>
-        </li>
-        <% Category.all.sort_by { |a| a.name.downcase }.each do |c| %>
-          <% next if c == @category %>
-          <li>
-            <%= link_to c.name, offers_path(cat: c.id) %>
-          </li>
-        <% end %>
-      </ul>
-    </li>
-  </ul>
-  <ul class="nav navbar-nav pull-right">
-    <li>
-      <%= link_to new_offer_path do %>
-        <%= glyph :plus %>
-        <%= t "helpers.submit.create", model: Offer.model_name.human %>
-      <% end %>
-    </li>
-  </ul>
-</div>
-<% @offers.each do |cat, offs| %>
-  <div class="offers">
-    <h3>
-      <%= cat.name.capitalize %>
-    </h3>
-    <%= render 'shared/posts', posts: offs %>
-  </div>
-  <%= link_to offers_path(cat: cat.id), class: "more btn btn-primary" do %>
-    <%= t('global.more') %>
-  <% end %>
-<% end %>

From bedceeaf2450a7a33d59a9c936334928ae40ee9b Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:48:05 +0200
Subject: [PATCH 06/11] Use .new instead of #build

---
 app/controllers/organizations_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index 8278e1d9b..233d9daba 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -24,7 +24,7 @@ def show
   end
 
   def create
-    @organization = @organizations.build organization_params
+    @organization = Organization.new(organization_params)
     if @organization.save
       redirect_to @organization, status: :created
     else

From 0bdae4caf3819a0460924ebf8f730cca7b6f2b5f Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:49:25 +0200
Subject: [PATCH 07/11] Add some documentation

---
 app/controllers/organizations_controller.rb | 2 ++
 app/controllers/users_controller.rb         | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index 233d9daba..b2cd87e62 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -45,6 +45,8 @@ def destroy
     redirect_to organizations_path, notice: "deleted"
   end
 
+  # Transfer time to the current organization
+  #
   def give_time
     @destination = @organization.account.id
     @source = find_transfer_source
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2eca903fa..31a670ba3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -15,6 +15,8 @@ def scoped_users
     @organization.users
   end
 
+  # GET /organizations/:id/members
+  #
   def index
     @users = scoped_users
     @memberships = @organization.members.
@@ -24,6 +26,8 @@ def index
                    end
   end
 
+  # GET /members/:user_id
+  #
   def show
     @user = find_user
     authorize @user

From ead6d70917c8da7baa578fcd70ed302c28d2ebd7 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:50:37 +0200
Subject: [PATCH 08/11] First attempt to refactor authorization layer

---
 app/controllers/users_controller.rb    | 16 ++++++++++----
 app/policies/application_policy.rb     | 29 ++++----------------------
 app/policies/organization_policy.rb    |  9 ++++++++
 app/policies/user_policy.rb            | 19 ++++-------------
 app/views/organizations/index.html.erb |  2 +-
 app/views/organizations/show.html.erb  | 16 +++++++-------
 app/views/users/show.html.erb          |  2 +-
 7 files changed, 40 insertions(+), 53 deletions(-)
 create mode 100644 app/policies/organization_policy.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 31a670ba3..3b6cea6b1 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -18,6 +18,8 @@ def scoped_users
   # GET /organizations/:id/members
   #
   def index
+    authorize @organization, :show?
+
     @users = scoped_users
     @memberships = @organization.members.
                    where(user_id: @users.map(&:id)).
@@ -29,6 +31,8 @@ def index
   # GET /members/:user_id
   #
   def show
+    authorize @organization, :show?
+
     @user = find_user
     authorize @user
 
@@ -38,17 +42,21 @@ def show
   end
 
   def new
-    authorize User
+    authorize @organization, :admin?
+
     @user = scoped_users.build
   end
 
   def edit
-    @user = find_user
+    @user = User.find_by_id(params[:id])
+
+    # TODO: raise 404
+    raise unless @user
+
+    authorize @user
   end
 
   def create
-    authorize User
-
     # New User
     email = user_params[:email]
     @user = User.find_or_initialize_by(email: email) do |u|
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index 795d32efc..17a979f74 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -1,10 +1,8 @@
 class ApplicationPolicy
-  attr_reader :member, :user, :organization, :record
+  attr_reader :user, :record
 
-  def initialize(member, record)
-    @member = member
-    @user = member.user if member
-    @organization = member.organization if member
+  def initialize(user, record)
+    @user = user
     @record = record
   end
 
@@ -13,7 +11,7 @@ def index?
   end
 
   def show?
-    scope.where(id: record.id).exists?
+    false
   end
 
   def create?
@@ -35,23 +33,4 @@ def edit?
   def destroy?
     false
   end
-
-  def scope
-    Pundit.policy_scope!(member, record.class)
-  end
-
-  class Scope
-    attr_reader :member, :user, :organization, :scope
-
-    def initialize(member, scope)
-      @member = member
-      @user = member.user if member
-      @organization = member.organization if member
-      @scope = scope
-    end
-
-    def resolve
-      scope
-    end
-  end
 end
diff --git a/app/policies/organization_policy.rb b/app/policies/organization_policy.rb
new file mode 100644
index 000000000..7f1a8d7a8
--- /dev/null
+++ b/app/policies/organization_policy.rb
@@ -0,0 +1,9 @@
+class OrganizationPolicy < ApplicationPolicy
+  def show?
+    user.member(record).present?
+  end
+
+  def admin?
+    user.admins?(record)
+  end
+end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index a0b6b3739..01d762a46 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -1,4 +1,8 @@
 class UserPolicy < ApplicationPolicy
+  def show?
+    true
+  end
+
   def new?
     user.admins?(organization)
   end
@@ -14,19 +18,4 @@ def update?
       user.admins?(organization)
     )
   end
-
-  class Scope < ApplicationPolicy::Scope
-    attr_reader :member, :user, :organization, :scope
-
-    def initialize(user, scope)
-      @member = member
-      @user = member.user if member
-      @organization = member.organization if member
-      @scope = scope
-    end
-
-    def resolve
-      scope
-    end
-  end
 end
diff --git a/app/views/organizations/index.html.erb b/app/views/organizations/index.html.erb
index 896027ab0..1a31edfb8 100644
--- a/app/views/organizations/index.html.erb
+++ b/app/views/organizations/index.html.erb
@@ -27,7 +27,7 @@
         <td><%= link_to org.name, org %></td>
         <td><%= org.users.count %></td>
         <td class="hover-actions">
-          <% if current_user.admins?(org) %>
+          <% if current_user && current_user.admins?(org) %>
             <%= link_to edit_organization_path(org), class: 'action' do %>
               <%= glyph :pencil %>
               <%= t 'global.edit' %>
diff --git a/app/views/organizations/show.html.erb b/app/views/organizations/show.html.erb
index 85b0e64ee..4c54c5d1a 100644
--- a/app/views/organizations/show.html.erb
+++ b/app/views/organizations/show.html.erb
@@ -109,16 +109,18 @@
           <% end %>
         </li>
       <% end %>
-      <li>
-        <%= link_to give_time_organization_path(@organization) do %>
-          <%= glyph :time %>
-          <%= t "global.give_time" %>
-        <% end %>
-      </li>
+      <% if current_user && current_user.member(@organization) %>
+        <li>
+          <%= link_to give_time_organization_path(@organization) do %>
+            <%= glyph :time %>
+            <%= t "global.give_time" %>
+          <% end %>
+        </li>
+      <% end %>
     </ul>
   </div>
 </div>
 
-<% if current_user %>
+<% if current_user && current_user.member(@organization) %>
   <%= render "shared/movements" %>
 <% end %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index d4169a9c7..fe1ea40e7 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -2,7 +2,7 @@
   <div class="panel-body">
     <h1>
       <small>
-        <% unless  @member.active %>
+        <% unless @member.active %>
           <%= t ".inactive" %>
         <% end %>
       </small>

From 980cd1f1d92e68b7d69590a7ac41cde5c78f31c6 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Thu, 15 Jun 2017 23:51:32 +0200
Subject: [PATCH 09/11] Remove link to edit organization

---
 app/views/application/menus/_user_admin_menu.html.erb | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/app/views/application/menus/_user_admin_menu.html.erb b/app/views/application/menus/_user_admin_menu.html.erb
index 39e27ab96..aff7e5947 100644
--- a/app/views/application/menus/_user_admin_menu.html.erb
+++ b/app/views/application/menus/_user_admin_menu.html.erb
@@ -30,13 +30,5 @@
         <%= t "layouts.application.edit_profile" %>
       <% end %>
     </li>
-    <% current_user.members.where(manager: true).each do |m| %>
-      <li role="presentation">
-        <%= link_to m.organization do %>
-          <%= glyph :pencil %>
-          <%= t "layouts.application.edit_org", organization: m.organization %>
-        <% end %>
-      </li>
-    <% end %>
   </ul>
 </li>

From a56dab6a860c08b75baeb2685f06aff1dc77281d Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Fri, 4 Aug 2017 19:15:02 +0200
Subject: [PATCH 10/11] Fix members routes

---
 app/helpers/users_helper.rb | 11 ++++++++---
 config/routes.rb            |  4 +---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 42171bf75..9a03e7fc6 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -16,7 +16,7 @@ def users_as_json
         balance: membership.account_balance.to_i,
 
         url: organization_user_path(organization_id: membership.organization_id, id: user.id),
-        edit_link: edit_user_path(user),
+        edit_link: edit_link(membership),
         cancel_link: cancel_member_path(membership),
         toggle_manager_link: toggle_manager_member_path(membership),
         manager: !!membership.manager,
@@ -29,8 +29,13 @@ def users_as_json
 
   private
 
-  def edit_user_path(user)
-    can_edit_user?(user) ? super : ""
+  def edit_link(membership)
+    return '' unless can_edit_user?(membership.user)
+
+    edit_organization_user_path(
+      organization_id: membership.organization_id,
+      id: membership.user_id
+    )
   end
 
   def can_edit_user?(user)
diff --git a/config/routes.rb b/config/routes.rb
index 13a79de42..4f64f8c75 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,8 +11,6 @@
 
   get "global/switch_lang", as: :switch_lang
 
-  resources :users, only: [:show, :edit]
-
   concern :accountable do
     get :give_time, on: :member
   end
@@ -21,7 +19,7 @@
     # TODO: 'members' path is misleading, there is already a resource called 'members'
     resources :users,
       concerns: :accountable,
-      except: [:show, :edit, :destroy],
+      except: [:destroy],
       path: 'members'
     resources :inquiries
     resources :offers

From 389fafc75025590f60ebea464a88b121bec5ad68 Mon Sep 17 00:00:00 2001
From: Enrico Stano <ocirne.onats@gmail.com>
Date: Wed, 16 Aug 2017 12:48:47 +0200
Subject: [PATCH 11/11] Add HomeController specs

---
 spec/controllers/home_controller_spec.rb | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 spec/controllers/home_controller_spec.rb

diff --git a/spec/controllers/home_controller_spec.rb b/spec/controllers/home_controller_spec.rb
new file mode 100644
index 000000000..74de6d141
--- /dev/null
+++ b/spec/controllers/home_controller_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe HomeController, type: :controller do
+  let(:user) { Fabricate(:user) }
+
+  before { login(user) }
+
+  describe '#index' do
+    before { get :index }
+
+    context 'When the user is not a member of any organization' do
+      it 'redirects to the first organization\'s path' do
+        expect(response).to redirect_to '/'
+      end
+    end
+
+    context 'When the user is a member of two organizations' do
+      let!(:member1) { Fabricate(:member, user: user) }
+      let!(:member2) { Fabricate(:member, user: user) }
+
+      it 'redirects to the first organization\'s path' do
+        expect(response).to redirect_to organization_path(member1.organization_id)
+      end
+    end
+  end
+end